This policy explains what information TorquePlan collects, how it is used, how it is stored, and what rights you have over your data. By using TorquePlan, you agree to the practices described here. TorquePlan is operated by the developer of torqueplan.com.
1. Who This Policy Applies To
This policy applies to all users of the TorquePlan web application, including:
- Organisation managers and administrators who create and manage a TorquePlan account
- Engineers who are invited to an organisation account and use TorquePlan to complete job records
- Any person whose personal data is entered into TorquePlan in connection with a job or certificate record (for example, a customer whose property is being serviced)
2. What Data We Collect
Account & Organisation Data
- Organisation name, sector, address, city, postcode
- Contact phone number and email address
- Gas Safe registration number (where applicable)
- VAT registration number (where applicable)
- Company logo (stored as encoded image data)
User Account Data
- Full name and email address
- Role within the organisation (admin, manager, engineer)
- Password (stored as a securely hashed value — never plain text)
Job & Certificate Data
- Customer name and site address
- Job type, date, and description
- Engineer name and digital signature
- Certificate-specific data (appliance details, readings, test results, Gas Safe information)
- Certificate status (draft, complete, valid, expiring, expired)
Quote Data
- Customer name and address
- Labour, parts, and call-out charges
- Quote status (draft, sent, accepted)
Payment Data
Payments are processed by Stripe. TorquePlan does not collect or store card data. We receive payment confirmation status only.
3. How We Use Your Data
- To provide and operate the TorquePlan application and its features
- To enable job records, certificates, and quotes to be created and stored
- To enable organisation management and user administration
- To process subscription payments via Stripe
- To send account-related emails (invitations, password resets)
- To maintain platform security and integrity
- To improve the application based on usage patterns
4. Legal Basis for Processing
Under UK GDPR, we process personal data on the following legal bases:
- Contract — processing is necessary to provide the service you have signed up for
- Legitimate interests — security monitoring, fraud prevention, and platform improvement
- Legal obligation — where processing is required by applicable law
Customer data entered into job and certificate records is processed under the organisation's own legal obligations. Organisations are responsible for ensuring they have the right to process this data and for communicating with customers appropriately.
5. Data Storage & Security
TorquePlan is built on Supabase, hosted on Amazon Web Services (AWS) infrastructure in the European Union. Application and database data is stored within the EU. Some transactional email processing (account invitations and notifications) is handled by Resend outside the EU, under appropriate safeguards such as Standard Contractual Clauses / the UK International Data Transfer Agreement.
- Row-level security on all database tables — organisations can only access their own data
- Secure HTTPS connections for all data in transit
- Passwords stored as hashed values — never plain text
- Role-based access controls within the application
- Regular review of security policies
6. Data Retention
We retain your data for as long as your organisation account is active. If you close your account, data is deleted within 30 days unless legally required to be retained.
Compliance certificates have legally defined minimum retention periods. Organisations are responsible for retaining records in line with applicable regulations:
| Certificate Type | Minimum Retention |
|---|---|
| Gas safety records | 2 years |
| F-Gas records | 5 years |
| EICR | 5 years |
| PAT records | 3 years |
We recommend keeping copies of compliance certificates outside TorquePlan as a backup.
7. Third-Party Services
Supabase
Database, authentication, and server-side functions. Hosted on AWS EU. Privacy Policy →
Stripe
Subscription payment processing. Stripe handles all card data directly — TorquePlan does not receive or store card numbers. Privacy Policy →
Netlify
Application hosting and delivery. Netlify may collect standard server access logs. Privacy Policy →
Resend
Transactional email delivery (account invitations and notifications). Processes recipient name and email address. Privacy Policy →
8. Cookies
What Are Cookies?
Cookies are small files stored on your device that help the application remember information about your session.
Cookies Used by TorquePlan
| Cookie | Type | Purpose | Required |
|---|---|---|---|
| Supabase Auth Session | Essential | Maintains your login session. Without this, you are signed out on every page. | Yes |
| Local Storage Preferences | Functional | Stores session preferences in your browser. Data does not leave your device. | No |
Managing Cookies
You can control cookies through your browser settings. Disabling session cookies will prevent you from logging in to TorquePlan.
9. Your Rights Under UK GDPR
Access
Request a copy of your personal data
Rectification
Ask us to correct inaccurate data
Erasure
Ask us to delete your data (subject to legal retention requirements)
Restriction
Limit how we use your data in certain circumstances
Portability
Receive your data in a structured, machine-readable format
Object
Object to processing based on legitimate interests
To exercise any right, contact us via the app. We respond within 30 days. You may also lodge a complaint with the Information Commissioner's Office (ICO).
10. Children
TorquePlan is a professional business application not intended for anyone under 18. We do not knowingly collect data from children. If you believe a child has provided data through TorquePlan, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this policy from time to time. We will update the "Last updated" date and notify active users of significant changes via email or in-app notice. Continued use of TorquePlan after any update constitutes acceptance of the revised policy.
12. Contact Us
Questions about this policy, or to exercise your data rights, contact us via: