Request a Demo

TacDesk Privacy Policy

Last updated: 4 May 2026

1. About this policy

TacDesk (“TacDesk”, “we”, “us”, “our”) provides a workforce management platform used by licensed security companies in the United Kingdom to manage their on-the-ground operations. This Privacy Policy explains how we collect, use, share and protect personal information when you use the TacDesk mobile app or any TacDesk-hosted web portal provided by your employer.

Two things to understand up front:

  • The TacDesk app is only available to employees and contractors of security companies that subscribe to TacDesk. It is not a consumer app.
  • Your employer (the security company that issued your TacDesk account) is the data controller for almost all the personal information processed about you while you use the app — your name, shift records, location while on duty, reports you submit, and so on. TacDesk processes that information on your employer’s behalf as a data processor under a written agreement with them. If you have questions about why your employer uses TacDesk, what they can see, or how long they keep your data, please contact your employer directly. TacDesk is a controller only for the limited information described in section 4.

2. Who we are

TacDesk is a trading name of Michael Bryce, operating as a sole trader in the United Kingdom.

Contact: info@tacdesk.co.uk

3. Information we collect

3.1 Account information

  • Name, work email address, phone number
  • Job role (Guard, Supervisor, Manager, Administrator)
  • Username and a hashed password (we never store passwords in plain text)
  • Optional profile photo
  • The employer (security company) you work for

3.2 Location information

The app records your device’s location in two ways:

Foreground location (while the app is open) — when you use a feature that needs your location, such as clocking in, completing a patrol checkpoint, or scanning an NFC tag at a site.

Background location — for lone-worker safety:

  • We record your location periodically while you are clocked in to a shift, even if the app is in the background, your screen is locked, or your phone is in your pocket.
  • This is required because security guards routinely work alone, often at night, on remote sites. Your dispatcher needs to be able to verify you are at your assigned post during scheduled check-calls, and locate you immediately if you miss a check-call or trigger a duress alarm.
  • Background tracking starts when you clock in and stops automatically when you clock out. You can clock out at any time.
  • While background tracking is active, the app shows a persistent notification so it is always clear to you that your location is being recorded.
  • Your location is shared with your employer’s dispatch and management team only. It is never shared with other guards, with the security firm’s clients, or with anyone outside your employer.

3.3 Operational data

Records created during your work:

  • Clock-in / clock-out timestamps and locations
  • Patrol checkpoints scanned (NFC tag IDs, QR codes, GPS waypoints)
  • Incident reports, patrol reports, check-call logs, vehicle defect reports
  • Photos, notes, and voice notes attached to those reports
  • Messages sent and received within the app

3.4 Device and technical information

  • Device model, operating system version, app version
  • A push-notification token issued by Google Firebase Cloud Messaging (Android devices) or by Apple Push Notification service (iOS devices)
  • IP address and approximate location derived from IP, for security and audit logging
  • Crash logs and basic diagnostic information

3.5 Information from third parties

If your employer integrates TacDesk with another system (e.g. payroll or scheduling software), we may receive limited information from that system — typically just enough to match you to the right TacDesk account.

4. Information for which TacDesk is the controller

For the following, TacDesk is the data controller (not your employer):

  • Information about your employer’s account with us (billing, contracts) — this is about the company, not about you personally
  • Aggregate, de-identified usage statistics that we use to improve the product
  • Support correspondence you send directly to TacDesk (e.g. emailing info@tacdesk.co.uk)

5. How we use the information

Where your employer is the controller, the purposes are:

  • Operating the service — clocking you in and out, recording shifts, tracking lone-worker safety, delivering messages, and generating the reports your employer is contractually required to provide to its own clients
  • Lone-worker safety — monitoring background location during your shift so your employer can respond to missed check-calls or duress events
  • Workforce management — producing attendance, patrol and incident records
  • Compliance — meeting your employer’s regulatory obligations (e.g. SIA licensing, BS 7858, BS 7499, HSE lone-worker guidance)

Where TacDesk is the controller (section 4), the purposes are:

  • Providing and maintaining the platform for your employer
  • Improving the product using aggregate or anonymised data
  • Security and fraud prevention
  • Complying with our own legal obligations

We do not process your data for marketing or advertising. The TacDesk app contains no advertising and no advertising trackers.

App Tracking Transparency (iOS). The TacDesk iOS app does not engage in tracking as defined by Apple’s App Tracking Transparency framework. We do not link your activity in TacDesk with data collected by other apps or websites for advertising or measurement purposes, and we do not share your data with third-party data brokers. As a result, the app does not display the App Tracking Transparency permission prompt.

6. Legal bases under UK GDPR

When TacDesk processes data on your employer’s behalf, your employer is responsible for the lawful basis. Typically your employer relies on:

  • Performance of a contract (your employment contract)
  • Legitimate interests (running their security business, meeting client SLAs, ensuring lone-worker safety)
  • Legal obligations (record-keeping, health and safety)

When TacDesk processes data as a controller, we rely on:

  • Performance of a contract (our contract with your employer)
  • Legitimate interests (running, securing and improving the platform)
  • Legal obligations

7. Sharing your information

Your information is shared with:

  • Your employer — the dispatch, supervisor, manager and administrator users at the security company that issued your TacDesk account. What each role can see is determined by your employer’s configuration.
  • Sub-processors that help us run the service:
    • Google LLC / Firebase Cloud Messaging — to deliver push notifications to Android devices
    • Apple Inc. / Apple Push Notification service (APNs) — to deliver push notifications to iOS devices
    • Apple Inc. / App Store Connect and TestFlight — for iOS app distribution and crash diagnostics
    • Our hosting provider (Amazon Web Services, London region) — to store and serve the data
    • Email service providers — to send transactional emails (password resets, account notifications)
  • Authorities, when required by law — e.g. a valid court order or police request. We require a lawful basis before disclosing.
  • In a business transfer — if TacDesk is acquired, your data may transfer to the acquiring entity, subject to the same protections set out here.

We do not sell your personal information. We do not share it with advertisers, data brokers, or profiling services.

8. International transfers

Personal data is stored on servers in the United Kingdom. Some sub-processors (e.g. Google Firebase, Apple Push Notification service) may process data outside the UK/EEA. Where this happens, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses with the UK Addendum, or another lawful transfer mechanism.

9. Data retention

  • Account data: retained while your employer’s TacDesk account is active.
  • Location history: retained for the period configured by your employer — typically 90 days for routine location pings, longer where a shift includes an incident or duress event that may be needed for legal or insurance purposes.
  • Operational records (clock-ins, patrols, incidents, reports): retained for the period your employer specifies, normally driven by their clients’ contractual requirements (often 12-24 months).
  • After your account is closed: we delete or anonymise your personal data on instruction from your employer. Your employer may be legally or contractually required to retain certain records (e.g. attendance records) for a longer period; in that case, those records are retained securely and used only for that purpose.
  • Backups: data may persist in encrypted backups for up to 30 days after deletion.

If you cannot reach your employer to action a deletion request, contact info@tacdesk.co.uk and we will work with you and your employer to resolve it.

10. Account closure and deletion

TacDesk accounts are issued and managed by your employer — the security company that subscribes to TacDesk on your behalf. You cannot self-create a TacDesk account, and accordingly account closure is handled by your employer’s administrator. To close your account, contact your employer directly. If your employer is unreachable or has ceased trading, email info@tacdesk.co.uk and we will work with you to action the closure.

This arrangement is consistent with Apple’s App Store Review Guideline 5.1.1(v), which permits employer or administrator-managed account deletion for business apps where the user did not create the account themselves.

11. Your rights

Under UK GDPR you have the right to:

  • Access the personal data held about you
  • Rectify inaccurate or incomplete data
  • Erase your data in certain circumstances (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability — receive your data in a portable format
  • Withdraw consent where processing is based on consent

Because your employer is the data controller for most of your data, please address these requests to your employer first. We will support your employer in fulfilling them. If you cannot reach your employer or they have ceased trading, contact info@tacdesk.co.uk.

You also have the right to complain to the Information Commissioner’s Office (ICO):

  • Website: ico.org.uk
  • Helpline: 0303 123 1113

12. Security

We protect your data using:

  • TLS 1.2+ encryption in transit
  • Encryption at rest for databases and backups
  • Role-based access control within the platform
  • Audit logging of administrative actions
  • Regular security updates and vulnerability scanning
  • Two-factor authentication available for management roles

No system is completely secure. If we ever suffer a breach likely to result in a high risk to your rights, we will notify your employer, and where required by law, you and the ICO, without undue delay.

13. Permissions used by the mobile app

The app requests these permissions only when needed for the features described above:

  • Location (foreground and background) — for clock-ins, patrols, and lone-worker safety
  • Camera — for incident report photos and profile photos
  • Photos / media / files — for attaching photos to reports
  • Notifications — for push alerts (shift reminders, dispatcher messages, duress broadcasts)
  • NFC — for scanning patrol checkpoint tags
  • Phone — to display caller ID for in-app dispatcher calls (where supported)
  • Microphone — for optional voice notes attached to reports

You can revoke any permission in your device settings. Revoking the location permission will prevent you from clocking in or completing GPS-based patrols.

14. iOS Live Activities and lock-screen content

When you are on shift or on patrol, the iOS app displays a status banner on your lock screen and in the iPhone Dynamic Island summarising your current state — for example, shift duration, client name, and whether a check-call is due. This information is generated and updated locally on your device using data already collected for the purposes described in section 3. It is not transmitted to additional third parties beyond those listed in section 7. You can hide lock-screen Live Activities at any time in iOS Settings → Face ID & Passcode → Live Activities, or by disabling Live Activities for TacDesk individually.

15. Children

TacDesk is a workforce platform for licensed security professionals and is not intended for, marketed to, or available to anyone under 18.

16. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the app and/or email at least 14 days before they take effect. The “Last updated” date above will always reflect the most recent version.

17. Contact us

For privacy questions or to exercise your rights, email info@tacdesk.co.uk.

You may also contact the Information Commissioner’s Office (ico.org.uk) directly without going through us first.