How Niftie collects, uses, and protects your data
Last updated: 11 June 2026
These policies apply to all users of the Niftie platform, website, mobile applications, and pre-launch programme. If you have applied for the Niftie pre-launch programme, please pay particular attention to the pre-launch data sharing provisions set out in the Terms & Conditions and Privacy Policy. For questions, contact us at: [email protected] | Union Park, Bircholt Rd, Maidstone ME15 9XT, United Kingdom
Niftie Ltd (“Niftie”, “we”, “our”, or “us”) is committed to protecting personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use, store, protect, and process personal information when you use the Niftie platform, website, applications, and related services.
Niftie Ltd operates the Niftie platform.
For information relating to account registration, subscriptions, billing, support enquiries, and website usage, Niftie acts as the Data Controller.
For customer records, employee records, job schedules, property information, access instructions, alarm codes, notes, invoices, communications, and other operational data entered into the platform by our customers, Niftie acts as a Data Processor on behalf of our customers.
The business using Niftie remains the Data Controller for all information it enters into the platform and is responsible for determining how and why that information is processed.
Information We Collect Directly
We may collect:
* Name
* Company name
* Telephone number
* Email address
* Billing informationv
* Account login information
* Support requests and communications
Information Processed on Behalf of Customers
Customers may use Niftie to store and manage information including:
* Customer names
* Customer addresses
* Telephone numbers
* Email addresses
* Property information
* Service schedules
* Access instructions
* Alarm codes
* Gate codes
* Property notes
* Staff records
* Job notes
* Invoices
* Payment records
* Internal communications
This information is processed solely on the instructions of the customer.
Where Niftie acts as Data Controller, we use information to:
* Provide and maintain the Service
* Manage user accounts
* Process subscriptions and payments
* Provide customer support
* Improve the platform
* Monitor platform performance
* Protect platform security
* Comply with legal obligations
* Communicate important service updates
We do not sell personal information to third parties.
Where Niftie acts as Data Controller, processing is carried out under one or more of the following legal bases:
* Performance of a contract
* Compliance with legal obligations
* Legitimate interests
* Consent where required
Where Niftie acts as Data Processor, processing is carried out solely on the documented instructions of the relevant customer.
We may share information with carefully selected third-party providers who help us operate and support the Service, including:
* Cloud hosting providers
* Database providers
* Payment processors
* Email delivery providers
* Analytics providers
* Customer support providers
* Accounting and invoicing integrations
* Technical infrastructure providers
All such providers are subject to contractual obligations designed to protect personal data.
Where personal data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place to maintain the security and protection of personal information.
We implement appropriate technical and organisational measures designed to protect personal data, including:
* Secure cloud infrastructure
* Encryption of data in transit
* Password-protected user accounts
* Role-based permissions
* Restricted administrative access
* System monitoring
* Backup and recovery procedures
* Regular software maintenance and updates
Access to customer data is restricted to authorised personnel only where necessary for support, maintenance, legal obligations, or security purposes.
Customers are responsible for managing user access within their organisation.
Niftie provides role-based permissions intended to ensure that users only have access to information necessary for their role.
Customers remain responsible for:
* Managing employee access
* Removing access for former employees
* Ensuring information entered into the platform is lawful and accurate
* Meeting their own obligations under data protection legislation
Information is retained only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.
Customer operational data is generally retained while an account remains active.
Following account termination, customer data will normally be deleted within 90 days unless:
* Retention is required by law;
* Retention is necessary to resolve disputes;
* Retention is required for legitimate business purposes;
* The customer requests earlier deletion where technically possible.
Where Niftie acts as Data Controller, individuals may have the right to:
* Access their personal data
* Correct inaccurate information
* Request deletion of information
* Restrict processing
* Object to processing
* Request data portability
* Withdraw consent where consent is relied upon
Where Niftie acts as Data Processor, requests relating to customer-entered information should normally be directed to the relevant customer organisation acting as Data Controller.
The Niftie website and platform may use cookies, analytics tools, and similar technologies to improve functionality, monitor performance, and enhance user experience.
Users may manage cookie preferences through their browser settings.
If you have concerns regarding the handling of personal information, we encourage you to contact us first so that we can attempt to resolve the matter.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection matters.
We may update this Privacy Policy from time to time.
Any updates will be published through the website or platform. Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.