Privacy Policy
Last updated: April 2026
This policy explains how MoveMyWork ("we") collects, uses, and protects personal data about you. It is written with the UK GDPR and the Data Protection Act 2018 in mind.
1. Data controller
[COMPANY NAME], [ADDRESS]. Contact: support@movemywork.com.
2. What data we collect
When you create an account we collect:
- Email address — used to identify your account and send transactional messages (verification, sign-in codes, password resets).
- Password — stored only as a one-way bcrypt hash. We never see or store your plain-text password.
- IP address and browser type — recorded for security (detecting abuse, rate-limiting, new-device alerts).
- Clipboard content and uploaded files — stored so you can access them across devices. We do not scan, read, or sell this content.
3. Legal bases for processing
- Contract — processing necessary to provide the Service you signed up for.
- Legitimate interests — security monitoring, abuse prevention, service improvement (balanced against your rights; opt-out options listed below where applicable).
- Consent — for any optional features such as product emails (if introduced later).
- Legal obligation — retention of records required by law.
4. How long we keep it
Account data is retained while your account exists. When you delete your account we remove your clips, files, and profile within 7 days. Email delivery logs are kept for 30 days for debugging and abuse prevention. Backups may persist for up to 30 days before being overwritten.
5. Who we share it with
We share data only with processors strictly necessary to run the Service:
- Mailjet — transactional email delivery (EU-hosted). Subject to Mailjet's own GDPR terms.
- Our hosting provider — [HOSTING COMPANY], which houses the servers running the Service.
- Cloudflare — optional CAPTCHA and DDoS protection (if enabled).
We do not sell your data. We only disclose data to authorities where legally compelled.
6. International transfers
Our processors may store data in the EU or EEA. Where data leaves the UK/EEA, we rely on Standard Contractual Clauses or equivalent safeguards.
7. Your rights
Under UK GDPR you have the right to:
- access a copy of your data;
- request correction of inaccurate data;
- request erasure ("right to be forgotten") — available self-service from the Settings page;
- object to or restrict certain processing;
- data portability;
- withdraw consent at any time where consent is the legal basis;
- lodge a complaint with the Information Commissioner's Office (ico.org.uk) if you're dissatisfied with how we handle your data.
8. Cookies
We use a small number of strictly-necessary cookies: a session cookie (to keep you signed in) and a "trusted device" cookie (to let you skip the sign-in code on browsers you've marked as trusted). We don't use advertising or tracking cookies.
9. Security
Passwords are hashed with bcrypt. Uploaded files live outside the public web root and are served only through authenticated endpoints. We use HTTPS throughout and rate-limit sensitive endpoints to prevent abuse. No system is perfectly secure; please notify us of suspected vulnerabilities at support@movemywork.com.
10. Changes to this policy
We'll post changes here and notify you by email of any material changes at least 14 days before they take effect.