Last Updated: 11 June 2026
This Data Processing Agreement (“DPA”) forms part of the agreement between Niftie Ltd (“Niftie”, “Processor”, “we”, “us”) and the customer using the Niftie platform (“Customer”, “Controller”, “you”).
This DPA sets out the terms under which Niftie processes personal data on behalf of its customers in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable data protection laws.
The Customer acts as the Data Controller and determines the purposes and means of processing personal data. Niftie acts as the Data Processor and processes personal data solely on behalf of and under the instructions of the Customer.
Niftie provides software for scheduling, customer management, staff management, communications, invoicing and business operations. Personal data may be processed only for the purpose of providing and maintaining the Niftie platform and related services.
The Customer may upload and store the following categories of personal data:
Client Information
* Names
* Addresses
* Email addresses
* Telephone numbers
* Appointment details
* Service history
* Access instructions
* Alarm information
* Property notes
Employee Information
* Names
* Contact details
* Scheduling information
* Employment-related information entered by the Customer
System Information
* Login records
* Device information
* Push notification identifiers
* Communications sent through the platform
Niftie shall:
* Process personal data only on documented instructions from the Customer.
* Ensure all authorised personnel are subject to confidentiality obligations.
* Implement appropriate technical and organisational security measures.
* Assist the Customer with GDPR compliance requests where reasonably possible.
* Notify the Customer without undue delay if a personal data breach occurs.
* Maintain appropriate safeguards to protect personal data against unauthorised access, loss, disclosure or alteration.
* Make available information reasonably required to demonstrate compliance with this DPA.
Niftie maintains security measures including:
* Secure user authentication
* Role-based permissions
* HTTPS encrypted data transmission
* Secure cloud hosting
* Access restrictions for authorised users only
* Backup and recovery procedures
* Immediate removal of access for deactivated users
Cleaning staff can only access information relevant to jobs assigned to them and access may be removed at any time by the Customer.
The Customer authorises Niftie to use third-party service providers where necessary to provide the Service.
These may include:
* Cloud hosting providers
* Email delivery providers
* Push notification providers
* Analytics providers
* Payment processors
* Accounting integrations
Niftie shall ensure any sub-processor is subject to appropriate contractual data protection obligations.
Where Niftie receives a request directly from a data subject concerning Customer Data, Niftie shall notify the Customer without undue delay unless prohibited by law.
The Customer remains responsible for responding to such requests.
Niftie shall notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Data and shall provide reasonable assistance in investigating and managing the breach.
Where personal data is transferred outside the United Kingdom, Niftie shall ensure appropriate safeguards are in place in accordance with applicable data protection laws.
Upon termination of the Service, Customer Data may be retained for up to 12 months for account restoration, backup and legal compliance purposes.
Following this period, data will be deleted or anonymised unless retention is required by law.
The Customer may request deletion of Customer Data at any time, subject to legal obligations.
The Customer may request reasonable information regarding Niftie’s compliance with this DPA.
Any audit request must be reasonable, proportionate and not compromise the security or confidentiality of other customers.
Each party remains responsible for its own compliance with applicable data protection laws.
Nothing within this DPA excludes liability where such exclusion is prohibited by law.
This DPA shall be governed by the laws of England and Wales.
Niftie Ltd
Email: [email protected]
Website: https://niftie.app