Privacy Policy

1. Introduction

Stay in Touch ("we", "us", "our") operates the Stay in Touch CRM application. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our service in accordance with the UK General Data Protection Regulation (UK GDPR, as retained in UK law post-Brexit) and the Data Protection Act 2018.

1a. Data Controller

The data controller responsible for your personal data is:

• Company: DMS Global Consultancy Limited
• Registered Address: 1386 London Road, Leigh-on-Sea, Essex, SS9 2UJ, England
• Company Number: 13563453 (registered in England & Wales)

Our Privacy Contact can be reached regarding any questions about this policy or your data rights:

• Privacy Contact: Dominic Strauli
• Email: privacy@stayintouch.uk

2. What Data We Collect

Stay in Touch is a CRM. We process data you give us or connect to the app so the product can do its job. In summary:

• Your account: name, email, password (hashed), and company details.
• Your CRM records: the contacts, companies, deals, notes, tags and custom fields you create inside the app.
• Connected integrations: when you link a channel like WhatsApp, LinkedIn or email, we process the messages and contact information needed to show and manage your conversations in one place. You can disconnect any integration at any time.
• Usage & device data: basic information about how you use the app (pages visited, features used, browser and device) so we can keep the service reliable and improve it.

Payment Information

• Stripe handles all payment processing (see Stripe's Privacy Policy)
• We receive payment status and subscription information
• Billing email and invoice records

3. How We Use Your Data

We use collected information for the following purposes:

• Service Delivery: To provide and maintain the CRM platform, sync your contacts, and enable team collaboration features
• Authentication: To verify your identity and manage your account
• Communication: To send service updates, security alerts, and support responses
• Improvements: To analyze usage patterns and improve our features
• Legal Compliance: To comply with applicable laws and regulations
• Fraud Prevention: To detect and prevent unauthorized access or misuse

4. Data Storage & Security

Your data is stored in PostgreSQL databases on secure, encrypted servers. We offer two deployment options:

• Hosted on Our Servers: Data stored in UK-based infrastructure with automatic backups and encryption at rest
• Self-Hosted: You can deploy Stay in Touch on your own infrastructure and control all data storage

We implement industry-standard security measures including SSL/TLS encryption, database encryption, and regular security audits. However, no system is 100% secure. You are responsible for keeping your password confidential.

5. Third-Party Services

We use the following third-party services:

Unipile (LinkedIn & WhatsApp Integration)

• Enables OAuth-based LinkedIn profile importing and WhatsApp message syncing
• Your LinkedIn and WhatsApp data is processed according to Unipile's privacy policy
• You can disconnect these integrations at any time

Stripe (Payment Processing)

• Handles all credit card and subscription management
• See Stripe's Privacy Policy
• Your payment information is never stored on our servers

Email Providers (Gmail/Outlook)

• If you connect Gmail or Outlook, you grant OAuth access to read/send emails
• Email data is synced to our database but remains under your control
• You can revoke access at any time through your email provider's settings

6. Your Data Rights

Under GDPR and similar regulations, you have the following rights:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your account and associated data
• Data Portability: Download your data in a standard format
• Restrict Processing: Limit how we use your data
• Withdraw Consent: Opt out of optional data processing

To exercise any of these rights, contact us at privacy@stayintouch.uk

7. Cookies & Tracking

We use only session cookies to maintain your login state. We do not use:

• Tracking pixels or web beacons
• Third-party analytics cookies
• Marketing cookies

You can disable cookies in your browser settings, but this may affect the CRM's functionality.

8. Data Retention

We keep your data for as long as you keep your account. When you close your account, we delete your account and CRM data within 30 days. A few exceptions apply:

• Billing and invoice records are kept for 7 years to meet UK tax-law requirements.
• Security and audit logs are kept for up to 12 months.
• Encrypted disaster-recovery backups are overwritten on a rolling basis (within 35 days).

9. UK GDPR & Data Protection Act 2018 Compliance

Stay in Touch complies with the UK General Data Protection Regulation (UK GDPR, as retained in UK law following the UK's withdrawal from the EU) and the Data Protection Act 2018. Where we process data of EU/EEA residents, we also comply with the EU GDPR. We:

• Only collect data on a lawful basis (consent, contract, legitimate interest, or legal obligation, as appropriate)
• Process data lawfully, fairly, and transparently
• Limit data collection to what is necessary (data minimisation)
• Implement data protection by design and by default
• Maintain a Record of Processing Activities (ROPA)
• Notify the ICO and affected users of any qualifying personal data breach within 72 hours where required by law

Right to complain to the UK ICO: If you believe we have mishandled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the chance to address your concerns before you approach the ICO — please contact us at privacy@stayintouch.uk first.

10. Children's Privacy

Stay in Touch is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If we discover we have collected data from a child under 13, we will delete it immediately.

11. International Data Transfers

Your personal data is primarily stored and processed on servers located in the United Kingdom. Where we engage sub-processors (such as Stripe, Unipile, or email providers) that process data outside the UK, we ensure that any such restricted transfer is covered by one of the safeguards recognised under UK GDPR:

• A UK adequacy regulation (for transfers to countries the UK Government has deemed adequate, including the EEA);
• The UK International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses (SCCs) together with the UK Addendum issued by the ICO;
• Where applicable, the UK Extension to the EU–US Data Privacy Framework for transfers to certified US recipients.

You may request a copy of the relevant transfer mechanism by emailing privacy@stayintouch.uk. We carry out a transfer risk assessment (TRA) before relying on Article 46 safeguards.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or by posting a notice on the application. Your continued use of Stay in Touch after updates constitutes acceptance of the new policy.

13. Contact Us

If you have questions about this privacy policy or our privacy practices, please contact us:

• Email: privacy@stayintouch.uk
• Application: Stay in Touch CRM