This Privacy Policy explains how Custom Web Apps Ltd (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use our 3PL warehouse management service (“the Service”). We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
Custom Web Apps Ltd is the data controller for personal data you provide directly to us when registering and using the Service. Where you, as a 3PL operator, enter data about your own clients, contacts, and third parties into the Service, we act as a data processor on your behalf (see Section 8).
| Category | Examples | Source |
|---|---|---|
| Account data | Name, company name, email address, phone number | Provided by you at registration |
| Authentication data | Hashed password, Google OAuth tokens | Provided by you or Google |
| Billing data | Subscription plan, payment status (card numbers are held by Stripe, not us) | Payment processor (Stripe) |
| Usage & technical data | IP addresses, session identifiers, page access timestamps, activity log entries | Automatically collected |
| Customer Data | Stock records, warehouse client details, inbound/outbound movements, invoices, and other operational data you enter | Entered by you and your users |
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Creating and managing your account | Performance of a contract (Art. 6(1)(b)) |
| Processing subscription payments | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional emails (verification, password reset, invoices) | Performance of a contract (Art. 6(1)(b)) |
| Detecting and preventing fraud and security incidents | Legitimate interests (Art. 6(1)(f)) |
| Maintaining activity logs for audit purposes | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal and regulatory obligations | Legal obligation (Art. 6(1)(c)) |
| Improving and developing the Service | Legitimate interests (Art. 6(1)(f)) |
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
We share personal data with the following sub-processors, all of whom are bound by appropriate data processing agreements and provide adequate levels of data protection:
| Sub-Processor | Purpose | Privacy Information |
|---|---|---|
| Stripe Inc. | Payment processing and subscription management | stripe.com/gb/privacy |
| Google LLC | Optional OAuth sign-in (“Sign in with Google”) | policies.google.com/privacy |
| Email delivery provider | Sending transactional emails (account verification, password resets) | Available on request |
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
| Data Type | Retention Period |
|---|---|
| Account and user data | Duration of subscription + 90 days after termination (to allow data export) |
| Customer Data (operational records) | Duration of subscription + 30 days after termination, then permanently deleted |
| Activity and security logs | 12 months |
| Payment records | 7 years (UK statutory requirement) |
| Terms acceptance records | Duration of account + 7 years (legal compliance) |
After each retention period has elapsed, data is permanently deleted or irreversibly anonymised.
As a data subject, you have the following rights regarding your personal data:
To exercise any of these rights, please email us at privacy@customwebapps.co.uk. We will respond within one calendar month. We may need to verify your identity before we can action your request.
If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.
The Service uses strictly necessary session cookies to maintain your authenticated session. These cookies are essential for the Service to function and do not require your consent under the Privacy and Electronic Communications Regulations 2003 (PECR).
We do not currently use analytics, advertising, tracking, or any other non-essential cookies. If we introduce such cookies in future, this Policy will be updated and appropriate consent mechanisms will be implemented before they are set.
When you use the Service to store and manage data about your own warehouse clients, contacts, and operations, you are the data controller for that data, and we act as your data processor.
In that capacity, we:
Enterprise customers requiring a formal signed Data Processing Agreement (DPA) may request one by emailing privacy@customwebapps.co.uk.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include:
No system is completely secure. In the event of a personal data breach, we will notify affected customers and report to the ICO within 72 hours where required by UK GDPR.
Your personal data is stored on servers located within the United Kingdom or European Economic Area. Where sub-processors are located outside these areas (such as Stripe and Google, which operate globally), we rely on appropriate transfer mechanisms such as UK adequacy decisions or standard contractual clauses.
We may update this Privacy Policy from time to time. We will notify you of any material changes by email at least 30 days before they take effect. The current version of this Policy is always available at /privacy.php. Continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Policy.
For any privacy-related queries, to exercise your data subject rights, or to request a Data Processing Agreement, please contact us at:
Custom Web Apps Ltd© 2026 Custom Web Apps Ltd · Terms of Service