Privacy Policy

Childcare Workforce Systems is operated by Trueblood Labs LTD, Cambridge, UK. You can contact us at admin@cwsplatform.co.uk.

For public website enquiries and our own business administration, we are the controller of the personal data we collect. For staff and operational data a customer puts into the production platform, the customer is normally the controller and we normally act as their processor unless agreed otherwise.

This policy covers the public website, sales enquiries, demo requests, business communications, and our production platform where we provide childcare workforce software to customer organisations.

Customer contracts or data processing agreements may contain extra rules for platform data. If they conflict with this policy for customer-controlled data, the written agreement will usually take priority.

Website and enquiry data: name, email address, organisation, role, phone number if provided, message content, and related correspondence.

Platform account data: name, email address, role, account status, login/session information, customer organisation, and assigned club or workplace information.

Operational platform data: induction progress, tutorial completion, task submissions, reviewer notes, availability records, club information, uploads, and support requests entered by authorised users.

Technical data: IP address, device/browser information, security logs, timestamps, diagnostics, and information needed to keep the service working securely.

The platform is designed for workforce and operational management, not for collecting information directly from children.

Customers should not upload child personal data, special category data, safeguarding records, medical information, or criminal-offence information unless it is necessary for their lawful use of the platform and appropriate safeguards are in place.

We use personal data to respond to enquiries, provide demos, operate the website, create and manage platform accounts, deliver the service, provide support, maintain security, improve reliability, keep business records, and comply with legal obligations.

For customer platform data, we process information according to the customer's instructions, the relevant contract, and the needs of running, securing, backing up, supporting, and maintaining the service.

We rely on different lawful bases depending on the context, including contract, legitimate interests, legal obligation, and consent where required.

Our legitimate interests include responding to business enquiries, operating and improving the service, preventing misuse, keeping systems secure, and managing customer relationships. We use consent where the law requires it, such as for non-essential cookies or certain marketing communications.

The public website may use strictly necessary technologies required to serve pages and keep the site secure. The production platform uses necessary cookies or similar technologies for login, sessions, security, and user preferences.

We do not use advertising cookies on the public website at this time. If we add optional analytics, advertising, or similar non-essential technologies, we will update this policy and use consent where required.

We do not sell personal data. We may share information with trusted service providers who help us host, store, secure, email, deploy, monitor, analyse, or support the website and platform.

We may also share information if required by law, to protect rights or security, to deal with professional advisers, or as part of a business transfer or restructuring.

Some service providers may process information outside the UK. Where that happens, we use appropriate safeguards such as adequacy regulations, approved contractual terms, or equivalent protections where required.

We keep personal data only for as long as needed for the purpose collected, including service delivery, security, support, accounting, legal, audit, and dispute purposes.

Customer platform data retention, export, and deletion may be set by the customer agreement. Enquiry and business correspondence is usually kept while we manage the relationship and for a reasonable period afterwards.

We use technical and organisational measures intended to protect personal data, including access controls, secure hosting practices, backups, and monitoring where appropriate.

No online service can be guaranteed completely secure. Customers and users should use strong account security practices and tell us promptly about suspected misuse.

Depending on the context, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You can contact us at admin@cwsplatform.co.uk.

If your request relates to data controlled by a customer organisation, we may need to refer the request to that organisation or act on their instructions.

If you have concerns, please contact us first at admin@cwsplatform.co.uk so we can try to help.

You also have the right to complain to the Information Commissioner's Office, the UK supervisory authority for data protection.

We may update this policy as the website, platform, providers, or legal requirements change. The latest version will be published on this page.