Privacy Policy

Blinkz Technologies Ltd ("we", "us", "our") operates the BlinkzOS platform at www.blinkzos.com. We are committed to protecting your personal data in accordance with the UK GDPR and the Data Protection Act 2018.

Registered address: 86 Lionel Street, Birmingham, B3 1EE, England

Data protection enquiries: privacy@blinkzos.com

We collect the following categories of personal data:

• Account data — name, email address, password (hashed), business name
• Billing data — subscription plan, payment history (processed securely by Stripe — we never store card numbers)
• Usage data — pages visited, features used, time on platform, clicks and interactions
• Team data — names and email addresses of team members you invite
• Operational data — processes, departments, activities and notes you create in the platform
• Clock session data — clock-in/out times, shift summaries and handover notes
• Device and technical data — IP address, browser type, operating system, device identifiers
• Communications — emails you send us and support requests

We process your data on the following legal bases:

• Contract performance — to provide you with the BlinkzOS service and manage your account
• Legitimate interests — to improve our platform, detect fraud, and ensure security
• Legal obligation — to comply with tax, accounting and regulatory requirements
• Consent — for marketing emails (which you can withdraw at any time)

• To create and manage your BlinkzOS account
• To process subscription payments via Stripe
• To send transactional emails (welcome, billing, invitations)
• To send operational digest emails to you and your team
• To provide customer support
• To improve the platform based on usage patterns
• To detect, prevent and address technical issues or fraud
• To comply with legal obligations

We do not sell your data. We share data only with trusted service providers who process it on our behalf:

• Supabase — database hosting and authentication (EU/US data centres)
• Stripe — payment processing (PCI DSS compliant)
• Resend — transactional email delivery
• Vercel — platform hosting and CDN
• Google Analytics — anonymised usage analytics (if consent given)

All providers are bound by data processing agreements and handle data only as instructed by us.

• Active accounts — data retained for the duration of your subscription
• Deleted accounts — personal data deleted within 30 days of account closure
• Billing records — retained for 7 years as required by HMRC
• Support communications — retained for 2 years
• Anonymised analytics — retained indefinitely

You have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure — request deletion of your personal data ("right to be forgotten")
• Right to restrict processing — ask us to limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Rights related to automated decision-making — we do not make solely automated decisions affecting you

To exercise any of these rights, contact us at privacy@blinkzos.com. We will respond within 30 days.

We use the following types of cookies:

• Strictly necessary — required for login sessions and platform functionality
• Analytics — Google Analytics (only with your consent) to understand usage patterns
• Preferences — remember your language and display settings

You can manage your cookie preferences at any time using the cookie banner on our website, or by clearing cookies in your browser settings.

Some of our service providers are based outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions as applicable.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration or destruction. These include encrypted data transmission (HTTPS), hashed password storage, row-level security on our database, and access controls.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware.

BlinkzOS is a business platform intended for adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@blinkzos.com and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a prominent notice on the platform. The date at the top of this page shows when it was last updated.

For any privacy-related queries or to exercise your rights:

• Email: privacy@blinkzos.com
• Post: Blinkz Technologies Ltd, 86 Lionel Street, Birmingham, B3 1EE, England

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk | 0303 123 1113