Privacy Policy
Last updated: 3 June 2026
Privacy at a glance
myJobManager is designed with privacy in mind — across both the web application and the mobile app:
- Each organisation's data is stored in a completely separate database
- We don't sell your data or share it with advertisers
- Analytics, monitoring, and marketing tools only activate with your explicit consent
- We only share data with third parties where necessary for the service (HMRC, payment processors) or where you instruct us to
- The mobile app does not track you for advertising — no ad identifiers are collected or shared
1. Who we are
myJobManager Limited ("we", "us", "our") is the data controller for personal data collected through this website and application.
Contact: [email protected]
Registered office: 12 Greenfield, Caerleon, Newport, NP18 3DN
Company number: 16452230
2. Data we collect
We collect and process the following categories of personal data:
Account and identity data
- Names, email addresses, phone numbers of users
- Login credentials (passwords are hashed and stored securely in AWS Cognito)
- Multi-factor authentication settings
Business data you store in the system
- Customer and supplier contact details
- Employee information (names, NI numbers, bank details for payroll)
- Financial records (invoices, quotes, expenses, bank transactions)
- Job and project information
- Documents and files you upload
Technical data
- IP addresses (for security and HMRC compliance)
- Browser type and version (for HMRC fraud prevention headers)
- Device information (for HMRC compliance only)
- Audit logs of system actions
- Error reports and performance data (with your consent — see "Error monitoring" below)
3. Mobile app users
If you use the myJobManager mobile app (iOS or Android), we collect additional data to provide mobile-specific features. This section explains what is collected, why, and how it is used.
Apple App Store & Google Play privacy
The mobile app does not use any data for tracking, advertising, or data brokering. No data is shared with ad networks or analytics platforms for advertising purposes. All data collection exists solely to provide the service described below.
Location data
We collect precise GPS coordinates (latitude, longitude, accuracy, and altitude) in the following situations:
- Clock in/out events — to verify attendance at job sites for your employer
- Activity and job timer events — to record where work activities take place
- Background location pings — while clocked in, approximate location is sent every 15 minutes to maintain an activity record. Background tracking stops automatically when you clock out
Location data is linked to your employee account and visible to your employer. It is not shared with any third parties, used for advertising, or processed for any purpose other than workforce management.
Identity and contact data
The app displays your employee profile information (name, email address, phone number, job title) as provided by your employer through the web application. The mobile app does not independently collect contact information beyond your login credentials (organisation code, username, and password).
Financial information
The app allows you to view payslips and CIS statements, which contain gross pay, net pay, deductions, and tax information. This data is retrieved from your employer's system — the mobile app does not collect or process payments. No payment card or bank account details are entered within the app.
Photos
You may optionally take or select photos for:
- Expense receipt capture
- Purchase invoice upload
- Stock write-off evidence
Photos are uploaded to your organisation's secure storage and are only accessible to authorised users within your organisation. Camera and photo library access is requested only when you initiate one of these actions.
Push notifications and device identifiers
To deliver push notifications, we collect:
- Firebase Cloud Messaging (FCM) token — a device-specific token used solely to deliver push notifications
- Device ID — a unique identifier generated by the app (not the device advertising identifier)
- Device name, type, app version, and OS version — to manage registered devices and troubleshoot delivery issues
We do not collect or use the Apple Identifier for Advertisers (IDFA) or Google Advertising ID. Push notification permission is optional and requested at first launch.
Search and usage data
The app records basic usage interactions (screen views, feature usage) and search queries within the Jobs section. This data is used to improve the service and diagnose issues. It is not used for advertising or shared with third parties.
Crash reports and diagnostics
The app uses Sentry to capture crash reports, performance metrics, and error diagnostics. This includes:
- Stack traces and error messages
- Device state at time of error (memory, OS version, app version)
- User actions leading to the error (breadcrumbs)
Crash data is linked to your user ID to help us investigate issues reported by specific users. Sentry processes data in the EU. No diagnostic data is shared with advertisers.
Offline data and sync
When you have no internet connection, the app queues your actions locally on your device. When connectivity returns, queued actions are synchronised with the server. Offline data is stored only on your device and is not accessible to us until it is synced.
| Data type | Linked to identity | Used for tracking | Purpose |
|---|---|---|---|
| Name, email, phone | Yes | No | App functionality |
| Physical address (job sites) | Yes | No | App functionality |
| Precise location (GPS) | Yes | No | App functionality |
| Pay & financial info | Yes | No | App functionality |
| Photos | Yes | No | App functionality |
| User-generated content (notes, forms) | Yes | No | App functionality |
| Search history | Yes | No | App functionality |
| User ID & device ID | Yes | No | App functionality |
| Product interaction | Yes | No | App functionality, analytics |
| Crash data & diagnostics | Yes | No | App functionality |
4. How we use your data (web application)
| Purpose | Lawful basis | Details |
|---|---|---|
| Providing the service | Contract performance | Running your business management system, storing your data, providing access to features |
| User authentication | Contract performance | Verifying your identity when you log in using AWS Cognito |
| HMRC submissions | Legal obligation / Contract | Submitting VAT returns, payroll RTI (FPS/EPS), CIS returns on your behalf |
| Payroll processing | Contract performance | Calculating pay, tax, NI; submitting to HMRC; generating payslips |
| Pension auto-enrolment | Legal obligation | Enrolling employees with pension providers (e.g., NEST) |
| Security and fraud prevention | Legitimate interests | Protecting accounts, detecting unauthorised access, audit logging |
| Service communications | Contract performance | Essential service notifications, password resets, security alerts |
| Error monitoring and performance | Consent / Legitimate interests | With your consent, we collect error reports, page performance metrics, and anonymised session replays around errors to diagnose and fix issues. Server-side error capture operates under legitimate interests to maintain service reliability |
5. Data sharing
We share data only in the following circumstances:
Service providers (data processors)
- Amazon Web Services (AWS): Cloud hosting, authentication (Cognito), file storage (S3), encryption (KMS)
- Sentry (Functional Software, Inc.): Error monitoring, performance tracking, and session replay for diagnosing application issues. Processes IP addresses, browser information, error details, and (with your consent) anonymised session activity around errors. Data is processed in the EU. No data is shared with advertisers
- PostHog (PostHog, Inc.): Product analytics to understand how features are used, helping us prioritise improvements. Only activated with your consent (Analytics & Monitoring). Processes page views, feature interactions, and browser information. Data is processed in the EU. No data is shared with advertisers
- Email delivery services: For sending invoices, notifications, and system emails
Government bodies (where you use these features)
- HMRC: VAT returns, payroll RTI submissions, CIS returns - transmitted via HMRC's official APIs
- Companies House: Filing confirmations (where applicable)
Pension providers (where you use payroll)
- NEST: Employee enrolment and contribution data
- Other pension providers as configured by you
Open banking and payment initiation (where you use bank feeds or pay-by-bank features)
In providing open banking features (bank feeds, transaction imports, and payment initiation), MyJobManager Limited is acting as an agent of Finexer Limited. Finexer Limited is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, firm reference number 925695, as an Authorised Payment Institution to provide account information services and payment initiation services. MyJobManager Limited is entered on the FCA Financial Services Register as a PSD Agent of Finexer Limited under firm reference number 1053813 (registered company number 16452230).
- Finexer Limited: Authorises your bank(s) to share transaction data with us and, where you initiate a payment, submits the payment instruction to your bank on your behalf. Data processed includes account identifiers (account number, sort code, IBAN where relevant), account balances, transaction history, and payment instruction details you enter
- Your bank(s): you consent directly with each bank to share data via open banking, and that data reaches us via Finexer
At your instruction
- Sending invoices/quotes to your customers via email
- Any integrations you choose to enable
6. Data isolation and security
Database isolation
Each organisation has a completely separate database. Your data is never mixed with other organisations' data. This provides the strongest possible isolation.
Encryption
All data is encrypted in transit (TLS 1.3) and at rest. Sensitive credentials (e.g., HMRC gateway passwords) are encrypted using AWS KMS.
Authentication
User authentication is handled by AWS Cognito with support for multi-factor authentication (TOTP). Passwords are never stored in plain text.
Audit logging
All significant actions are logged for security and compliance purposes. Audit logs are stored separately and protected.
7. Data retention
We retain your data for as long as your account is active or as needed to provide services. After account closure:
- Account data: Deleted within 30 days of account closure
- Business records: Retained for 7 years to comply with UK accounting and tax requirements, then deleted
- Payroll records: Retained for 6 years plus current year (HMRC requirement)
- Audit logs: Retained for 7 years for compliance and security
You may request earlier deletion of non-essential data at any time.
8. International transfers
Your data is primarily processed within the UK and European Economic Area on AWS infrastructure. Where data is transferred outside the UK/EEA (for example, to AWS regions), we ensure appropriate safeguards are in place, including:
- AWS's compliance with UK GDPR and use of Standard Contractual Clauses
- Data processing agreements with all processors
9. Your rights
Under UK GDPR, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion (subject to legal retention requirements)
- Restriction: Limit how we process your data
- Portability: Receive your data in a structured format
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Where processing is based on consent
To exercise any of these rights, contact us at [email protected]. We will respond within one month.
10. Complaints
If you have concerns about how we handle your personal data, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
11. Cookies
We use a minimal number of essential cookies. For full details, see our Cookies Policy.
12. Changes to this policy
We may update this Privacy Policy from time to time. Significant changes will be notified via the application. The "Last updated" date at the top of this page indicates when the policy was last revised.