Privacy Policy

TulipTech Ltd is the data controller for personal data collected through the Lolerflow platform. We operate Lolerflow at lolerflow.co.uk — a cloud-based LOLER inspection management software for lifting equipment inspection companies in the UK. Contact: hello@lolerflow.co.uk Registered in England and Wales If you have any questions about how we handle your personal data, please contact us at the email above.

We collect the following categories of personal and business data: Account Data • Name, email address, company name, and phone number — provided when you register Inspection Data • Asset details, inspection records, photographs, GPS coordinates, and certificates — entered by you and your team when using the platform. This data is yours; we process it solely to provide the service. Usage Data • Login times and session information • Features used within the platform • Browser type, device type, and operating system • IP address (for security and fraud prevention) Payment Data • Payment processing is handled entirely by Stripe, our payment processor. We do not store, transmit, or have access to your full card details. Stripe's privacy policy applies to payment data.

We use your data for the following purposes: • To provide and operate the Lolerflow service as described in our Terms and Conditions • To send service notifications, including subscription renewal reminders, payment confirmations, and system alerts • To provide customer support and respond to your enquiries • To improve the platform using anonymised, aggregated usage analytics — we do not use your identifiable data for analytics • To detect and prevent fraud and security incidents • To comply with legal obligations We do not sell your data to third parties. We do not use your data for advertising or marketing to third parties.

Under UK GDPR, we rely on the following legal bases: Contract Performance (Article 6(1)(b)) Processing your account data, inspection data, and usage data is necessary to provide the Lolerflow service you have subscribed to. Legitimate Interests (Article 6(1)(f)) We process certain usage data for security monitoring, fraud prevention, and service improvement where our legitimate interests are not overridden by your rights. Legal Obligation (Article 6(1)(c)) We may retain certain data where required to do so by applicable law, including financial records. Where we process special category data (which we do not anticipate), we would obtain your explicit consent.

We do not sell or rent your data. We share data only with the following trusted processors, under written data processing agreements: Stripe — Payment processing. Stripe processes payment data on our behalf and is PCI DSS compliant. See stripe.com/privacy. Amazon Web Services (AWS) — Cloud hosting, storage, and infrastructure. Your data is stored on AWS servers located in the UK/EU. AWS is bound by our data processing agreement. We do not share your data with any other third parties unless required to do so by law (for example, in response to a court order or regulatory request).

Active accounts: We retain your data for the duration of your subscription. After cancellation: Your data is retained for 90 days following the end of your subscription to allow for reactivation or data export. After 90 days, all data is permanently and irrecoverably deleted from our systems. You may request early deletion of your data at any time by contacting hello@lolerflow.co.uk. We will action deletion requests within 30 days, subject to any legal obligations to retain data. Financial records (e.g., invoices) may be retained for up to 7 years as required by HMRC regulations.

Under UK GDPR, you have the following rights: Right of Access — You can request a copy of the personal data we hold about you. Right to Rectification — You can ask us to correct inaccurate or incomplete data. Right to Erasure — You can request deletion of your personal data, subject to our legal obligations. Right to Object — You can object to processing based on legitimate interests. Right to Data Portability — You can request your data in a structured, machine-readable format. Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time. Right to Restrict Processing — You can ask us to restrict processing in certain circumstances. To exercise any of these rights, contact hello@lolerflow.co.uk. We will respond within one month. We may need to verify your identity before actioning a request.

We take data security seriously and implement appropriate technical and organisational measures, including: • Encryption of all data in transit using TLS (Transport Layer Security) • Encryption of data at rest using AES-256 or equivalent • Role-based access controls limiting who within TulipTech Ltd can access your data • Regular internal security reviews and vulnerability assessments • Secure software development practices In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware, and will notify affected customers without undue delay where required. No system is entirely without risk. While we take reasonable steps to protect your data, we cannot guarantee absolute security.

Lolerflow uses only essential cookies necessary for the operation of the platform: • Session cookies — to maintain your logged-in state during your session • Security cookies — to protect against cross-site request forgery (CSRF) and similar attacks We do not use: • Advertising or tracking cookies • Third-party analytics cookies (e.g., Google Analytics) • Social media tracking pixels Essential cookies cannot be disabled as they are required for the platform to function. They are deleted when you close your browser or log out.

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or our data practices. Where changes are material, we will notify you by email to your registered address at least 30 days before the changes take effect. Continued use of Lolerflow after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not accept the changes, you may cancel your subscription before they take effect. The date at the top of this page will always reflect when the policy was last updated.

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us: Email: hello@lolerflow.co.uk Company: TulipTech Ltd, registered in England and Wales We aim to respond to all data-related enquiries within 5 UK business days. Right to Complain to the ICO If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): Website: ico.org.uk Telephone: 0303 123 1113 We would always appreciate the opportunity to resolve any concerns directly before you contact the ICO.