BC
BurnerCRM
Sign inGet started

Privacy Policy

Last Updated: 24 February 2026

1. Introduction

This Privacy Policy explains how A Allen Ventures Ltd (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use Burner CRM (the “Service”), accessible at https://www.burnercrm.co.uk.

A Allen Ventures Ltd is registered in England and Wales. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller and Data Processor Roles

2.1 When We Act as Data Controller

We act as a Data Controller for:

  • Account holder information (installer businesses who subscribe to our Service)
  • Team member accounts and login credentials
  • Billing and payment information
  • Usage data and analytics relating to how you use the Service

2.2 When We Act as Data Processor

We act as a Data Processor when you (the installer business) use our Service to store and manage information about your own customers, including:

  • Customer contact details
  • Job enquiries and communications
  • Scheduled visits and installation appointments
  • Estimates, invoices, and payment records
  • Completion photographs
  • Any other customer data you choose to upload

When acting as a Data Processor, you remain the Data Controller of your customers' data, and we process it solely on your instructions in accordance with our Terms of Service and Data Processing Addendum.

3. Information We Collect

3.1 Information You Provide Directly

Account Information:

  • Full name
  • Email address
  • Company name
  • Phone number
  • Billing address
  • Payment card details (processed securely through our payment provider)

Service Usage Data:

  • Customer enquiries you log
  • Job details and schedules
  • Estimates and invoices you create
  • Documents and photographs you upload
  • Team member information you add
  • Communications sent through the Service

3.2 Information We Collect Automatically

Technical Data:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Time zone settings
  • Login timestamps
  • Pages visited and features used

Cookies and Similar Technologies:

  • Session cookies for authentication
  • Analytics cookies to understand Service usage
  • Preference cookies to remember your settings

For detailed information about our use of cookies, please refer to our Cookie Policy.

4. How We Use Your Information

4.1 As Data Controller

We use your personal data for the following purposes:

Service Provision:

  • Creating and managing your account
  • Providing access to Burner CRM features
  • Processing your subscription payments
  • Delivering customer support

Communication:

  • Sending service announcements and updates
  • Responding to your enquiries
  • Sending billing notifications
  • Providing technical support

Service Improvement:

  • Analysing usage patterns to improve features
  • Identifying and fixing technical issues
  • Developing new functionality
  • Conducting product research

Legal Compliance:

  • Meeting legal and regulatory obligations
  • Enforcing our Terms of Service
  • Protecting against fraud and abuse
  • Resolving disputes

4.2 As Data Processor

When processing your customers' data, we:

  • Store the data securely on our servers
  • Enable you to access, modify, and delete the data
  • Process the data only as necessary to provide the Service features
  • Follow your instructions as the Data Controller

5. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contract Performance: Processing necessary to provide the Service under our Terms of Service (Article 6(1)(b))
  • Legitimate Interests: Processing for service improvement, fraud prevention, and system security, where these interests are not overridden by your data protection rights (Article 6(1)(f))
  • Legal Obligation: Processing required to comply with legal and regulatory requirements (Article 6(1)(c))
  • Consent: Where you have provided explicit consent for specific processing activities, such as marketing communications (Article 6(1)(a))

6. Data Retention

6.1 Account Data

We retain your account information for as long as your subscription remains active. Upon account cancellation:

  • Account data is retained for 30 days to allow for reactivation
  • After 30 days, all account data is permanently deleted unless legal obligations require longer retention
  • Billing records are retained for 6 years to comply with UK tax and accounting requirements

6.2 Customer Data (Your Customers' Information)

As Data Processor, we retain customer data you upload according to your instructions. Upon subscription cancellation:

  • You have 30 days to export all customer data
  • After 30 days, all customer data is permanently and irreversibly deleted from our systems
  • No backups of customer data are retained after this period

6.3 Technical Logs

Server logs and technical data are retained for up to 90 days for security and troubleshooting purposes.

7. Data Security

We implement appropriate technical and organisational measures to protect your data:

Technical Measures:

  • 256-bit SSL/TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Automated backup systems with encryption
  • Multi-factor authentication options for accounts
  • Role-based access controls

Organisational Measures:

  • Staff training on data protection principles
  • Confidentiality agreements with all personnel
  • Restricted access to personal data on a need-to-know basis
  • Incident response procedures
  • Regular security policy reviews

Infrastructure:

  • Data hosted on secure, ISO 27001 certified servers
  • Redundant systems and failover capabilities
  • Regular software updates and security patches
  • Continuous monitoring for security threats

8. Data Sharing and Third Parties

8.1 Service Providers

We share data with carefully selected third-party service providers who assist in delivering the Service:

  • Payment Processing: We use third-party payment processors to handle subscription payments. Payment card details are transmitted directly to the payment processor and are not stored on our servers.
  • Cloud Hosting: Data is hosted on secure cloud infrastructure providers located within the United Kingdom and European Economic Area.
  • Email Services: We use email service providers to send transactional emails and service notifications.
  • Analytics: We use analytics tools to understand Service usage and improve performance.

All third-party processors are bound by data processing agreements and are required to implement appropriate security measures.

8.2 Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations, court orders, or regulatory requirements
  • Protect our rights, property, or safety, or that of our users
  • Investigate fraud, security issues, or policy violations
  • Respond to lawful requests from public authorities

8.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change and ensure the acquiring party continues to honour this Privacy Policy.

8.4 No Data Sales

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

9. International Data Transfers

Our primary data storage is located within the United Kingdom. Where data is transferred outside the UK to service providers in other jurisdictions, we ensure:

  • Transfers are made to countries with adequate data protection regulations as recognised by the UK government
  • Appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Service providers comply with UK GDPR requirements

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data and information about how we process it.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: Request that we limit how we use your personal data in certain situations.
  • Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • Right to Lodge a Complaint: Lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have breached data protection laws.

Exercising Your Rights

To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within one month, or inform you if we require an extension.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

12. Marketing Communications

We may send you marketing communications about our products and services if:

  • You have provided consent, or
  • You are an existing customer and the communications relate to similar products or services

You can opt out of marketing communications at any time by:

  • Clicking the “unsubscribe” link in any marketing email
  • Adjusting your account notification preferences
  • Contacting us directly

Note that you cannot opt out of essential service communications, such as security alerts or billing notifications.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in legal or regulatory requirements
  • Updates to our data processing practices
  • New Service features or functionality
  • Feedback from users or regulators

When we make material changes:

  • We will update the “Last Updated” date at the top of this policy
  • We will notify active account holders by email
  • For significant changes, we may require you to review and accept the updated policy

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

A Allen Ventures Ltd

Email: [email protected]

Website: https://www.aallenventures.co.uk

For data protection matters specifically related to Burner CRM, you may also contact: [email protected]

Data Protection Authority

You have the right to lodge a complaint with the UK Information Commissioner's Office:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 0303 123 1113

Website: https://ico.org.uk

15. Data Processing Addendum

If you are a business customer using Burner CRM to process your own customers' personal data, our Data Processing Addendum forms part of your agreement with us. The DPA sets out our respective obligations as Data Controller and Data Processor under UK GDPR. Please request a copy of our DPA if you require one for your compliance records.

Effective Date: This Privacy Policy is effective as of 24 February 2026.