ComplyFlame: Fire Safety Compliance for SMEs & Landlords

1. Introduction

ComplyFlame Ltd ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the ComplyFlame fire safety compliance management platform ("Service"). We process your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

ComplyFlame Ltd is the data controller for the personal data processed through the Service. If you have any questions about how we handle your data, please contact our Data Protection Officer at [email protected].

3. What Data We Collect

We collect and process the following categories of personal data:

Account Information

Your name, email address, and authentication details provided during sign-up. This is collected to create and manage your account.

Property Data

Property names, addresses, postcodes, types, floor counts, occupant numbers, and tenancy dates. This is collected to provide compliance management services.

Compliance Records

Logbook entries, calendar tasks, responsible person details (names, roles, contact information), maintenance records, training records, and uploaded documents. This is collected to track and manage fire safety compliance.

Payment Information

Payment card details are processed directly by Stripe and are never stored on our servers. We retain only your Stripe customer ID and subscription ID for billing management.

Usage Data

Information about how you interact with the Service, including pages visited, features used, and timestamps. This is collected to improve the Service and provide support.

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

Contract performanceProcessing necessary to provide the Service you have subscribed to (Article 6(1)(b)).

Legitimate interestsProcessing necessary for our legitimate interests in improving the Service, preventing fraud, and ensuring security (Article 6(1)(f)).

Legal obligationProcessing necessary to comply with our legal obligations, including tax and accounting requirements (Article 6(1)(c)).

ConsentWhere we send marketing communications, we do so based on your consent, which you may withdraw at any time (Article 6(1)(a)).

5. How We Use Your Data

We use your personal data to: provide and maintain the Service; process subscriptions and payments; send compliance deadline notifications and reminders; generate compliance reports; provide customer support; improve and develop the Service; and comply with legal obligations.

6. Data Sharing

We do not sell your personal data. We share your data only with the following categories of third parties, and only to the extent necessary to provide the Service:

StripePayment processing. Stripe processes your payment card details directly and is certified to PCI-DSS Level 1.

Cloud providersWe use cloud infrastructure services to host the Service and store your data securely. Data is stored within the UK or EEA.

Legal authoritiesWe may disclose your data if required by law, regulation, or legal process.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal, tax, or accounting purposes (typically up to 7 years for financial records). Compliance records and documents you have uploaded will be deleted upon account closure unless you request an export beforehand.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/SSL), encrypted storage for sensitive data, regular security assessments, and access controls limiting who can view your data. Payment card details are handled entirely by Stripe and never touch our servers.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of accessYou can request a copy of the personal data we hold about you.

Right to rectificationYou can request correction of inaccurate or incomplete personal data.

Right to erasureYou can request deletion of your personal data in certain circumstances.

Right to restrict processingYou can request that we limit how we use your data.

Right to data portabilityYou can request your data in a structured, machine-readable format.

Right to objectYou can object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

We use essential cookies to maintain your authentication session and remember your preferences. These cookies are strictly necessary for the Service to function and do not require consent. We do not use advertising or tracking cookies. Session cookies are automatically deleted when you close your browser or log out.

11. International Transfers

Your data is primarily stored and processed within the UK and EEA. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO, or transfers to countries with an adequacy decision.

12. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a revised "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

ComplyFlame Ltd
Data Protection Officer
Email: [email protected]
General enquiries: [email protected]