UGUard LTD Privacy policy
(Version 1.0 – 1 September 2025)
Login Disclaimer
Privacy Notice
By continuing to use the UGuard Portal and app you acknowledge that your personal data will be processed in accordance with UGuard Ltd’s Privacy Policy and that your organisation remains solely responsible for reviewing, customising and approving any Compliance Content (policies, HACCPs, risk assessments, etc.) downloaded from the Portal for your business.
1. Who we are
UGuard Ltd (“UGuard”, “we”, “our”, “us”) is a company registered in England & Wales (No. 15123451).
Registered office: Tagus House, 9 Ocean Way, Southampton SO14 3TJ, UK
Email: [email protected]
2. Scope of this policy
This notice explains how we collect, use, store and share personal data when you:
* visit uguardltd.com or any sub-domain;
* register for or use the UGuard Portal or mobile app;
* contact us by email, phone or social media.
It does not cover third-party sites you may access via links from our services.
3. What data we collect
**Account data** – Name, business email, job title, password hash, user role (collected via portal sign-up).
**Business compliance data** – Food-temperature logs, HACCP documents, accident reports, training records (uploaded by your organisation).
**Usage & device data** – IP address, browser type, OS, activity logs, error reports (collected via cookies, log files).
**Marketing data** – Preferences, feedback, survey responses (collected via website forms, email).
4. How we use your data & legal bases
Provide, secure and maintain the Portal – Performance of contract.
Authenticate log-ins & administer accounts – Performance of contract.
Generate compliance reports – Legitimate interests (service delivery).
Respond to support tickets – Performance of contract.
Improve and debug the platform – Legitimate interests (quality & security).
Send service or legal notices – Legal obligation.
Optional marketing emails – Consent (you can withdraw any time).
Special-category data (e.g., accident-report injuries) is processed only as a processor on your organisation’s instructions (Art. 9 (2)(b)).
5. Who we share data with
UK cloud hosting provider (ISO 27001) – Run production servers – UK.
Off-site backup provider – Disaster recovery – EEA (adequacy decision).
Email & ticketing SaaS – Support communications – UK.
Law-enforcement or regulators – Only if required by law – UK.
All sub-processors are under written contract and subject to security audits. We never sell or rent your personal data.
6. International transfers
We store data in the UK. If we must transfer it outside the UK/EEA, we will use an approved safeguard (Standard Contractual Clauses plus UK Addendum) and notify affected clients.
7. Retention periods
Portal account data – While account is active + 3 months.
Compliance records – As instructed by the client; deleted 3 months after contract end unless law requires longer.
Support tickets & logs – 12 months.
Financial records – 6 years (HMRC rules).
Marketing opt-in data – Until you withdraw consent.
8. Security measures
We employ AES-256 encryption at rest, TLS 1.3 in transit, multi-factor admin access, quarterly penetration tests, daily encrypted backups and an ISO 27001-aligned ISMS.
9. Your rights
Access your personal data (Art. 15).
Rectify inaccurate data (Art. 16).
Erase data (“right to be forgotten”) where applicable (Art. 17).
Restrict or object to processing (Arts. 18-21).
Data portability (Art. 20).
Withdraw consent at any time (for marketing).
To exercise any right, email [email protected]. We will respond within one month.
You also have the right to complain to the Information Commissioner’s Office (ICO): ico.org.uk / 0303 123 1113.
10. Cookies
Essential (session) – Login security, load-balancing – No consent needed.
Analytics (first-party) – Aggregate usage statistics – Consent required.
Marketing – None by default – Consent required (if enabled).
You can manage cookies through our cookie-banner or your browser settings.
11. Automated decision-making
We do not use your data for automated decision-making that produces legal or similarly significant effects.
12. Changes to this Policy
We may update this notice from time to time. Significant changes will be highlighted on the Portal dashboard or by email. “Last updated” date appears at the
Login Disclaimer
Privacy Notice
By continuing to use the UGuard Portal and app you acknowledge that your personal data will be processed in accordance with UGuard Ltd’s Privacy Policy and that your organisation remains solely responsible for reviewing, customising and approving any Compliance Content (policies, HACCPs, risk assessments, etc.) downloaded from the Portal for your business.
1. Who we are
UGuard Ltd (“UGuard”, “we”, “our”, “us”) is a company registered in England & Wales (No. 15123451).
Registered office: Tagus House, 9 Ocean Way, Southampton SO14 3TJ, UK
Email: [email protected]
2. Scope of this policy
This notice explains how we collect, use, store and share personal data when you:
* visit uguardltd.com or any sub-domain;
* register for or use the UGuard Portal or mobile app;
* contact us by email, phone or social media.
It does not cover third-party sites you may access via links from our services.
3. What data we collect
**Account data** – Name, business email, job title, password hash, user role (collected via portal sign-up).
**Business compliance data** – Food-temperature logs, HACCP documents, accident reports, training records (uploaded by your organisation).
**Usage & device data** – IP address, browser type, OS, activity logs, error reports (collected via cookies, log files).
**Marketing data** – Preferences, feedback, survey responses (collected via website forms, email).
4. How we use your data & legal bases
Provide, secure and maintain the Portal – Performance of contract.
Authenticate log-ins & administer accounts – Performance of contract.
Generate compliance reports – Legitimate interests (service delivery).
Respond to support tickets – Performance of contract.
Improve and debug the platform – Legitimate interests (quality & security).
Send service or legal notices – Legal obligation.
Optional marketing emails – Consent (you can withdraw any time).
Special-category data (e.g., accident-report injuries) is processed only as a processor on your organisation’s instructions (Art. 9 (2)(b)).
5. Who we share data with
UK cloud hosting provider (ISO 27001) – Run production servers – UK.
Off-site backup provider – Disaster recovery – EEA (adequacy decision).
Email & ticketing SaaS – Support communications – UK.
Law-enforcement or regulators – Only if required by law – UK.
All sub-processors are under written contract and subject to security audits. We never sell or rent your personal data.
6. International transfers
We store data in the UK. If we must transfer it outside the UK/EEA, we will use an approved safeguard (Standard Contractual Clauses plus UK Addendum) and notify affected clients.
7. Retention periods
Portal account data – While account is active + 3 months.
Compliance records – As instructed by the client; deleted 3 months after contract end unless law requires longer.
Support tickets & logs – 12 months.
Financial records – 6 years (HMRC rules).
Marketing opt-in data – Until you withdraw consent.
8. Security measures
We employ AES-256 encryption at rest, TLS 1.3 in transit, multi-factor admin access, quarterly penetration tests, daily encrypted backups and an ISO 27001-aligned ISMS.
9. Your rights
Access your personal data (Art. 15).
Rectify inaccurate data (Art. 16).
Erase data (“right to be forgotten”) where applicable (Art. 17).
Restrict or object to processing (Arts. 18-21).
Data portability (Art. 20).
Withdraw consent at any time (for marketing).
To exercise any right, email [email protected]. We will respond within one month.
You also have the right to complain to the Information Commissioner’s Office (ICO): ico.org.uk / 0303 123 1113.
10. Cookies
Essential (session) – Login security, load-balancing – No consent needed.
Analytics (first-party) – Aggregate usage statistics – Consent required.
Marketing – None by default – Consent required (if enabled).
You can manage cookies through our cookie-banner or your browser settings.
11. Automated decision-making
We do not use your data for automated decision-making that produces legal or similarly significant effects.
12. Changes to this Policy
We may update this notice from time to time. Significant changes will be highlighted on the Portal dashboard or by email. “Last updated” date appears at the
