Introduction

At Square Flame, your data privacy is important to us. We are committed to protecting all data provided to us when using the Square Flame Service App. This document is designed to explain what data we collect and process, how and why we collect it, and what your rights are in relation to this data. This privacy policy is specifically written for our Square Flame Service App, and is not applicable to our other services.

Please ensure that you have read and understood this privacy policy before using the Square Flame Service App. This policy is effective from 13/07/2018.

Who Are We?

The data controller for the Square Flame Service app is: – Static Games Ltd, 307 – 315 Holdenhurst Road, Bournemouth, Dorset, BH8 8BX. If you have any queries, or to submit a data request, please contact us via email at info@squareflame.co.uk, or call us on 01202 978858.

What Information Do We Collect and How is it Used?

The Square Flame Service App requires collection of certain data to ensure the system can: –

  • Function correctly
  • Be invoiced correctly
  • To ensure protection of business and personal data
  • To prevent abuse of the Square Flame Service App and its infrastructure

Setup of Accounts

In order to set up a business or user account, the Square Flame Service App will require you to provide the name of your business, an email account associated with each app user, and the appropriate email address to which all reports and field data should be sent. This data is required to provide each user with login credentials to access the app, and to ensure that data is sent to the correct addresses, preventing any leak or breach of data. Where possible, please check email forwarding for any email account used to receive reports and field data, as this will ensure no confidential data is sent to unauthorised persons.

For both business and user accounts, secure passwords will be assigned by a Square Flame administrator before being provided to the appropriate persons. Please be aware that for security reasons, we will not store a written copy of your password. Any request to change a password should be directed to info@squareflame.co.uk. You are responsible for keeping this password confidential. We ask you not to share your passwords with anyone.

Analytics Information

The Square Flame Service App stores certain audit data in order to track data use, volume of messages and excessive device switches. In full, our analytics track: –

  • Number of messages sent
  • Volume of data used
  • How often a user changes device
  • The number of lockouts and invalid token uses
  • How many user tokens have been created (I.E. how many people have logged in as a certain user, or as a part of a company)
  • When a user logs in on a new device
  • App user’s device ID

This data is collected to ensure that to prevent excessive data usage, to prevent abuses of the system, and to ensure the security of our system. By tracking the number of messages and the volume of data used, we can ensure that server resources are increased and allocated accordingly, ensuring minimal downtime and providing the best possible service to our users. We track lockouts, invalid token uses, log ins and device changes for two reasons. Firstly, to ensure there are no abuses of the system which may affect the quality of service provided to other users, such as a company operating multiple users’ devices on a single account. This would cause excessive strain on the server which may cause performance issue for some users, whilst the loss of income from such behaviour would limit the available income with which to adequately upgrade to ensure a quality service to all users. Secondly, this data can be used to identify potential security breaches, which we can therefore act upon as quickly as possible to protect the data of our users. For example, a Bournemouth based company which suddenly logs on in Leeds can be quickly flagged as a potential security threat, whilst a number of lockouts and invalid tokens may indicate a brute force attack.

For complete clarity, please note that the system only tracks the number of messages sent, and the total data usage, and does not read, store or otherwise track any data contained within an email. Similarly, whilst a device ID for each user is recorded, we do not track any information related to the owner or user of the device, nor do we track any data contained on the device itself.

Payment Information

To ensure correct invoicing, Square Flame must keep a record of all active user accounts for a business, and the email address associated with the business’ payments department. This is to ensure accurate invoicing and to prevent termination of any user accounts.

Server Logs

To ensure the continued smooth running of our system, and to help ensure its security, we use server logs. These server record a user’s IP address, user agent, date and time, source port number, transport protocol number, and destination port number. This allows us to identify and block any IP address which may be abusing or otherwise threatening the security and functioning of the Square Flame Service App system.

What is the Legal Basis for Processing Your Data?

Square Flame process personal data for users under the following legal basis: –

Consent

Square Flame will ask you to provide some personal data for the purposes of setting up a business or user account on the Square Flame Service App. If you do not provide this data, the Square Flame app will not function, and therefore cannot be used. We ask all users (or their business representative) to provide us with the necessary data to set up these accounts. A user responding to a request for data with which to set up an account is seen as the individual providing clear consent to process their personal data for this specific purpose. Users who wish to withdraw their consent to use personal data in this way may make an immediate request for removal, which Square Flame will honour. Please be aware, however, that users who do not provide consent to use their data in this way cannot be provided access to the Square Flame Service App, and therefore will not be able to use this service.

Legal Obligation

Square Flame may collect some personal data in order to issue invoices or similar financial documents. Square Flame is required to keep all relevant financial documents for a period of up to seven years, in order to ensure compliance with HMRC in the event of a business accounts audit.

Legitimate Interests

We store certain log files and information about device usage to ensure that our system remains secure, and to ensure that adequate server resources are allocated, providing a high quality service to our users. We believe, in good faith, that processing this data (which is anonymised where possible) is of legitimate interest to Square Flame, business users and personal users, to ensure that their data is kept as secure as possible, and to ensure that they receive the highest quality of service when using the app.

Where Do We Store Your Personal Data?

The data that we collect from you will be stored on servers located in London, UK. Our servers are regularly monitored to ensure security and optimal performance, and regularly undergo both malware scanning and security auditing. Square Flame will never personally transfer or store your data on any server outside of the European Economic Area (EEA).

Please be aware that we cannot guarantee the security or location of a client’s server, and therefore cannot be held liable if a user chooses to transfer their data via the app to a server that is either insecure, or which is operated outside of the EEA. This is done entirely of the user’s own volition and Square Flame hold no responsibility, nor accountability, for ensuring the security or location of any server outside of our ownership.

If a user sends an email using the app, but does not have a sufficient WiFi signal, or sufficient mobile data or signal with which to send the message, this data will be temporarily cached on the user’s device. This data will be emailed at the nearest opportunity, at which point the data will be immediately deleted from the user’s device.

How Long Do We Store Your Personal Data For?

The data that we collect from you will be stored on servers for the duration of your agreement (either 12 months for an annual subscription, or one month for a monthly subscription). In the event that a payment is missed, we will store this data for a further 28 days to allow for any late or missed payments, from users who may wish to continue with their current services. In the event that a subscription is cancelled, we will aim to remove your data from our system within 28 days. If a request for removal is submitted as a part of your right to be forgotten, we will remove this user from our system within 24 hours (except in the case that a user has submitted the request on a weekend or national holiday, such as Christmas or a bank holiday, in which instance the user will be deleted on the next working day).

For financial data which relates to our business accounts, this information will be stored for a period of up to seven years to ensure that we remain compliant with HMRC account audit requests.

Our server logs operate on a log rotation system and will be retained for a maximum of two months for security purposes.

Where Do We Use Any Third Party Providers?

The Square Flame Service App uses London based servers provided by Simply Transit Ltd to store user data. These servers are regularly monitored and malware scanned, and use encryption to protect your data. Simply Transit are a part of the Dada Group and operate under the Dada privacy policy, found here.

We also use MailGun to ensure better deliverability of emails from the app to its intended targets. MailGun is operated by RackSpace Inc, and uses a London based servers operated by RackSpace Inc to send emails via the app. These servers are regularly monitored and malware scanned, and use encryption to protect your data. More information on the MailGun specific privacy policies can be found here.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Do We Use Cookies as Part of the App?

The Square Flame Service App does not use cookies to store data. The app does, however, use an anonymised login token to securely authenticate users. This token does not track any personal data and is used strictly for the purposes of ensuring a secure login.

What are Your Data Rights?

Your hold a number of data rights in relation to your use of the Square Flame Service App. Please bear in mind that the right to rectification, the right to be forgotten and the right to object may render us unable to provide you with access to the Square Flame Service App. Your primary data rights include: –

  • Right to rectification – You may request that we edit any account information that we hold on you.
  • Right to be forgotten – You may request that we permanently delete all data associated with you within 30 days of receiving the request
  • Right of portability – You may request that we export your data so that it may be transferred to a third party
  • Right to object – You may object to your personal data being used for specific purposes
  • Right of access – You may contact us at any time if you’d like to access your data, or if you have any questions about your data and how we use it.

We aim to respond to all requests within 24 hours of receiving them during the working week. Data requests sent on a weekend or national holiday (such as Christmas or a bank holiday) will receive a response on the next working day.

Security and Data Breaches

Square Flame is committed to ensuring that your personal data is kept secure. We have already implemented a number of policies and procedures to prevent unauthorised access to your data. We also use regular malware scanning and security audits to ensure the safety of your data on our systems.

Any unlawful data breach of the Square Flame Service App database, or the databases of any of our third party processors, will be reported to any and all relevant persons and authorities within 72 hours of the breach. This is only if it is apparent that personal data stored in an identifiable manner has been stolen.

How Can I Contact You?

If you wish to contact us in relation to any of your data rights, or if you have any further queries about this policy or the Square Flame Service App, we can by contacted by letter at Square Flame, 307 – 315 Holdenhurst Road, Bournemouth, Dorset BH8 8BX. Alternatively, we are available via email at  info@squareflame.co.uk, or via telephone on 01202 978858.

Changes To Our Privacy Policy

This privacy policy may be changed or updated from time to time, to reflect changes in the app, our company, our services, or in line with legislation or industry changes. In the event that a change is made, you will be informed in the following ways: –

  • This web page will be updated to reflect the new policy, and its effective date changed at the head of the document
  • Our Google Play and iOS App Store pages will be updated to reflect that there is a new policy
  • The app will feature a notification of changes
  • The app’s change log will record any updates to the policy