Privacy Policy

1. Data Controller

Modified Central Limited is the data controller responsible for your personal data. Our contact details are:

2. Information We Collect

2.1 Information You Provide to Us

Account Registration Information:

• Full name
• Email address
• Password (encrypted)
• Company name and details
• Phone number (optional)
• Company logo (optional)

Company Business Information:

• Company contact details (email, phone, address)
• Company location and postal code
• Bank account information (account name, sort code, account number, bank name) for invoicing purposes
• VAT registration details and preferences
• Company branding and customization preferences

Client and Customer Data You Input:

• Client names, email addresses, phone numbers
• Client addresses and postcodes
• Vehicle information (make, model, year, registration, VIN, color, mileage)
• Job and service details
• Invoice and payment information
• Notes and comments about clients and jobs

Employee/Worker Information:

• Worker names, email addresses, phone numbers
• Hourly rates and compensation information
• Role and availability details
• Job assignments and schedules

Financial and Transaction Information:

• Payment method information (processed securely through Stripe)
• Billing and subscription information
• Invoice details and payment status
• Transaction history and financial records

Files and Uploads:

• Company logos and branding materials
• Job attachments and related documents
• Invoice PDFs

2.2 Information Automatically Collected

Usage and Technical Data:

• Log data (IP address, browser type, operating system, pages visited)
• Device information (device type, unique device identifiers)
• Service usage patterns and feature interactions
• Timestamps of account activity and actions performed
• Error reports and diagnostic information

Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. See Section 9 for more details.

2.3 Information from Third Parties

We may receive information about you from third-party services when you connect them to your account:

• Stripe: Payment processing information, transaction details, and subscription status
• Xero: Accounting data, invoice synchronization, contact information
• QuickBooks: Accounting data, invoice synchronization, payment information

3. How We Use Your Information

We process your personal data for the following purposes:

3.1 To Provide and Maintain the Service

• Create and manage your account
• Process and manage your subscription
• Enable core functionality (job management, invoicing, scheduling, etc.)
• Store and organize your business data
• Process payments and financial transactions
• Send transactional emails (invoices, notifications, receipts)
• Provide customer support and respond to inquiries

3.2 To Improve and Optimize the Service

• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues
• Develop new features and functionality
• Conduct research and testing to improve user experience
• Maintain security and prevent fraud or abuse

3.3 To Communicate with You

• Send service-related announcements and updates
• Respond to your comments, questions, and support requests
• Notify you of changes to our Service or policies
• Send marketing communications (with your consent, where required)

3.4 To Comply with Legal Obligations

• Comply with applicable laws, regulations, and legal processes
• Enforce our Terms of Service and protect our legal rights
• Prevent, investigate, and address fraud, security issues, and illegal activities
• Maintain audit logs and records as required by law

4. Legal Basis for Processing (UK GDPR)

Under the UK GDPR, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (i.e., to provide the Service)
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security
• Consent: You have given explicit consent for specific processing activities (e.g., marketing communications)
• Legal Obligation: Processing is necessary to comply with legal obligations (e.g., tax, accounting, or regulatory requirements)

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers and Business Partners

We share information with trusted third-party service providers who assist us in operating the Service:

5.2 Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy, your personal data may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court, government agency, or law enforcement).

5.4 Protection of Rights

We may disclose information when we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service, or as evidence in litigation.

5.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction.

Our Security Measures Include:

• Encryption: Data is encrypted in transit using SSL/TLS protocols and at rest in our databases
• Access Controls: Row-Level Security (RLS) ensures users can only access data belonging to their company
• Authentication: Secure password-based authentication with minimum password requirements (8+ characters)
• Regular Backups: Automated backups to prevent data loss
• Infrastructure Security: Our service providers (Supabase, Stripe) maintain industry-standard security certifications
• Monitoring: Continuous monitoring for suspicious activity and security threats
• Limited Access: Internal access to personal data is restricted to authorized personnel only

Important Note: While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

• Active Accounts: Data is retained for the duration of your active subscription
• Cancelled Accounts: After cancellation, your data may be retained for a reasonable period to allow for reactivation or as required by law
• Financial Records: Invoice and payment data is retained for at least 7 years to comply with UK tax and accounting regulations
• Audit Logs: Security and audit logs are retained for operational and security purposes
• Backup Systems: Data in backup systems may persist for a period after deletion from active systems

Upon request and subject to legal obligations, we will delete or anonymize your personal data when it is no longer necessary for the purposes for which it was collected.

8. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR), you have the following rights regarding your personal data:

How to Exercise Your Rights: To exercise any of these rights, please contact us at sales@modcentraluk.com. We will respond to your request within one month, as required by law. We may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are small data files stored on your device.

Types of Cookies We Use:

• Essential Cookies: Required for authentication and basic functionality of the Service
• Performance Cookies: Help us understand how users interact with the Service
• Functional Cookies: Remember your preferences and settings

Managing Cookies: You can control and/or delete cookies as you wish. You can delete all cookies that are already on your device and set most browsers to prevent them from being placed. However, if you do this, you may have to manually adjust some preferences every time you visit our site, and some features and services may not function properly.

10. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom. These countries may have data protection laws that differ from UK law.

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK authorities
• Transfers to countries with adequacy decisions
• Service providers with appropriate certifications and security measures

Our service providers (Stripe, Supabase, Resend) have implemented appropriate safeguards for international data transfers in compliance with data protection laws.

11. Children's Privacy

Our Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will take steps to delete such information.

12. Your Responsibilities as a Data Controller

When you use our Service to manage your business, you act as a data controller for your clients' and employees' personal data. You are responsible for:

• Obtaining appropriate consents from your clients and employees before collecting their data
• Providing privacy notices to your data subjects
• Ensuring your use of the Service complies with applicable data protection laws
• Responding to data subject requests (access, deletion, etc.) from your clients and employees
• Maintaining accurate and up-to-date data
• Implementing appropriate security measures for accessing the Service

We act as a data processor when handling your clients' and employees' data. We process this data only on your instructions and in accordance with our agreement with you.

13. Third-Party Links

Our Service may contain links to third-party websites or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Effective Date" at the top of this Privacy Policy
• Sending you an email notification (for significant changes)

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after we post changes constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority: If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):