Sign up Sign in

← Back to JobSheet.uk

Privacy policy

Jobsheet.uk
Grah.uk Software

Last updated: 1 June 2026

1. Who we are

This Privacy Policy explains how Grah.uk Software (we, us, our) collects, uses, stores, and protects personal data when you use Jobsheet.uk (the Service) and our website.

For UK data protection purposes, Grah.uk Software is the data controller for account and business customer data processed through Jobsheet.uk.

2. Personal data we collect

Depending on how you use the Service, we may collect:

  • Account data (for example: name, email address, password hash, company/workspace details, login/session identifiers)
  • Operational data you enter (for example: customer names, contact details, addresses, job notes, schedules, job status, files, photos, and attachments)
  • Billing and subscription data (for example: subscription status and Stripe customer/subscription references; card payment data is handled by Stripe, not stored by us)
  • Usage and technical data (for example: IP-derived security signals, browser/device data, request logs, error logs, and support diagnostics)
  • Website interaction data from core request/security logs needed to operate the website

3. Data from third-party sources

If you use Companies House lookup/import features, we process company profile data retrieved from Companies House APIs to prefill customer records.

4. How we use personal data

We use personal data to:

  • Provide and operate the Service, including account creation, login, and workspace access
  • Store and display job, customer, scheduling, note, and attachment information
  • Process subscriptions, billing administration, and account lifecycle events
  • Secure the Service, prevent abuse, and investigate incidents
  • Maintain, troubleshoot, and improve performance and reliability
  • Provide support and respond to enquiries
  • Comply with legal and regulatory obligations

5. Lawful bases (UK GDPR)

We rely on one or more of the following lawful bases:

  • Contract — where processing is necessary to provide the Service to you
  • Legitimate interests — for security, service improvement, fraud prevention, and business operations
  • Legal obligation — where we are required to retain or disclose data by law
  • Consent — where specifically required (you can withdraw consent where applicable)

6. Cookies, session tokens, and similar technologies

This marketing website (jobsheet.uk) does not set cookies for analytics, advertising, or referral tracking. We do not show a cookie consent banner on these public pages. Partner and friend referrals use URL parameters (for example ?ref=) rather than cookies.

Some interactive pages may use session storage in your browser for the same visit only (for example saving your subdomain while you complete the how-it-works walkthrough). That is not a cookie and is cleared when you close the tab.

When you use the JobSheet application (for example start.jobsheet.uk or your workspace subdomain), we use essential authentication mechanisms, including:

  • Secure session cookies used to keep signed-in users authenticated
  • Browser storage tokens used as compatibility fallback in some browser scenarios

Those are necessary for core app functionality after you sign in or register. We do not run cookie-based marketing analytics on jobsheet.uk.

7. Data sharing and processors

We do not sell personal data. We share data only where necessary to run the Service, including with service providers such as:

  • Cloud infrastructure and CDN providers (including Cloudflare services)
  • Payment processor(s), including Stripe for checkout and billing
  • Email and operational tooling providers used for support/communications
  • Companies House APIs where you use lookup/import features

We may also disclose data where required by law, lawful request, court order, or to protect rights, safety, and security.

8. International transfers

Some processors may process data outside the UK. Where this occurs, we use appropriate safeguards required under UK data protection law (for example, adequacy regulations or contractual safeguards).

9. Data retention

We retain personal data for as long as needed to provide the Service, meet contractual/legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and account state.

We also maintain backup copies and recovery snapshots for resilience and incident recovery; these are retained according to operational and security policies.

10. Security and resilience

We apply reasonable technical and organisational security measures designed to protect personal data, including access controls, transport security, backup/recovery controls, and operational monitoring.

No system is completely risk-free, but we work to detect, investigate, and address security issues promptly.

11. Your rights

Subject to applicable law, you may have rights to:

  • Access personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request erasure of personal data in certain circumstances
  • Restrict or object to certain processing
  • Request portability of data where applicable
  • Withdraw consent where processing is consent-based

To exercise rights, contact us at the email below.

12. Marketing communications

If you receive product updates or marketing messages from us, you can opt out at any time via unsubscribe links or by contacting us.

13. Children

Jobsheet.uk is intended for business users and is not directed to children. We do not knowingly collect personal data from children.

14. Changes to this policy

We may update this Privacy Policy from time to time. Where changes are material, we will post an updated version with a revised “Last updated” date.

15. Contact and complaints

Grah.uk Software
Website: https://jobsheet.uk
Email: [email protected]

If you are based in the UK and have concerns about our data handling, you can also contact the UK Information Commissioner’s Office (ICO): https://ico.org.uk.