Privacy Policy

1. Who we are

RenewFlow is a product of MINDSRIVE LTD, a company registered in England and Wales (company number 17241969), whose registered office is at 128 City Road, London, EC1V 2NX, United Kingdom. In this policy, "RenewFlow", "we", "us" and "our" mean MINDSRIVE LTD. We provide cloud-based fire-safety compliance management software to businesses in the United Kingdom, and operate the website at www.therenewflow.co.uk and the RenewFlow application.

For any privacy question, or to exercise your rights, contact us at hello@therenewflow.co.uk.

2. Our role: controller and processor

RenewFlow handles personal data in two distinct roles:

• As a controller — for the personal data we decide how to use: the account details of the users who sign up and administer a RenewFlow account, billing and subscription data, support communications, and website/technical data.
• As a processor — for the personal data that our business customers upload into the platform about their own clients and operations (for example a customer's contact name, site address, equipment records, certificates and service history). For that data, our customer is the controller and we process it only on their documented instructions, under our service agreement.

If you are an individual whose details appear in a RenewFlow customer's records and you have a request, please contact that business directly; we will support them in responding.

3. Personal data we collect

• Account & profile data — name, work email, password (stored only as a secure hash), role, and the organisation you belong to.
• Customer & compliance data — the records you enter or import (customers, sites, equipment, contracts, certificates, service history). This may contain the names, addresses and contact details of your own clients and engineers.
• Billing data — subscription plan, billing status, and the limited payment metadata returned by our payment processor. We never see or store full card numbers — card details are entered directly on Stripe's secure, hosted checkout.
• Usage & technical data — log data such as IP address, browser type, timestamps, and actions taken in the app, used to operate, secure and improve the service.
• Communications — messages you send us (e.g. demo requests, support emails).

4. How we use personal data, and our lawful bases

• To provide the service (create accounts, run compliance workflows, issue certificates, send reminders) — performance of a contract.
• To take payment and manage subscriptions — performance of a contract and legal obligation (e.g. tax records).
• To secure, monitor and improve the platform, and prevent abuse — legitimate interests in running a safe, reliable service.
• To provide support and respond to enquiries — legitimate interests / steps prior to a contract.
• To send service and transactional emails (e.g. password resets, billing notices) — performance of a contract.
• To comply with legal and regulatory obligations — legal obligation.

We do not use your data for advertising and we do not sell personal data.

5. Sharing and sub-processors

We share personal data only with service providers who help us run RenewFlow, under contracts that require them to protect it and use it only for the services they provide to us. Our current key sub-processors are:

We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety and security of RenewFlow, our customers, or others. If RenewFlow is involved in a merger or acquisition, data may be transferred as part of that transaction, subject to this policy.

6. International transfers

We host the core platform within the EU. Some providers (such as our payment processor) may process data outside the UK/EEA. Where that happens, we rely on appropriate safeguards — such as the UK International Data Transfer Agreement / Addendum or the EU Standard Contractual Clauses — so that your data remains protected to UK standards.

7. How long we keep data

We keep account and customer data for as long as your account is active. After an account closes, we retain data for a limited period to allow reactivation, resolve disputes, and meet legal, accounting and compliance obligations, after which it is deleted or anonymised. Billing records are kept for the period required by law. You can ask us to delete your data sooner (subject to our legal obligations).

8. How we protect data

We apply technical and organisational measures including encryption in transit, role-based access controls, audit logging, and least-privilege access. See our Security page for more detail.

9. Your rights

Under UK data protection law you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have data erased in certain circumstances;
• restrict or object to certain processing;
• data portability;
• withdraw consent where processing is based on consent.

To exercise any of these, email hello@therenewflow.co.uk. We will respond within the timeframes required by law. If you are unhappy with how we have handled your data, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk — though we'd appreciate the chance to resolve it first.

10. Cookies

RenewFlow uses only strictly necessary storage to keep you signed in and to run the application; we do not use advertising or third-party tracking cookies. See our Cookie Policy for details.

11. Children

RenewFlow is a business tool and is not directed at children. We do not knowingly collect data from anyone under 16.

12. Changes to this policy

We may update this policy as the service evolves or the law changes. We will update the "last updated" date above and, for material changes, take reasonable steps to notify account administrators.

13. Contact

Questions about this policy or your data: hello@therenewflow.co.uk.