Mobile App Privacy Policy

Last updated: 07/01/2026

Grtfl Limited (“Grateful”, “we”, “us”, or “our”) provides the Grateful mobile application as par of the related Grateful tronc service (the “Service”).

This Privacy Policy explains how we collect, use, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Grateful acts as the data controller for personal data processed in connection with the Grateful mobile app and web platform.

1. Personal data we collect
The Grateful mobile app is provided exclusively to users of Grateful’s wider tronc and payroll services.  The app itself does not introduce new categories of personal data but provides a mobile interface for accessing and managing services that are governed by Grateful’s primary service agreements and privacy documentation.

We collect and process only the data necessary to operate the mobile app and provide access to the Service, as described below.

1.1 Account information
When you use Grateful, we may process your email address and account identifiers linked to your organisation or business.

1.2 App usage and activity
When you use the mobile app, we may process app interactions (such as notification preferences and settings selections), notifications received and viewed within the app inbox.  This information is used solely to provide app functionality and improve the user experience.

1.3 Device information
When push notifications are enabled, we collect push notification tokens generated by your device.  These tokens are used only to deliver notifications relevant to your account.  You may withdraw consent at any time via device settings.

Personal data is processed on the lawful bases of performance of a contract, legitimate interests in operating the Service, and consent where required (for example, for push notifications).

2.        Cookies and similar technologies
The Grateful mobile app contains an embedded web view that uses cookies and similar technologies.

Cookies are used to maintain authenticated sessions, enable secure access to your account, and ensure the Service functions correctly.  These cookies are strictly necessary for the operation of the Service and do not require separate consent under UK GDPR.

You can manage or remove cookies by logging out of the Service or using your device or browser settings. Disabling cookies may prevent the Service from functioning correctly.

3.        How we use personal data
We use personal data to:

– Provide and operate the Service
– Authenticate users and manage accounts
– Deliver push notifications (where enabled)
– Respond to support requests
– Meet legal and regulatory obligations

We do not use personal data for advertising or profiling.

4.        Data sharing
We do not sell or share personal data with third parties for marketing purposes.  We may use trusted service providers (for example, infrastructure or notification delivery providers) to operate the Service. These providers process data only on our instructions and under appropriate confidentiality and security obligations.

5.        International data transfers
Some service providers may process data outside the UK. Where this occurs, appropriate safeguards are used, such as UK International Data Transfer Agreements and Standard Contractual Clauses.

6.        Data retention
We retain personal data only for as long as necessary to provide the Service and comply with legal, regulatory, accounting, or security requirements.  Data that is no longer required is deleted or anonymised.

7.        Account deletion
You may request deletion of your Grateful account at any time.  Instructions for account deletion are available at: https://grateful.net/account-deletion

When your account is deleted:
– Your user profile and login credentials are removed
– Push notification tokens are deleted
– Personal data is deleted or anonymised, subject to legal retention obligations

Account deletion requests are processed via our support team to ensure account security and identity verification.

8.        Your rights under UK GDPR
You have the right to:

–  Access your personal data
– Request correction of inaccurate data
– Request deletion of your data
– Restrict or object to processing
– Withdraw consent (where applicable)

Requests can be made by contacting us using the details below.  You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

9.        Data security
We implement appropriate technical and organisational measures to protect personal data, including encryption of data in transit, access controls and least-privilege permissions, and secure infrastructure and monitoring practices.

10.  Children’s data
The Service is not intended for children under 16. We do not knowingly collect personal data from children.

11.  Changes to this policy
We may update this Privacy Policy from time to time. Updates will be published on this page with a revised “Last updated” date.

12.  Contact us
If you have questions or concerns about this Privacy Policy or how we handle personal data, please contact:

Email: support@grateful.net
Website: https://grateful.net