Legal
Privacy Policy
Last updated: 11 April 2026
1. Who we are
This privacy policy explains how TimeBeat Ltd(“TimeBeat”, “we”, “us”) collects, uses and protects your personal data when you use timebeat.app, our software platform and our managed services.
TimeBeat is the data controller for the personal data described in this policy. Our registered address is Unit J211, 100 Drummond Road, London SE16 4DG, United Kingdom.
2. Data we collect
We collect only the data we need to provide our services and respond to enquiries.
- Contact information — name, email, company, job title, phone number — submitted via our contact, demo and quote forms.
- Message content — anything you write in a form or send us by email.
- Customer data — account credentials, telemetry metadata and configuration data associated with your use of TimeBeat software and cloud services.
- Technical data — IP address, browser type, device information and usage analytics collected automatically when you visit our website.
- Cookie data — see our Cookie Policy.
3. How we use your data
- Respond to enquiries, quotes and demo requests
- Deliver the TimeBeat platform and associated services
- Provide technical support and customer communications
- Send relevant product updates and newsletters (only with consent)
- Analyse website usage to improve our content and navigation
- Comply with legal, regulatory and tax obligations
- Detect, investigate and prevent fraud or security incidents
4. Legal basis for processing
Under UK GDPR, we rely on the following legal bases:
- Contract — processing needed to deliver services you have requested.
- Legitimate interests — responding to your enquiries, improving our services, basic website analytics, and direct B2B marketing to existing business contacts.
- Consent — where you have explicitly opted in, e.g. for marketing emails or non-essential cookies. You may withdraw consent at any time.
- Legal obligation — where we are required to process data under UK law.
5. Data sharing
We do not sell personal data. We share personal data only with third parties who help us operate the business under strict data-processing agreements:
- Cloud infrastructure providers (for hosting and backup)
- Email and messaging providers (for delivering responses and notifications)
- Analytics providers (for website traffic analysis)
- Customer relationship management tools (for managing enquiries)
- Professional advisers (accountants, lawyers, auditors) where necessary
We may also disclose personal data if required by law, court order or to protect our legal rights.
6. International transfers
Some of our service providers are based outside the UK or European Economic Area. Where we transfer personal data internationally, we use Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements, or transfers to jurisdictions with an adequacy decision — as appropriate.
7. Data retention
We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law. Typical retention periods:
- Contact form submissions — up to 24 months
- Customer account data — for the duration of the contract plus 7 years
- Marketing contacts — until you unsubscribe, then promptly deleted
- Technical logs — up to 12 months
8. Your rights
Under UK GDPR you have the right to:
- Access a copy of the personal data we hold about you
- Have inaccurate or incomplete data corrected
- Request deletion of your personal data (“right to erasure”)
- Restrict or object to processing
- Request data portability
- Withdraw consent where processing is based on consent
- Lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk
To exercise any of these rights, email us at info@timebeat.app. We will respond within one month.
9. Security
We protect personal data with industry-standard security measures including encryption in transit (TLS 1.3) and at rest, role-based access controls, regular security reviews, and least-privilege access for staff. No system is perfectly secure, but we treat every piece of customer data as if it were our own.
10. Children’s data
TimeBeat is a business-to-business service. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have done so, contact us and we will delete it promptly.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced prominently on this page and — if we have a business relationship with you — by email. The “last updated” date at the top of the page shows when the policy was last changed.
Questions about this policy?
If you have questions about this document, or need to exercise any rights described here, get in touch and we’ll respond within one business day.