Request a Demo

Privacy Policy

Privacy Policy

Last updated: 8 March 2026

1. Introduction

TacDesk Ltd (“TacDesk”, “we”, “us”, or “our”) operates tacdesk.co.uk and provides a cloud-based guard and security management platform as a Software-as-a-Service (SaaS) product. This Privacy Policy explains what personal data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

By using TacDesk, you agree to the collection and use of information in accordance with this policy.

2. What We Collect

We collect the following categories of personal data:

Account information: Your name, email address, company name, and contact details provided when registering for or administering a TacDesk account.

Billing information: Subscription and payment details. Card and payment data is processed directly by Stripe and is not stored on TacDesk servers. We retain billing records (amounts, dates, subscription tier) for accounting purposes.

Operational data: Data generated through use of the platform by your employees, including GPS clock-in and clock-out locations, patrol routes, incident and defect reports, check-call logs, and shift records. This data is owned by the customer organisation and processed on their behalf.

Device and usage data: Device type, browser, IP address, and general usage patterns collected to maintain platform security and performance. We do not use third-party analytics services.

3. How We Use Your Data

We use personal data to:

• Provide, maintain, and improve the TacDesk platform and its features.
• Process subscription payments and manage your billing account.
• Send service notifications, invoices, and account-related communications.
• Diagnose technical issues and ensure platform security.
• Comply with our legal and regulatory obligations.

We do not use your data for advertising, and we do not sell personal data to third parties.

4. Legal Basis (UK GDPR)

We process personal data on the following legal bases:

Contract performance: Processing your account and billing information is necessary to deliver the services you have subscribed to.

Legitimate interests: We process usage and device data to maintain platform security, prevent abuse, and improve the service, where these interests are not overridden by your rights.

Legal obligation: We retain financial records to comply with HMRC and other regulatory requirements.

Consent: Where we send optional communications or use non-essential cookies, we rely on your consent, which you may withdraw at any time.

5. Data Storage & Security

All data is stored on servers located within the United Kingdom. Data is encrypted at rest and in transit using industry-standard TLS encryption. Access to personal data is restricted to authorised TacDesk personnel through role-based access controls.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. In the event of a data breach that is likely to result in risk to individuals, we will notify the Information Commissioner’s Office (ICO) within 72 hours.

6. Data Retention

We retain data for as long as necessary to provide the service and meet our legal obligations:

Account data: Retained while your account is active and for 12 months after account closure, after which it is permanently deleted.

Billing records: Retained for 6 years in accordance with HMRC requirements.

GPS and operational data: Retained per your organisation’s configuration. Customers may configure their own retention policies within the platform settings.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your data where there is no lawful reason to retain it.
Portability: Receive your data in a structured, machine-readable format.
Restriction: Request that we limit how we process your data in certain circumstances.
Objection: Object to processing based on legitimate interests.

To exercise any of these rights, please contact us at privacy@tacdesk.co.uk. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

8. Third Parties

We share personal data only with trusted third-party service providers who assist in delivering our service:

Stripe: Payment processing. Stripe processes card and billing data on our behalf and is certified to PCI DSS Level 1. Stripe’s privacy policy is available at stripe.com/gb/privacy.

UK hosting provider: Our servers and infrastructure are hosted within the United Kingdom.

We do not sell, rent, or otherwise share personal data with third parties for marketing or commercial purposes.

9. Cookies

TacDesk uses cookies to operate the platform and maintain your session. For full details of the cookies we use, please read our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our business, or how we handle data. The “Last updated” date at the top of this page will reflect any changes. Continued use of TacDesk after changes are posted constitutes your acceptance of the updated policy.

For significant changes, we will notify account holders by email.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

TacDesk Ltd
Email: privacy@tacdesk.co.uk