Privacy policy

Integrate Path (“we”, “our”, or “us”) provides modular ERP solutions tailored to industries including accounting, construction, cleaning services, education, healthcare, law, logistics, property, and retail. This Privacy Policy explains how we collect, use, disclose, and protect personal and business data across all modules and services.

  1. Scope

This policy applies to:

  • Our website, platform, and trial environments
  • All modules and add-ons are activated by clients
  • Hosted and self-managed deployments
  • API integrations and third-party services
  1. Data Subjects Covered

We process data from:

  • Platform users (admins, staff, contractors)
  • End clients (e.g., care recipients, students, tenants, customers)
  • Website visitors and trial users
  • API consumers and integrators
  1. Information We Collect
  2. Account & Identity Data
  • Name, email, phone, company name, role
  • Authentication credentials
  • Sector and module preferences
  1. Usage & Device Data
  • IP address, browser type, OS, geolocation
  • Session logs, error reports, and interaction history
  • Device identifiers and cookie/session tokens
  1. Client & Operational Data
  • Uploaded or entered records (e.g., invoices, care logs, job sheets, legal files, student records, delivery logs)
  • Metadata, audit trails, and timestamps
  • Communication logs and agreement acceptance records
  1. Transactional & Financial Data
  • Subscription details, billing history
  • Payment processor tokens (via PCI-compliant providers)
  • Module activation and usage metrics
  1. Trial & Demo Data
  • Optional screen recordings (with consent)
  • Interaction heatmaps and onboarding flows
  1. Lawful Basis Matrix

Data Type

Purpose

Lawful Basis

Retention

Invoices

Financial reporting

Legal obligation

6 years (HMRC)

Care logs

Safeguarding, compliance     

Legal obligation

8 years (CQC)

Student records       

Attendance, reporting

Consent / Legal obligation       

Until student leaves + 1 year

Job sheets

Operational tracking

Contract

Until service cancellation + 3 weeks

Trial recordings

UX improvement

Consent

Max 2 months

Location logs

Delivery routing

Legitimate interest

Up to 12 months

  1. How We Use Your Information

We use your data to:

  • Deliver and maintain services across modules
  • Monitor performance and resolve incidents
  • Improve onboarding and user experience
  • Communicate updates, billing, and support
  • Ensure compliance with applicable laws and sector regulations
  1. Data Ownership & Control
  • You retain full ownership of data entered into your tenant environment
  • You control access, export, and deletion via your admin dashboard
  • We act as a processor for client-entered data and a controller for platform-level metadata
  1. Subprocessors & Third Parties

We do not sell your data. We may share it with trusted third-party providers (“subprocessors”) to deliver, secure, and improve our services. These providers are bound by data protection agreements and comply with applicable laws, including UK GDPR, DPA 2018, and sector-specific regulations.

Categories & Examples

Type

Purpose

Examples

Hosting & Infrastructure          

Cloud storage, backups, CDN

Hostinger

Analytics

Usage tracking, diagnostics

Google Analytics,

Marketing & CRM

Email campaigns, onboarding flows          

Mailchimp, Integrate Path

Payments

Subscription billing, invoicing

Stripe, PayPal

Support & Monitoring

Incident logging, uptime tracking

Integrate Path

Consent & Messaging

Cookie banners, in-app notices

Integrate Path

Actual subprocessors may vary depending on your configuration and activated features.

Subprocessor Governance

  • All subprocessors are vetted for security, compliance, and data handling practices
  • We notify clients of changes to sub-processors
  1. Data Retention

Data Type

Retention Period

Account & Contact          

Until account deletion + 12 months

Client Data

Retained during active subscription; deleted after termination + 3-week grace period

Trial Recordings

Max 2 months

Logs & Diagnostics

Up to 12 months

Payment Metadata

As required by tax and financial regulations

After termination, client data is securely deleted or anonymised unless retention is required by law. Audit logs may be retained longer for SLA enforcement and diagnostics.

  1. Security Measures

We implement:

  • Encryption at rest and in transit
  • Role-based access controls
  • Audit trails for agreement acceptance and data access
  • Incident logging and SLA-aligned response workflows
  • Regular vulnerability scans and penetration testing
  1. Incident Reporting & Breach Protocol

In the event of a data breach:

  • Affected users will be notified within 72 hours
  • Scope, impact, and remediation steps will be disclosed
  • Incident logs are maintained in accordance with our SLA and operational transparency commitments
  1. International Transfers

Data may be processed in the UK or other jurisdictions with adequate safeguards, including:

  • EU Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Agreement (IDTA)
  • Regional hosting preferences (where available)
  • Redundant backups across compliant data centres

Clients may request a copy of applicable transfer mechanisms via [Insert Email].

  1. Your Rights

You may:

  • Access, correct, or delete your data
  • Object to certain processing
  • Withdraw consent at any time
  • Export your database
  • Lodge complaints with regulatory authorities

To exercise these rights, contact [Insert Email] or use the tools available in your account settings. We respond within 30 days, extendable under GDPR Article 12(3).

  1. Children’s Data & Sector-Specific Use

Integrate Path is not intended for direct use by children. However, certain modules, such as those used by schools, nurseries, or childcare providers, may involve the processing of children’s personal data. In such cases:

  • Client Responsibility: The organisation using the module is the data controller and must obtain appropriate consent and ensure lawful processing
  • Our Role: We act solely as a data processor under GDPR Article 8 and provide safeguards, including:
    • Role-based access controls
    • Full audit trails
    • Encryption in transit and at rest
    • Data minimisation by design

We support compliance with UK GDPR, COPPA (where applicable), and safeguarding obligations.

  1. Cookies & Tracking

We use cookies to:

  • Maintain session state
  • Analyse usage patterns
  • Personalise content and onboarding

You can manage preferences via browser settings or our cookie banner. For details, see our Cookie Policy.

  1. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. If this changes, we will update this policy and seek your consent where required.

  1. Privacy by Design

Integrate Path is built with privacy by design principles:

  • Modular data boundaries per tenant and module
  • Audit trails for agreement acceptance and data access
  • Optional consent flows for sensitive data capture
  • Sector overlays for healthcare, education, law, and finance
  1. Sector Readiness

Our platform supports clients in accounting, construction, cleaning services, education, healthcare, law, logistics, property, and retail. Depending on the modules activated, additional data types and compliance obligations may apply. We provide tools and safeguards to support lawful processing across all supported sectors.

Example:

A care home client may use our platform to log medication schedules and incident reports. These are encrypted, access-controlled, and retained in line with CQC guidance.

  1. Data Portability

Clients may export their data at any time via the admin dashboard. Export formats include CSV, PDF, and JSON, depending on the module.

  1. Joint Controller Scenarios

In certain cases, we may act as joint controllers with third-party partners (e.g., integrations, white-label deployments). Responsibilities are clearly defined and communicated to affected users.

  1. Data Processing Agreements (DPAs)

Clients may request a signed Data Processing Agreement (DPA) to support their compliance obligations. Contact [email protected] to initiate.

  1. Privacy Impact Assessments (PIAs)

We conduct Privacy Impact Assessments (PIAs) for modules involving sensitive or regulated data. These assessments inform our design and safeguard decisions.

  1. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our privacy and compliance practices. You may contact our DPO at:

Data Protection Officer
 Email:[email protected]
 Phone: 0330 159 0027‬

 

  1. Contact Us

Integrate Path Ltd
Suit RA01, 195-197 Wood Street, London, E17 3NU
 Email: [email protected]

Last updated: 01 Dec, 2025

The all-in-one ERP that simplifies your workflow. Create dynamic proposals, manage invoices, payroll, and sales all in one seamless platform.

United Kingdom

Integrate Path © 2025, All rights reserved.