JobToolbox Privacy Policy
Last Updated: 18th October 2025
Introduction
At JobToolbox, we are committed to protecting your privacy. This Privacy Policy outlines how we collect, use, and safeguard your information when you use our services.
1. Who We Are
This Privacy Policy explains how JobToolbox (“we”, “us”, or “our”) collects, uses, and protects personal data when you use our websites, mobile applications, and related services (together, the “Services”).
- Data Controller
- David Scammell, trading as JobToolbox
- Registered in
- United Kingdom
- Address
- 44 Common Road, Wombourne, WV5 0EZ
- [email protected]
2. Scope of this Policy
This policy applies to:
- Users of the our websites and mobile apps ("users", "you", "your")
- Any personal data we process through these platforms
It covers both:
- Data we control directly (e.g. your account and billing details), and
- Data we process on your behalf (e.g. your client's information entered by you onto our platforms
3. Data We Collect
We may collect the following categories of data:
| Category | Examples | Purpose |
|---|---|---|
| Identity Data | Name, username, profile photo, business information (e.g. Business name and address, business logo) | To register and identify you |
| Contact Data | Email, phone number, addresses | To communicate with you |
| Financial Data | Bank or card details, billing address | To process payments securely |
| Technical and Usage data | IP address, browser type, device ID, OS version, third-party data*, authentication data | To ensure performance, access and security of your usage |
| Usage Data | App and website activity, feature usage and interaction | To improve functionality |
| Marketing Preferences | Opt-in status for communications | To send updates and offers (with consent) |
| Location Data (if applicable) | GPS or approximate location | To provide location-based features |
| Customer Data (entered by you) | Names, address and contact information of your clients | To store client data on your behalf |
We do not intentionally collect sensitive (“special category”) data unless necessary for the app's operation and only with your explicit consent, e.g. health, age, religion, race, biometric or sexual preference.
* An example of third-party data may be your Google Account data if you sync with your Google Calendar or choose to log in using your Google Account. This example is not all-inclusive, and the same principle may apply to other similar third-parties such as logging in with your Apple ID.
Please refer to section 4 for more information.
4. Sign In with Google or Apple
If you choose to sign up or log in using a third-party service such as Google or Apple, we will receive certain information from that provider to create or manage your account.
The information we receive may include:
- Your name
- Your email address (this may be a private relay email address provided by apple
- A unique user identifier
We use this information to:
- Authenticate your identity
- Create and manage your user account
- Provide you access to our services
- Communicate with you about your account where necessary
We do not receive or store your Google or Apple account password
We do not share your information with Google, Apple or any other third-party, except as required to provide our service or comply with legal obligations
Your use of Google or Apple sign-in is also subject to their respective privacy policies:
5. How We Collect Data
- Directly from you: when you register, subscribe, fill our forms, or communicate with us.
- Automatically: through cookies, analytics, third-party integrations, and app-usage tracking.
- From third-parties: such as app stores, payment processors, or analytics tools
6. How We Use Data and Legal Bases
We use personal data only when we have a lawful basis under the UK GDPR and EU GDPR:
| Purpose | Example | Legal Basis |
|---|---|---|
| To provide and maintain user accounts | Registering and authenticating users | Contract/ Terms and Conditions |
| To deliver app functionality | Send e-mails, push notifications, and in-app messages | Contract/ Terms and Conditions |
| To process payments securely | Processing subscriptions or one-off payments | Contract/ Terms and Conditions/ Legal obligation |
| Monitor User activity | Google Analytics | Consent |
| Improve and secure services | Bug fixing, security, app improvements | Legitimate interest |
| To send marking communications | Product updates, newsletters | Legitimate interests and Consent |
| To comply with legal obligations | Accounting, tax, and fraud prevention | Legal obligation |
There may be other purposes for which we will need to process your data, but this will always have a lawful basis. We never sell personal data
6A. Processing of Client Data (as a Data Processor)
Our apps enable users to store and manage their clients' personal information. In this situation:
- You (the user) act as the data controller for your clients' personal data.
- We (the provider) act as your Data Processor, processing that data
only on your instructions to:
- Host and store data in our systems (see section 10A)
- Back up and maintain system performance (see section 9)
- Provide support or technical assistance
Each user of the app acts as an independent data controller in relation to the personal data of their own clients. We act solely as a data processor and do not determine the purposes or means of processing that data.
All processing is performed securely and in compliance with the UK GDPR and EU GDPR requirements
We do not use your clients' data for analytics, marketing, or any other independent purpose
6B. Payment Information
- Payments are handled securely by our third-party payment processor GoCardless
- Your full card details are not stored on our servers.
- We retain transaction details (payment ID, date, amount) for subscription management, accounting, legal, and fraud-prevention purposes.
We do not process or store any card or bank details ourselves. All payments are securely handled by GoCardless, our PCI-DSS compliant payment processor.
7. Sharing Data and Sub-Processors
We may share personal data with trusted sub-processors that help us operate our systems and services (e.g. hosting and backup providers).
These partners are bound by strict contractual terms to keep personal data confidential and secure, and to process it only according to our documented instructions.
Sub-processors may include, but are not limited to:
| Category | Example Provider | Purpose | Location |
|---|---|---|---|
| Hosting & Infrastructure | Microsoft Azure | Infrastructure and data storage | UK |
| Analytics Provider | Google Analytics | Usage analytics | UK/ EU/ EEA or USA with SCCs |
| Payment Processor | GoCardless | Payment processing | UK |
| Email and SMS Delivery | SendGrid, Twilio, Microsoft Exchange | Transactional and notification emails | UK/ EU/ EEA or USA with SCCs |
| Regulatory Authorities | ICO | Regulatory responsibilities | UK |
| Professional Advisors | Legal or Financial | Business operations | UK |
| Law Enforcement/ Government | Police, HMRC | Legal Requirements | UK |
We may update this list as our technology evolves and as the business grows. The current list of sub-processors will always be available upon request
8. International Transfers
If we transfer data outside of the UK, EU or EEA, we use approved mechanisms such as:
- Adequacy decisions, or
- Standard Contractual Clauses (SCCs) approved by the UK and EU authorities.
9. Data Retention
We retain personal data only for as long as necessary to:
- Provide our services
- Meet legal or tax obligations
- Resolve disputes or enforce agreements
After this period, data will be securely deleted or anonymised
10. Your Rights (UK and EU GDPR)
You have the right to:
- Access a copy of your personal data
- Correct inaccurate information
- Request deletion ("right to be forgotten")
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
Some of these actions will be available to you in our applications, however, should you need to, you can contact us to exercise any of these rights. You also have the right to complain to the Information Commissioner’s Office (ICO).
10A. If you Manage Client Data
If you use our applications to store your own clients' information:
- You are responsible for ensuring your processing of that data complies with data protection law
- You must handle any data-subject request from your clients
- If we receive such a request, we will forward it to you
11. Data Storage and Security
We apply appropriate technical and organisational measures to protect data, including encryption (both at rest and in transit), access controls, and secure storage.
We take regular back-ups of our systems and store them on UK-based servers following best practices for backup storage (e.g. the 3-2-1 rule). This is to ensure data resilience and business continuity. However, users should take care to protect their login credentials.
12. Children's Privacy
Our Services are not directed to children under 13. If we become aware that we have inadvertently collected data from a child, we will delete it immediately or as appropriate.
13. Links to Third-Party sites
Our website or app may contain links to external sites. We are not responsible for their content or privacy practices.
14. Data breach procedure
In the event of a data breach we will promptly notify affected parties and the Information Commissioner's Office (ICO) in accordance with UK GDPR requirements
15. Changes to this Policy
We may update this policy periodically. The latest version will always be available on our website with a new “Last updated” date.