1) Contact Us

Account and access support: For login, access changes, or account issues, contact your Customer Organisation's administrator/IT helpdesk, as your organisation creates and manages user accounts for the App and Portal.

2) Information We Collect and Process

A) Organisation-managed login (SSO / company-managed accounts)

We process account and identity details supplied by the Customer Organisation and/or its identity provider, such as:

• Name, work email, user ID, role/permissions

We also process session/authentication tokens needed to keep you signed in. We do not receive your SSO password.

B) Checklist and SOP workflow data

When you complete and submit a checklist, we process:

• Checklist responses (answers, selections, notes/comments)
• Checklist metadata (checklist/SOP reference, version, timestamps, status)
• Audit information (e.g., who completed/approved, and when), as configured by the Customer Organisation

C) Photos and attachments

We process:

• Photos captured in the App
• Files uploaded/attached to checklist items (e.g., documents)

D) Signatures

We process sign-off data, which may include:

• A drawn signature image and/or signer name/initials
• Timestamp and the workflow context (what was signed and where it appears in the checklist)

E) Location data (foreground-only)

If enabled by the Customer Organisation, we process location data to support operational records and compliance (for example, confirming where a checklist was completed).

Location is collected only while the App is in use (foreground) and typically at or near the time of checklist activity/submission.

F) Device and technical data

To operate, troubleshoot, and secure the service, we process:

• Device model, OS version, app version, language
• IP address, timestamps, and security logs
• Diagnostics such as crash logs and performance events

3) How We Use Information

We process information to:

• Deliver SOPs and checklists to authorised users
• Upload completed checklists (including photos/attachments, signatures, and location where enabled) to the Portal
• Enable viewing, exporting, printing, and generation of PDFs in the Portal
• Provide analysis and reporting features within the Portal (as configured by the Customer Organisation)
• Provide customer support and respond to requests
• Maintain security (access control, audit logging, abuse prevention) and improve reliability

4) How Information is Shared

A) With the Customer Organisation

Checklist submissions (including photos/attachments/signatures/location where enabled) are made available in the Portal to authorised Customer Organisation users according to their permissions (e.g., supervisors, compliance staff, administrators).

B) With subprocessors (service providers)

We use vetted third-party service providers ("subprocessors") to host and operate the App/Portal and related infrastructure (e.g., hosting, storage, monitoring). Subprocessors are contractually required to protect information and may only process it to provide services to us.

C) Legal, safety, and compliance

We may disclose information if required to comply with law, respond to lawful requests, or protect rights, safety, and security.

D) Business transfers

If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction subject to appropriate safeguards.

5) Permissions, Disclosure, and Consent

The App requests device permissions needed for configured functionality (e.g., camera/storage for attachments and signatures, location for site verification). Where required, the App will present clear explanations and request permissions using Android's permission system.

6) Retention

Retention is typically determined by the Customer Organisation's configuration and contractual requirements. We retain data only as long as necessary to provide the services and meet legal/security obligations.

7) Deletion and Account Deletion

User accounts for the App and Portal are created, managed, and controlled by the Customer Organisation (your employer or contracting organisation). Independent Data Certification Ltd does not create end-user accounts, does not manage user credentials, and cannot independently delete or modify user accounts without instruction from the Customer Organisation.

Account changes and access removal

If you need to change your account details, reset access, or deactivate your account, please contact your Customer Organisation's administrator or IT/helpdesk.

Data deletion requests

Requests to delete checklist submissions (including photos/attachments, signatures, and associated location records where enabled) must be made by the Customer Organisation. Customer Organisation administrators can request deletion via the agreed support channel: support@indcert.com.

Where we receive a deletion request directly from an end user, we will direct the request to the Customer Organisation (or ask you to raise it with your administrator), as the Customer Organisation is the controller/owner of the data in most deployments.

8) Security

We use reasonable technical and organisational safeguards designed to protect information, including encryption in transit (HTTPS/TLS), access controls, and monitoring/logging. No method of transmission or storage is completely secure, but we work to protect information appropriately.

9) Your Rights

Depending on your location, you may have rights to access, correct, or delete personal data. Because the Customer Organisation controls most data in this system, requests are typically handled via your organisation administrator. You may also contact us at support@indcert.com.

10) International Transfers

We and our subprocessors may process information in countries other than where you live/work. Where required, we use appropriate safeguards for cross-border transfers.

11) Changes

We may update this policy from time to time. We will update the "Last updated" date and may provide notice in the App or Portal where appropriate.