Legal

Privacy Policy

Effective: 1 April 2025 Last updated: April 2025 Jurisdiction: England & Wales

01 Who We Are

Engineer M8 is a trading name of EngineersM8 Ltd, a company registered in England and Wales (Company No. 16219285), with its registered office in Cardiff, Wales.

Registered Entity EngineersM8 Ltd (trading as Engineer M8)
Cardiff, Wales, United Kingdom

We build AI-powered monitoring, compliance, and field service management platforms for the UK fire and security industry. Our products include Surveillance Guardian, FireLog365, Pump Guardian, Tracking Guardian, ANPR Guardian, and the Cortex AI knowledge engine.

EngineersM8 Ltd is the data controller for personal data processed through our websites, products, and services. We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

02 Data We Collect

We may collect and process the following categories of personal data:

Account & Identity

  • Full name and job title
  • Business email address and phone number
  • Company name and registered address
  • Username, encrypted password, and authentication tokens

Service Usage Data

  • Log data, device identifiers, and IP addresses
  • Feature usage events and session activity within the EM8 Portal and mobile apps
  • Support tickets, messages, and communications submitted via our platforms
  • Engineer location data (GPS) where Tracking Guardian is enabled and consented to

Payment & Billing

  • Billing address and VAT number
  • Payment card details — processed and tokenised exclusively by Stripe; we do not store raw card data
  • Invoice history and transaction records

Technical & CCTV-Related Data

  • Video footage submitted for AI analysis (Surveillance Guardian)
  • Vehicle registration plate data (ANPR Guardian)
  • Fire log records, inspection reports, and compliance certificates (FireLog365)
  • Pump test readings and maintenance history (Pump Guardian)

03 How We Use Your Data

We use the personal data we collect for the following purposes:

  • Providing, operating, and maintaining our software platforms and mobile applications
  • Creating and managing user accounts and portal access
  • Processing payments, generating invoices, and managing subscriptions
  • Delivering push notifications, alerts, and system-critical communications
  • Providing technical support and responding to helpdesk queries
  • Running AI-powered analysis pipelines (CCTV redaction, ANPR, fire compliance checks)
  • Improving product features through aggregated, anonymised usage analytics
  • Meeting legal and regulatory obligations including fire safety record-keeping
  • Communicating product updates, release notes, and service announcements
  • Detecting and preventing fraud, abuse, or unauthorised system access
Marketing We will only send you marketing communications where you have explicitly opted in or where we have a legitimate interest under UK GDPR. You may opt out at any time via your account settings or by emailing us directly.

04 Legal Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract performance — processing necessary to deliver services you have subscribed to
  • Legitimate interests — security monitoring, fraud prevention, product analytics, and business communications, where these do not override your rights
  • Legal obligation — compliance with applicable law, including fire safety regulations and financial record-keeping
  • Consent — where we rely on your consent (e.g. marketing emails, engineer location tracking), you may withdraw it at any time without affecting prior processing

05 Sharing Your Data

We do not sell your personal data. We may share data with trusted third parties only where necessary:

  • Stripe Inc. — payment processing (PCI-DSS compliant)
  • Anthropic PBC — AI inference powering the Cortex AI engine and Surveillance Guardian analysis
  • Firebase / Google LLC — push notification delivery for iOS and Android apps
  • Apple Inc. — App Store subscription management (FireLog365, EM8 HQ)
  • Hosting & infrastructure providers — UK/EU-based server infrastructure under appropriate data processing agreements
  • Authorised resellers and distributors — solely where required to provision or support services purchased through them
  • Regulatory or law enforcement authorities — only where required by law or a valid legal order

All third-party processors are bound by data processing agreements and are required to maintain adequate security standards.

06 Data Retention

We retain personal data only as long as necessary for the purposes set out in this policy, or as required by law:

  • Account data is retained for the duration of your active subscription plus 6 years (in line with UK contract law limitation periods)
  • Financial and invoice records are retained for 7 years in compliance with HMRC requirements
  • Support ticket correspondence is retained for 3 years
  • CCTV footage submitted for analysis is deleted from our processing environment within 30 days of analysis completion unless longer retention is explicitly agreed
  • Engineer GPS location history is retained for 12 months and may be adjusted in your account settings
  • Log and audit data is retained for 12 months

On account closure or subscription cancellation, we will delete or anonymise your personal data within 90 days, subject to any legal retention obligations.

07 Your Rights

Under UK GDPR, you have the following rights regarding your personal data. Exercise any of these by contacting privacy@em8portal.com.

🔍
Right of Access
Request a copy of the personal data we hold about you.
✏️
Right to Rectification
Ask us to correct inaccurate or incomplete personal data.
🗑️
Right to Erasure
Request deletion of your data where no lawful basis remains.
⏸️
Right to Restriction
Ask us to pause processing of your data in certain circumstances.
📦
Data Portability
Receive your data in a structured, machine-readable format.
🚫
Right to Object
Object to processing based on legitimate interests or direct marketing.
Complaints If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

08 Cookies

Our website and web portal use cookies and similar technologies. We use:

  • Essential cookies — required for authentication, session management, and core portal functionality. These cannot be disabled.
  • Analytics cookies — aggregated, anonymised usage data to help us improve our products. You may opt out via your browser settings.
  • Preference cookies — to remember your display and notification settings across sessions.

We do not use advertising or third-party tracking cookies. A cookie notice is displayed on first visit to our website and you can manage cookies through your browser settings at any time.

09 Security

We implement appropriate technical and organisational measures to protect your data, including:

  • TLS encryption for all data in transit
  • Encrypted storage of credentials and sensitive fields
  • Role-based access controls and per-user permission scopes
  • JWT-based authentication with short expiry windows
  • Isolated database architecture separating production from development environments
  • Regular security reviews and dependency audits
  • Biometric and two-factor authentication options on mobile applications

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

10 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Display a notice in the EM8 Portal and/or send an email to registered account holders
  • Provide at least 14 days' notice before significant changes take effect

Continued use of our services following notice of changes constitutes acceptance of the updated policy.

11 Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us using the details below.

Company
EngineersM8 Ltd (trading as Engineer M8)
Email
privacy@engineerm8.com
Post
Data Protection, EngineersM8 Ltd, Cardiff, Wales, United Kingdom
Website
www.engineerm8.co.uk
Response Time We will respond to all data subject requests within 30 days of receipt. For complex requests this may be extended by a further two months, in which case we will notify you within the initial 30-day period.