Privacy Policy
Last updated: 7 June 2026
1. Who we are
Gafferly is a field service management application for UK trades. Gafferly is a product and trading name of SEO Engico Ltd(“Gafferly”, “we”, “us”, “our”). Our registered details are: SEO Engico Ltd, a company registered in England and Wales under company number 16387749, registered office 29 Swan Road, Southall, England, UB1 3JT.
We are the “data controller” responsible for the personal data described in this policy, except where we act as a “data processor” on behalf of our business customers (see section 3). For any privacy question, or to exercise your rights, contact us at privacy@gafferly.com.
We are registered with the UK Information Commissioner’s Office (ICO) as a data controller under registration reference ZB967946.
2. What this policy covers
This policy applies to our website at gafferly.com, the Gafferly web application at dashboard.gafferly.com, and any related services (together, the “Service”). It explains what personal data we handle, why, who we share it with, how long we keep it, and your rights. It applies to website visitors, people who enquire or sign up, and authorised users of a Gafferly account.
3. Our two roles: controller and processor
Gafferly handles personal data in two distinct capacities, and it matters which applies:
- As a controller. For our website visitors, people who contact or enquire with us, and the account/billing details of the businesses and users who subscribe to Gafferly, we decide how and why that data is used. This policy governs that.
- As a processor. When a business (for example a trade firm) uses Gafferly to manage theircustomers, jobs, quotes and invoices, that firm is the controller of their customers’ personal data and we process it only on their instructions to provide the Service. If you are a customer of one of our subscriber firms, that firm’s own privacy notice governs your data, please contact them directly. Our handling of that data is also governed by our data processing terms with the firm (available on request).
4. The personal data we collect
Account and identity data
When you sign up or are invited to a Gafferly account: name, work email, phone number, business name, job role, and a securely hashed password.
Billing data
Subscription plan, seat count, billing status and history. Card payments for your Gafferly subscription are processed by Stripe; we do not see or store full card numbers, Stripe handles that as a payment processor.
Customer and job data (processed on behalf of our subscriber firms)
Data a firm enters about their own customers and jobs: names, addresses, contact details, job notes, photos, signatures, quotes, invoices and related records. We hold this as a processor (see section 3).
Usage and technical data
IP address, device and browser information, pages viewed, actions taken, timestamps, and diagnostic logs, collected to run, secure and improve the Service.
Cookies and similar technologies
See our Cookie Policy. Non-essential cookies (analytics and advertising) are only set with your consent.
Marketing and enquiry data
If you contact us, book a demo, or interact with our ads or forms: the details you provide and how you engaged with our marketing.
5. Why we use your data, and our lawful bases
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Create and run your account, provide the Service | Performance of a contract |
| Take subscription payments and manage billing | Performance of a contract |
| Security, fraud prevention, troubleshooting, and improving the Service | Legitimate interests (keeping the Service safe and working well) |
| Service and account emails (e.g. receipts, security, important changes) | Performance of a contract / legitimate interests |
| Marketing emails and online advertising (Meta, Google and similar) | Consent, or legitimate interests for limited business-to-business marketing where permitted; you can opt out at any time |
| Analytics and advertising cookies | Consent (via our cookie banner) |
| Meeting legal, tax and regulatory obligations | Legal obligation |
6. Who we share data with
We do not sell your personal data. We share it only with trusted service providers (sub-processors) who help us run the Service, and only as needed. Each is bound by contract to protect it. Our key providers are:
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Subscription and card payment processing | USA / UK |
| Twilio | Sending SMS notifications | USA |
| Resend | Sending transactional and notification emails | USA |
| Turso | Database hosting | USA / EU regions |
| Render | Application hosting | USA / EU regions |
| Cloudflare (R2) | File storage and content delivery (e.g. job photos) | Global edge network |
| Google (Analytics, Google Ads) | Website analytics and advertising, with consent | USA |
| Meta | Advertising and conversion measurement, with consent | USA |
| Xero | Accounting sync, only if a firm chooses to connect it | New Zealand / USA |
We may also share data with our professional advisors, or with authorities or other parties where we are legally required to, or to protect our rights, users or the public.
7. International transfers
Some of our providers are based outside the UK, including in the USA. Where personal data is transferred outside the UK, we rely on appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or a country the UK government has deemed adequate. You can ask us for details of the safeguards in place.
8. How long we keep data
We keep account and billing data for as long as you have an account, and for a reasonable period afterwards to meet legal, tax and accounting obligations (generally up to 7 years for financial records). Customer and job data processed on behalf of a firm is retained per our agreement with that firm and deleted or returned on request after the account ends. Marketing data is kept until you opt out or it is no longer needed. Diagnostic logs are kept for a short period.
9. How we protect your data
We use appropriate technical and organisational measures: encryption in transit (HTTPS), hashed passwords, access controls and tenant isolation so one firm cannot see another’s data, and reputable infrastructure providers. No system is perfectly secure, but we work to protect your data and will notify you and the ICO of a serious breach where the law requires.
10. Your rights
Under UK data protection law you have the right to:
- access a copy of your personal data;
- have inaccurate data corrected;
- have your data erased in certain circumstances;
- restrict or object to certain processing, including direct marketing;
- data portability; and
- withdraw consent at any time where we rely on it.
To exercise any of these, email privacy@gafferly.com. We will respond within one month. If your data is held by Gafferly on behalf of a subscriber firm (you are their customer), please contact that firm, and we will help them respond.
11. Marketing and your choices
You can opt out of marketing emails at any time using the unsubscribe link or by emailing us. You can change cookie and advertising choices using our cookie banner (see the Cookie Policy). Opting out of marketing does not stop essential service messages such as receipts or security notices.
12. Automated decision-making
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing.
13. Children
Gafferly is a business tool not intended for children. We do not knowingly collect data from anyone under 18.
14. Changes to this policy
We may update this policy from time to time. We will post the new version here and update the date above. Significant changes will be communicated to account holders.
15. Complaints
We hope to resolve any concern directly, so please contact us first. You also have the right to complain to the ICO, the UK supervisory authority: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, tel 0303 123 1113, ico.org.uk.
16. Contact us
Gafferly (SEO Engico), privacy@gafferly.com. Postal address: 29 Swan Road, Southall, England, UB1 3JT.