Privacy Policy

Privacy Policy

Last updated: July 2026 · UK GDPR compliant

This Privacy Policy explains how NE1 Electrical Ltd collects, uses, and protects your personal data when you use iZapp.app. We are the data controller and are committed to handling your data in accordance with the UK GDPR and the Data Protection Act 2018.

1. What data we collect

Account data: name (optional), email address, password (bcrypt hash — never stored in plain text), account type, creation date.

Activity data: quiz scores, flashcard history, assignment submissions, progress, last login, IP address.

Content you upload: this includes both learning content (assignment evidence, photos, documents) and business content if you use iZapp's business tools — including quotes, invoices, certificates, RAMS documents, and customer records you create. See section 4A for how we handle personal data about your own customers.

Billing data: payments and token purchases are processed by Stripe. We store only your Stripe customer ID and token/credit balance — card details are held by Stripe under their own privacy policy.

Communications data: if you use WhatsApp booking features, messages and your phone number are processed via the WhatsApp Business Platform (Meta) to deliver that feature. See section 4.

Technical data: browser type, device type, push notification subscription details (if enabled), and usage patterns used to improve the Service.

2. How we use your data

Create and manage your account
Deliver course content, quizzes, flashcards, and learning tools
Allow lecturers to assign and mark work for subscribed students
Provide business tools (quotes, invoices, certificates, job management) to electricians and businesses
Send notifications about assignments, feedback, bookings, and account activity
Process subscription and token payments
Improve and maintain the Service
Comply with legal obligations

3. Legal basis for processing

Contract — delivering the Service you signed up for. Legitimate interests — improving the Service and preventing fraud. Legal obligation — where required by law. Consent — for optional communications and WhatsApp booking messages.

4. Who we share your data with

We do not sell your data. We share it only where necessary:

Your lecturer — if you subscribe via their invite code, they can see your name, email, submissions, and progress
Stripe (payments) — processes subscriptions and token purchases
OpenAI (AI features) — prompts are sent to OpenAI when you use AI-assisted tools within the app (e.g. the Regulations Assistant, scan tools)
Meta / WhatsApp Business Platform — if you use WhatsApp booking or reminder features, your phone number and messages are processed by Meta to deliver that feature
IONOS — our email service provider, used to send account and notification emails
Our hosting provider — data is stored on servers in the UK/EU
Legal requirements — where required by law or court order

Where we use providers based outside the UK/EU (such as Stripe and OpenAI, both US companies), we rely on their standard contractual clauses or equivalent UK-approved safeguards for the transfer.

4A. If you use iZapp's business tools

If you are an electrician or business user and you enter personal data about your own customers into iZapp (for example, in quotes, invoices, or certificates), you are the data controller of that data, and NE1 Electrical Ltd acts as a data processor on your behalf, in accordance with UK GDPR. We only process that data on your instructions, to provide the Service, and as required by law. If you need a Data Processing Agreement for your own compliance purposes, contact info@ne1electrical.co.uk.

5. Data retention

We retain your data for as long as your account is active. To request account closure and deletion of your personal data, email info@ne1electrical.co.uk. We will action your request within 30 days, except where we are required or entitled to retain data for longer — for example, certificate and test records may be retained for 6 years in line with industry record-keeping guidance, and financial records for up to 7 years to meet HMRC requirements.

6. Your rights

Under UK GDPR you have the right to access, correct, delete, restrict, and port your data, and to object to processing. Email info@ne1electrical.co.uk to exercise any right — we will respond within 30 days. You may also complain to the ICO at ico.org.uk.

7. Cookies

We use essential cookies only: a session cookie to keep you logged in, and a security cookie to protect against cross-site request forgery (CSRF) attacks. We do not use advertising or analytics cookies, and no cookie consent banner is required because we only use strictly necessary cookies.

8. Children's data

The Service is available to users aged 16 and over. We do not knowingly collect data from anyone under 16. Users aged 16–17 must have parental or guardian permission to use the Service. Contact info@ne1electrical.co.uk to report an underage account.

9. Security

Passwords are bcrypt-hashed. Sessions use HTTP-only cookies. All data is transmitted over HTTPS. If you discover a vulnerability, please report it to info@ne1electrical.co.uk.

10. Contact

NE1 Electrical Ltd · company number 12082633 · 20 Hartside, Newcastle Upon Tyne, NE15 8BY · info@ne1electrical.co.uk