Privacy Policy
This Privacy Policy explains how Bruntingthorpe Paperwork ("the Service") handles personal data when drivers, payroll users, and administrators use bruntpaperwork.co.uk and related Bruntingthorpe Paperwork app access points to record shift paperwork, manage supporting records, prepare timesheets, create invoices, upload receipts, and send timesheet emails.
1. What the Service Is For
Bruntingthorpe Paperwork is used to record work-related paperwork such as shift dates, mileage, loads, collections, deliveries, cars delivered, nights out, allowances, expenses, notes, reminder preferences, invoice-related information, and supporting files. The Service can generate timesheet files, provide profile, overview and history views, and send timesheet emails to payroll or other configured recipients.
2. Data We Collect
- Account data: name, email address, encrypted password, role, login method, login status, remember-me settings, and user preferences.
- Shift and timesheet data: shift pattern, anchor date, daily entries, overtime records, holiday/sick/day-off/VOR markers, mileage, fuel, loads, cars, collections, deliveries, allowances, expenses, notes, and summary values.
- Invoice and expense data: expense values, linked invoice details, invoice numbering or references, invoice attachments, receipt metadata, and related workflow records.
- Files and exports: uploaded receipts or attachments, generated Excel/CSV/PDF-style files, custom email header images, draft email content, and generated paperwork attachments.
- Email sending data: recipient addresses, reply-to data, email subject/body, send format preferences, attachments, queue status, cancel/undo metadata, send history, timestamps, and whether a timesheet has already been sent.
- Connected email data: if you connect Microsoft or Google, we store encrypted OAuth tokens and the connected email address so the Service can send timesheet emails from that account.
- Security and device data: login timestamps, IP addresses, remember-me tokens, session data, browser/device user-agent details, PIN/app-lock preferences, and payroll-link access logs where applicable.
3. Microsoft and Google Email Access
Users may connect a Microsoft Outlook/Live account or a Google Gmail account so timesheet emails can be sent from their own email address. For Google, the Service requests Gmail send-only permission. For Microsoft, the Service uses permission to send mail through the connected Outlook/Live account.
The Service does not use connected Google or Microsoft accounts to read inbox messages, scan mailbox content, delete emails, or access contacts. Connected account tokens are stored encrypted and are used only to send emails that the user asks the Service to send.
4. How We Use Data
- Provide timesheet, paperwork, profile, overview, history, invoice, export, reminder, and email sending features.
- Show users their saved entries and settings across devices.
- Allow payroll/admin users to review relevant timesheets, invoices, settings, send history, and operational records.
- Generate exports, attachments, summaries, reminders, login alerts, and sent-timesheet notices.
- Store drafts, uploaded receipts, email queue items, and attachment history needed for app workflows.
- Secure accounts, prevent misuse, troubleshoot issues, investigate failed sends, and maintain the Service.
5. Who Can See Data
Drivers can see and manage their own paperwork. Payroll or authorised admin users may access user records, timesheets, generated paperwork, invoices, send history, activity history, and settings where needed for payroll, support, or operational administration. Some app features may provide read-only or payroll-link access to selected records for authorised staff. We do not sell personal data.
6. Cookies and Similar Technologies
The Service uses essential cookies for login sessions, remember-me authentication, security, and app operation. These cookies are not used for third-party advertising.
7. Data Sharing
Data is shared only where necessary to operate the Service, for example with email providers when sending timesheet emails, hosting infrastructure, payroll-authorised users, connected email providers, or where required by law.
8. Data Retention
Timesheet and paperwork records may be kept for payroll, operational, audit, and record-keeping purposes. Connected email tokens are kept only while the user keeps that provider connected. Uploaded files, drafts, email queue records, email send history, generated exports, invoice-related files, and receipt metadata may be retained as needed for the Service and may be removed when no longer required.
9. Security
We use technical and organisational controls intended to protect data, including password hashing, encrypted storage for sensitive settings and connected-email tokens, access controls, session management, role-based permissions, expiring access links, and optional account-lock style controls. No online service can guarantee absolute security.
10. Legal Bases (UK GDPR)
- Contract or service provision: to provide the paperwork and timesheet features requested by users.
- Legitimate interests: service security, support, payroll administration, auditability, fraud prevention, and operational reliability.
- Legal obligations: where record keeping or disclosure is required by law.
- Consent: where a user chooses to connect a Google or Microsoft email account or enables optional notification/security features.
11. Your Rights
Subject to applicable law, you may have rights to:
- Access a copy of your personal data.
- Request correction of inaccurate data.
- Request deletion or restriction of processing in certain cases.
- Disconnect Google or Microsoft email access from the settings page.
- Object to certain processing activities.
- Lodge a complaint with the UK Information Commissioner's Office (ICO).
12. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will be published on this page with the updated effective date.
13. Contact
For privacy requests or questions, contact your payroll administrator or use the account support flow available on this website.