Privacy Policy — TekQor CRM

1. Who we are

TekQor (“we”, “us”, “our”) operates the TekQor CRM platform at crm.tekqor.com. We are a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Company details:
Company registration number: 17187264
66 Paul Street, London, England, EC2A 4NA
ICO registration number: [TODO: ICO number — register at ico.org.uk]
Contact: info@tekqor.com

2. What data we collect

We collect the following categories of personal data through our platform:

Identity data — full name, display name
Contact data — email address, phone number
Account data — role, login credentials (passwords are hashed and never readable)
Booking & appointment data — dates, times, services booked, notes, status
Property data — property addresses, tenancy details, compliance records, inspection records (for real-estate industry users)
Payment data — transaction records, invoice history. We do not store full card numbers — payments are handled by Stripe.
Communications data — email open and click events (via Resend)
Usage data — error logs and crash reports (via Sentry)
Phone number compliance documents — where a business subscriber activates the IVR or WhatsApp Booking add-on, we collect a proof of entity (e.g. Companies House certificate) and a proof of address (e.g. utility bill) to satisfy UK Ofcom regulatory requirements for provisioning a geographic telephone number. These documents are transmitted directly to our telecommunications carrier (Telnyx) for review and are not stored on TekQor's own servers. We retain only a reference identifier and approval status. The lawful basis for this processing is legal obligation (Ofcom/PSTN number allocation rules).
IVR call recordings and transcripts — where the IVR Voice Booking channel is active, all inbound calls to the business's dedicated number are recorded and transcribed. Recordings are stored in the business owner's account for their review and quality assurance. End customers are played a disclosure message before the call is processed.

3. How we use your data

Purpose	Legal basis
Providing the CRM platform to business subscribers	Contract performance
Managing appointments and bookings	Contract performance / legitimate interests
Sending booking confirmation and reminder emails	Contract performance
Processing subscription payments	Contract performance
Sending platform notifications and invoices	Contract performance
Fraud prevention and security monitoring	Legitimate interests
Improving the platform (error tracking)	Legitimate interests
Complying with legal obligations	Legal obligation
Provisioning UK telephone numbers (collecting and transmitting Ofcom compliance documents to our carrier)	Legal obligation
Recording and transcribing IVR calls for booking and quality assurance purposes	Legitimate interests (business subscriber) / Contract performance

4. Third parties we share data with

Supabase

Database and authentication provider · EU (Ireland)

Fly.io

Application hosting · UK (London, lhr region)

Stripe

Payment processing · UK / EU

Resend

Transactional email delivery · US (data processed under SCCs)

Sentry

Error monitoring · US (data processed under SCCs)

Telnyx

Telecommunications carrier — IVR and WhatsApp number provisioning, call routing, Ofcom compliance document review · US/EU (data processed under SCCs)

Amazon Web Services (AWS)

AI voice processing for IVR calls (speech recognition and booking automation) · EU (eu-west-2, London)

Meta (Facebook)

WhatsApp Business API — message routing for WhatsApp Booking channel (where enabled) · US/EU (data processed under SCCs)

We do not sell your personal data to any third party.

5. Data retention

Active account data — retained for the duration of the subscription
Booking and appointment records — retained for 7 years (UK tax and legal requirements)
Payment records — retained for 7 years (HMRC requirements)
Error logs — 90 days (Sentry default)
Email delivery logs — 30 days (Resend default)
Phone number compliance documents — held by Telnyx for the duration of the number assignment; we retain the reference ID for the same period
IVR call recordings — retained for 12 months from the date of the call, then automatically deleted. Business owners may delete individual recordings earlier from their dashboard.
Data after account closure — deleted within 30 days of account termination, except where legal retention obligations apply

6. Your rights

Under UK GDPR you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — ask us to correct inaccurate or incomplete data
Erasure — request deletion of your personal data (the “right to be forgotten”)
Restriction — ask us to restrict processing in certain circumstances
Portability — receive your data in a machine-readable format
Objection — object to processing based on legitimate interests
Withdraw consent — where processing is based on consent

To exercise any of these rights, email info@tekqor.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) ↗.

7. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising, analytics, or tracking cookies. No cookie consent banner is required.

8. Security

We implement appropriate technical and organisational measures including encryption in transit (TLS), row-level security on all database tables, hashed passwords, and regular security scanning. No system is completely secure — if you believe your data has been compromised, contact us immediately at info@tekqor.com.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users. Continued use of the platform after changes constitutes acceptance.

10. Contact

For any privacy-related questions or requests:
Email: info@tekqor.com
[TODO: Postal address]