Privacy Policy

Your privacy and data security are fundamental to how we operate Cushty.

Last updated: December 2024

1. Introduction

Cushty ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and business data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business management software and services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, business name, and billing information
  • Business Data: Client information, job details, invoices, schedules, and other business-related content you input into Cushty
  • Communication Data: Messages, support requests, and feedback you send to us
  • Payment Information: Billing details processed securely through our payment partners

2.2 Information We Collect Automatically

  • Usage Data: How you interact with our software, features used, and time spent
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Log Data: Server logs, error reports, and performance metrics

3. How We Use Your Information

We use your information to:

  • Provide and maintain our business management software services
  • Process payments and manage your account
  • Provide customer support and respond to your enquiries
  • Improve our software and develop new features
  • Send important service updates and security notifications
  • Comply with legal obligations and protect our rights

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit and at rest using AES-256 encryption
  • Access Controls: Strict access controls and authentication requirements for our team
  • Regular Audits: Regular security audits and vulnerability assessments
  • UK Data Centres: Your data is stored in secure, GDPR-compliant UK data centres
  • Backup Systems: Daily automated backups with secure storage

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in these limited circumstances:

  • Service Providers: Trusted third-party services that help us operate (payment processors, hosting providers)
  • Legal Requirements: When required by law or to protect our rights and safety
  • Business Transfers: In the event of a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorise us to share your information

6. Your Rights Under GDPR

As a UK-based service, we comply with GDPR. You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing

7. Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: Data retained while your account is active
  • Cancelled Accounts: Data retained for 30 days after cancellation for account recovery
  • Legal Requirements: Some data may be retained longer to comply with legal obligations
  • Anonymised Data: We may retain anonymised usage data for service improvement

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and improve our services. Cookies are small text files that are stored on your device when you visit our website.

8.1 Types of Cookies We Use

Essential Cookies

These cookies are necessary for the website to function and cannot be switched off. They include:

  • Session Management: Maintain your login status and shopping cart
  • Security: Protect against fraud and ensure secure connections
  • Basic Functionality: Enable core website features
  • Cookie Consent: Remember your cookie preferences

Legal Basis: Legitimate interest - these cookies are essential for website operation.

Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously:

  • Page views and user journeys
  • Time spent on pages
  • Popular content and features
  • Error tracking and performance monitoring

Legal Basis: Consent - these cookies require your explicit consent.

Marketing Cookies

These cookies are used to track visitors across websites to display relevant and engaging advertisements:

  • Advertising personalization
  • Cross-site tracking for marketing purposes
  • Social media integration
  • Retargeting campaigns

Legal Basis: Consent - these cookies require your explicit consent.

Functional Cookies

These cookies enable enhanced functionality and personalization:

  • Remember your preferences and settings
  • Customize content based on your interests
  • Language and region preferences
  • Third-party service integrations (Google Fonts)

Legal Basis: Consent - these cookies require your explicit consent.

8.2 Cookie Management

You can control cookies through:

  • Cookie Banner: Use the cookie preferences settings on our website
  • Browser Settings: Most browsers allow you to refuse or delete cookies
  • Opt-out Links: Use industry opt-out tools for advertising cookies

8.3 Third-Party Cookies

We use the following third-party services that may set cookies:

  • Google Fonts: Loads fonts from Google's CDN (functional cookies)
  • Analytics Services: Future implementation may include Google Analytics
  • Social Media: Integration with social platforms for sharing

8.4 Cookie Retention

Cookies are retained for the following periods:

  • Session Cookies: Deleted when you close your browser
  • Persistent Cookies: Retained for up to 12 months
  • Preference Cookies: Retained until you change your preferences

🍪 Cookie Preferences

You can manage your cookie preferences at any time using the cookie settings in the footer of our website or by clicking the cookie icon in your browser.

9. Third-Party Integrations

Cushty integrates with various third-party services (accounting software, payment processors, etc.). When you use these integrations:

  • You authorise us to share relevant data with these services
  • These services have their own privacy policies
  • We only share the minimum data necessary for the integration to function
  • You can disconnect integrations at any time

10. Children's Privacy

Cushty is designed for business use and is not intended for children under 16. We do not knowingly collect personal information from children under 16.

11. International Data Transfers

Your data is primarily stored in UK data centres. If we need to transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the UK government
  • Standard contractual clauses
  • Other legally recognised transfer mechanisms

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to your registered email address
  • Providing notice within the Cushty software

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • Email: privacy@cushty.io
  • Post: Cushty Ltd, Data Protection Officer, United Kingdom

We will respond to your enquiry within 30 days as required by GDPR.