Privacy Policy
Last updated: 2026-04-30
Privacy Policy
This policy explains what personal data we collect when you use CalProof, why we collect it, who we share it with, how long we keep it, and the rights you have over it. We have written it in plain English and we have tried to keep legal jargon to a minimum.
1. Who we are
CalProof is a trading name of Crocker Digital Ltd, a company registered in England and Wales under Company No. 17008789, with registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. We are the data controller for the personal data described in this policy.
We are registered with the UK Information Commissioner's Office; reference will be provided on request to privacy@calproof.co.uk.
The best way to reach us about anything in this policy is privacy@calproof.co.uk.
2. Data we collect
We collect a limited set of personal data, grouped into the following categories.
2.1 Account data
When you create an account we collect your name, work email address, organisation name, and a hashed password. If you sign in with a third-party identity provider in future, we will collect only what that provider releases to us.
2.2 Calibration data
This is the working content of CalProof. It includes the instruments you record, calibration events, out-of-tolerance workflows, certificate metadata, and any UKAS templates you build. Where you upload certificate PDFs, those files are stored in our certificates bucket. Calibration data may include the names of technicians or assessors that you choose to enter; we treat those names as personal data.
2.3 Audit log
The audit log is an append-only record of significant actions taken in your account, such as creating, updating, or deleting records, signing in, and changing billing settings. Each entry contains a timestamp, the user_id of the actor, the type of action, and the affected record. We retain the audit log on a longer cycle than other data; see section 3.
2.4 Billing data
Stripe processes payments on our behalf. We never see or store your full card number. We do receive your billing email, billing country, the last four digits of your card, the card brand, your invoice history, and any VAT registration details you choose to add to your billing profile.
2.5 Operational data
We collect a small amount of operational data so the service runs properly. This includes server-side request logs, rate-limit counters keyed on a hashed identifier, error events forwarded to Sentry, anonymised page-view counts via GoatCounter, and email-delivery metadata for the messages we send you.
We do not buy personal data from third parties. We do not run advertising campaigns that build profiles of individual users.
3. Retention and deletion
Retention windows for each category are set out in full in our Retention and Deletion Policy. The headline numbers are:
| Data category | Active subscription | After cancellation | Hard delete |
|---|---|---|---|
| Account profile (email, name) | Life of account | 30 days grace (recoverable) | 31 days post-cancellation |
| Calibration data | Life of account | 30 days grace + export available | 31 days post-cancellation |
| Certificate PDFs | Life of account | 30 days grace + signed-URL export | 31 days post-cancellation |
| Audit log | Life of account, immutable | 7 years from last activity | 7 years post-final-activity |
| Billing records | Life of account | 7 years from invoice date | 7 years post-invoice |
| Email log | 90 days rolling | n/a | 90 days from send |
| Sentry events | 90 days | n/a | 90 days |
| Netlify request logs | 7 days | n/a | 7 days |
| GoatCounter events | Indefinite (anonymous) | n/a | n/a |
The audit log is treated under a UK GDPR retention exception. The disclosure below applies in full:
"To meet UK ISO 9001 / ISO 17025 record-retention obligations and to support compliance audit cycles, your organisation's audit log is retained for 7 years from the date of your last activity, even if you cancel your subscription. This is the only category of data we retain beyond the 30-day post-cancellation window. All other data (profile, calibration data, certificates) is permanently deleted at day 31. You can request earlier deletion of the audit log by contacting privacy@calproof.co.uk; we will honour the request unless a regulatory hold applies."
Billing records are retained for 7 years from invoice date. HMRC requires limited companies to keep accounting records for at least 6 years from the end of the financial year; we hold them for 7 years to support extended audit cycles.
4. Lawful basis
We rely on the following lawful bases under UK GDPR Article 6.
- Performance of a contract — for processing necessary to set up your account, deliver the service, take payment, and provide support.
- Legitimate interest — for product analytics on aggregated, anonymised behaviour; for error monitoring and abuse prevention; for security logging; and for keeping records of administrative actions in the audit log. We have weighed our interest in running a stable and improving product against the impact on users, and we believe the processing is proportionate. If you disagree, you can object using the contact details below.
- Legal obligation — for billing record retention and for responding to lawful requests from regulators or law enforcement.
- Consent — for any marketing email beyond product-essential transactional messages. We do not send marketing emails to customers as standard; if we do introduce them, we will ask for your opt-in first and you will be able to unsubscribe at any time.
5. Sub-processors
We use a small number of carefully chosen sub-processors to deliver the service. The current list, including the data each one receives and the region in which they operate, is on the Sub-processors page.
We will give active customers at least 30 days' notice before adding or changing a sub-processor that handles personal data. If you object to a new sub-processor, you can cancel your subscription before the change takes effect and we will refund any unused prepaid fees on a pro-rata basis.
6. Your rights
Under UK GDPR, you have the following rights over your personal data.
- Right of access — you can ask for a copy of the personal data we hold about you. The content of what we provide is set by UK GDPR Article 15; the response deadline (one month, extendable by two further months for complex requests) is set by Article 12(3). Most of the content is available immediately via the personal-data export at
/app/account/export/. - Right to rectification — you can correct inaccurate data from inside the app or by emailing privacy@calproof.co.uk.
- Right to erasure — you can ask us to delete your data; we will comply with the limits set out in section 3 and the audit log exception.
- Right to data portability — the export route returns a structured JSON archive that you can take elsewhere.
- Right to restrict processing — you can ask us to stop processing your data while a complaint or correction is being resolved.
- Right to object — you can object to processing based on legitimate interest.
To exercise any of these rights, email privacy@calproof.co.uk. We will respond within one calendar month, in line with UK GDPR.
If you believe we have not handled your data properly, you have the right to complain to the UK Information Commissioner's Office:
- ICO website: https://ico.org.uk
- ICO helpline: 0303 123 1113
- Postal address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would appreciate the chance to address your concerns directly first, but you are free to go straight to the ICO if you prefer.
7. International transfers
Most of our infrastructure runs in the UK and EU. Our Postgres database, certificate storage, and authentication run in Supabase's eu-west-2 (London) region. Stripe, Resend, Microsoft 365, Cloudflare Turnstile, GoatCounter, and Upstash Redis all keep your data in the EU.
Two services involve transfer outside the UK and EU:
- Sentry is hosted in the United States. The information Sentry receives is limited to stack traces, request URLs, and a logged-in user_id; no payload bodies, customer data, or certificate content is forwarded. Transfers rely on the standard contractual clauses (SCCs) approved by the UK Information Commissioner's Office.
- Netlify runs a global content-delivery network with edge locations outside the UK and EU. Static page assets and request logs (IP, user-agent, URL) may transit through edge nodes; logs are retained for 7 days. Transfers rely on SCCs.
Where additional safeguards are needed, we apply them and document them in our internal records.
8. Cookies
CalProof uses a minimal set of cookies, all of which are either strictly necessary for the service to function or used for our own functional purposes. We do not use third-party advertising cookies. Full details are on the Cookie Policy.
9. Children
CalProof is a B2B record-keeping product and is not intended for use by anyone under 18. We do not knowingly collect personal data from children. If you believe we have, please contact privacy@calproof.co.uk and we will remove it.
10. Changes
We may update this policy as the service evolves. The "lastUpdated" date at the top records the most recent change. Where a change is material, we will notify active customers by email at least 14 days before it takes effect.
11. Contact
For any privacy enquiry or to exercise the rights in section 6, email privacy@calproof.co.uk. We will respond within one calendar month and usually much sooner. If you have a complex request, we may extend the response window by a further two months under UK GDPR Article 12(3); where we do, we will tell you why and give you an indicative timeline.
When you write to us, please include enough detail for us to identify your account and the data you are asking about — your account email address is usually enough. If we cannot verify that the request comes from you (for example, if it comes from a personal email address that is not on the account), we may ask for additional verification before acting. This is a safeguard against impersonation, not an attempt to delay your request.
For other contact channels:
- Account or product support: support@calproof.co.uk
- Security reports: security@calproof.co.uk (see our Security Policy)
- Abuse reports: abuse@calproof.co.uk
- Contract or legal enquiries: legal@calproof.co.uk
The registered office of Crocker Digital Ltd is held on file at Companies House under Company No. 17008789. We are registered in England and Wales.
12. Definitions
A few terms used in this policy carry the meanings given to them in UK GDPR:
- Personal data is information about an identified or identifiable living individual.
- Processing is anything we do with personal data, from collecting and storing it to deleting it.
- Data controller is the party that decides why and how personal data is processed; that is us, Crocker Digital Ltd.
- Data processor is a party that processes personal data on the controller's behalf; the sub-processors listed in section 5 act as our processors.
- Sub-processor is a processor that we engage to help deliver the service.
If anything in this policy is unclear, please ask. We would rather rewrite an unclear paragraph than leave a customer guessing.