Saasiforce privacy policy

Who controls your data

Saasiforce is the controller for personal data collected through this website and app. You can contact us about privacy or data rights at saasiforce@gmail.com.

Before full launch, add the registered business name, postal address, company number and data protection contact details here if they apply.

Personal data we collect

Account data: your name, email address, profile image if provided by a sign-in provider, account role, sign-in provider details and authentication records needed to let you access the service.

Learning and audit data: topics selected, answers submitted, scores, matched and missing keywords, audit sessions, reports, lesson progress, badges and leaderboard-related activity.

Billing data: plan, subscription status, Stripe customer or subscription identifiers and payment status. Stripe processes full card details; we do not store full payment card numbers.

Contact and newsletter data: your email address, name, contact reason, message, unsubscribe token and communication preferences.

Technical data: essential cookies, session tokens, device or browser information, local storage entries, security events and server logs needed to operate, secure and debug the service.

How we use your data

We use account, audit and study data to provide the service, save progress, generate reports, manage access to free and paid features, send transactional emails and support your account.

We use billing data to process purchases, manage subscriptions, prevent fraud, keep accounting records and resolve payment issues.

We use contact form data to respond to your message. We use newsletter data to send product updates and study content where you have signed up, and you can unsubscribe at any time.

We use technical data to keep the service secure, diagnose errors, improve reliability and protect users from misuse.

Lawful bases

Contract: to create and run your account, provide study and audit features, manage paid plans and send service messages.

Consent: to send optional newsletters or marketing emails, and for any non-essential cookies or similar technologies if we add them.

Legitimate interests: to secure the service, prevent misuse, answer support requests, improve the product and understand how users interact with core features, provided those interests are not overridden by your rights.

Legal obligation: to keep records required for tax, accounting, fraud prevention, consumer rights and regulatory compliance.

Cookies and local storage

We use essential cookies and similar technologies for authentication, session security and requested app functionality. These are needed for the service to work.

The app may also use browser local storage to remember in-progress learning or demo state on your device. You can clear this in your browser settings, although doing so may remove local progress.

We do not currently describe any non-essential analytics or advertising cookies here. If we add them, we will explain what they do and request consent where UK PECR rules require it.

Who we share data with

We share data only where needed to run the service, including hosting and database providers, email delivery providers, authentication providers such as Google or LinkedIn if you choose them, Stripe for payments, and professional advisers where necessary.

If you click a social sharing link or use a third-party sign-in or payment service, that third party may process your data under its own privacy notice.

We do not sell your personal data.

International transfers

Some suppliers may process data outside the UK. Where that happens, we expect appropriate safeguards to be used, such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses or another lawful transfer mechanism.

How long we keep data

Account, audit, study and progress data is kept while your account is active, then deleted or anonymised when it is no longer needed unless we must keep it for legal, security or accounting reasons.

Newsletter records are kept until you unsubscribe or ask us to delete them. We may keep a limited suppression record so we do not email you again by mistake.

Contact messages are normally kept for up to 24 months after the last meaningful contact unless needed for an ongoing issue. Billing and tax records may be kept for up to six years.

Authentication verification tokens expire after a short period. Essential security logs are kept only for as long as reasonably needed for security and troubleshooting.

Your UK GDPR rights

You can ask to access, correct, delete, restrict or receive a copy of your personal data. You can object to processing based on legitimate interests and withdraw consent where consent is the lawful basis.

Some rights are limited in certain circumstances, for example where we need data to provide the service, comply with the law or establish legal claims.

To exercise your rights, email saasiforce@gmail.com. You also have the right to complain to the Information Commissioner's Office at ico.org.uk if you are unhappy with how we handle your data.

Children

Saasiforce is intended for learners and professionals aged 16 or over. Do not use the service if you are under 16.

Changes to this policy

We may update this policy as the product, suppliers or legal requirements change. The latest version will be posted on this page with a new updated date.