VeriSafe Works

Privacy Policy

How VeriSafe Works collects, uses, stores and protects your personal data, and the rights you have over it.

Effective date: 10 July 2026 · Last updated: 10 July 2026 · Version 1.0

1. Introduction

VeriSafe Works ("we", "us", "our") is the trading name of Verisafe Software Limited, a company registered in England and Wales, committed to protecting the privacy and personal data of all individuals who use our mobile application ("the App"), including tradespeople ("Workers") and homeowners/residents ("Customers").

This Privacy Policy explains how we collect, use, store, share and protect your personal data when you use the VeriSafe Works application, available on the Google Play Store and Apple App Store. It also explains your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU GDPR.

Data Controller

CompanyVerisafe Software Limited (trading as "VeriSafe Works")
Registered Address75 Blackdown View, Ilminster, TA19 0BD
Company Registration Number16649843
ICO Registration NumberZC028351
Emailinfo@verisafe.works

2. Who This Policy Applies To

This Policy applies to:

  • Any individual or organization using the VeriSafe Works App.
  • Any individual or organization visiting the verisafe.works website.

3. What Personal Data We Collect

3.1 Account Registration Data (Workers)

  • Full name
  • Email address
  • Mobile telephone number
  • Trade type and business name
  • Profile photograph
  • Device identifiers

3.2 In-Session Recording Data

The following data may be collected during active job sessions with explicit consent from all parties:

  • Audio recordings of conversations between Worker and Customer
  • Video recordings of job site conditions before, during and after work
  • Photographs of work areas, materials and job completion
  • Transcripts generated from audio recordings via AI transcription
  • Timestamps of all recorded interactions
  • GPS location data confirming the job address

3.3 Job and Transaction Data

  • Job descriptions and scope of work
  • Any agreed changes to job scope (additional labour/parts approvals)
  • Job completion confirmations (digital sign-off)
  • Customer-provided contact details (email for transcript delivery)

3.4 Device and Technical Data

  • Device type, operating system and version
  • App version
  • Unique device identifiers
  • IP address
  • Push notification tokens (Firebase Cloud Messaging)
  • Crash logs and diagnostic data

3.5 Communications Data

  • In-app messages or support requests
  • Email correspondence with our team

6. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the core service: recording, storing and delivering job session records
  • Dispute resolution: providing audio, video and transcript evidence if a dispute arises between a Worker and Customer. Verisafe Software Limited will not be involved in any dispute resolution beyond providing the job history to the relevant parties involved in the dispute.
  • Transcript generation: converting audio recordings to text and delivering transcripts to Customers by email
  • Account management: managing Worker accounts, subscriptions and access
  • App improvement: analysing crash reports and usage patterns to improve stability
  • Legal compliance: responding to lawful requests from courts, regulators or law enforcement
  • Fraud prevention: detecting and preventing misuse of the platform

We do not use your recordings for:

  • Marketing or advertising purposes
  • Training AI models without separate, explicit consent
  • Sale to third parties

7. Data Retention

Data TypeRetention PeriodReason
Audio/video recordings90 days from session dateDispute window coverage
Transcripts90 days from session dateDispute window coverage
Photographs90 days from session dateDispute window coverage
Account dataDuration of account + 30 days after a deletion requestDeletion processing and recovery window
Job records (metadata)2 yearsLegal claims limitation period
Crash logs30 daysTechnical improvement
Financial records7 yearsHMRC legal requirement

After the applicable retention period, data is permanently and securely deleted from all systems, including backups. Workers and Customers may request earlier deletion subject to Section 11 (Your Rights). Where you request deletion of your account, personal data is permanently deleted within 30 days of the request, except where a longer statutory retention period applies (e.g. financial records).

8. Who We Share Your Data With

We share personal data only where necessary and under strict data processing agreements:

8.1 Third-Party Service Providers (Data Processors)

ProviderPurposeData SharedLocation
Amazon Web Services (AWS)Secure cloud storage of recordingsAudio, video, photos, transcriptsUK/EU regions (London/Ireland)
OpenAIAI transcription of audio recordingsAudio recordings onlyUSA (Standard Contractual Clauses in place)
Firebase (Google)Push notifications, app analyticsDevice tokens, usage dataUSA (Standard Contractual Clauses in place)
Redis / BullMQJob queue processingJob metadata onlyUK/EU regions
PostgreSQL (hosted via Amazon Web Services)Core databaseAccount and job dataUK region (AWS London)
VercelWebsite hosting and anonymised site analyticsAnonymised page-view data (website visitors only)USA/EU (Standard Contractual Clauses in place)

All third-party processors are bound by Data Processing Agreements (DPAs) and are only permitted to process data on our documented instructions.

8.2 International Transfers

Where data is transferred outside the UK or EU (e.g. to OpenAI or Firebase in the USA), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the ICO
  • Adequacy decisions where applicable
  • Transfer Impact Assessments where required

8.3 Legal and Regulatory Disclosure

We may disclose personal data to:

  • Law enforcement or regulatory authorities where required by law
  • Courts in connection with legal proceedings
  • The Information Commissioner's Office (ICO) in the event of a data breach or regulatory inquiry

We will always notify you of such disclosures unless prohibited by law.

8.4 What We Never Do

  • We never sell your personal data to third parties
  • We never share job records with advertisers or marketing companies
  • We never use recordings to train AI models without separate explicit consent

9. Data Security

We implement technical and organisational security measures appropriate to the sensitivity of the data we hold, including:

Technical Measures

  • Encryption of all recordings in transit, using TLS 1.3
  • Encryption at rest for all stored recordings, using AES-256
  • Role-based access controls — only authorised personnel can access recordings, and only for the purposes described in this Policy (e.g. transcription, dispute resolution, technical support)
  • Multi-factor authentication for all administrative access
  • Automated security scanning via CI/CD pipeline
  • Regular penetration testing

Organisational Measures

  • All staff and contractors bound by confidentiality agreements and NDAs
  • Data minimisation — we only collect what is necessary
  • Privacy by Design principles embedded in our development process
  • Regular staff training on data protection
  • A documented Data Breach Response Plan

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR Article 33.

10. Cookies and Tracking

The VeriSafe Works mobile application does not use traditional browser cookies. However, we do use:

  • Firebase Analytics — anonymised usage data to improve the app
  • Crash reporting tools — to identify and fix technical issues
  • Device identifiers — to maintain your session and account

You can opt out of analytics tracking in your device settings (iOS: Settings > Privacy > Analytics; Android: Settings > Google > Ads).

Our website (verisafe.works) is hosted by Vercel and uses Vercel Analytics, a cookieless service that collects anonymised page-view statistics. The website does not use advertising or cross-site tracking cookies. If you choose a light or dark theme on the website, that preference is stored locally in your browser and never leaves your device.

11. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

RightWhat It Means
Right of AccessRequest a copy of all data we hold about you
Right to RectificationCorrect inaccurate or incomplete data
Right to ErasureRequest deletion of your data ("right to be forgotten")
Right to RestrictionLimit how we process your data in certain circumstances
Right to PortabilityReceive your data in a structured, machine-readable format
Right to ObjectObject to processing based on legitimate interests
Right to withdraw consentWithdraw consent at any time without affecting prior processing
Rights re automated decisionsNot to be subject to solely automated decisions with significant effects

To exercise any of these rights, contact us at: info@verisafe.works. We will respond within one calendar month. We will not charge a fee unless your request is manifestly unfounded or excessive.

Note regarding in-session recordings: where erasure of a record is requested prior to the legally defined date of necessary erasure, we will comply subject to agreement from the other party/parties attached to that record.

12. Children's Data

VeriSafe Works is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child's data has been captured through use of the App, please contact us immediately at info@verisafe.works and we will take prompt action to delete it.

13. Automated Decision Making

We use AI transcription (via OpenAI) to generate text transcripts from audio recordings. This is a purely automated process. However, no automated decision-making with legal or similarly significant effects is made about any individual based solely on this processing. Transcripts are provided as a record — not as a basis for any automated decision.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will:

  • Notify Workers via in-app notification and email
  • Update the "Last Updated" date at the top of this Policy
  • Where required, seek fresh consent

Continued use of the App after notification of changes constitutes acceptance of the updated Policy.

15. How to Complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Information Commissioner's Office
  • Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Tel: 0303 123 1113
  • Website: ico.org.uk

We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first at info@verisafe.works.

16. Contact Us

For any questions about this Privacy Policy or how we handle your data:

  • Verisafe Software Limited (trading as "VeriSafe Works")
  • Email: info@verisafe.works
  • Post: 75 Blackdown View, Ilminster, TA19 0BD
  • ICO Registration Number: ZC028351

This Privacy Policy was drafted in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the ICO's guidance on privacy notices.