Privacy Policy β€” Njinius Logbook

Effective Date: : 28 October 2025
Version: 1.0

1. Who We Are

This Privacy Policy explains how Njinius Ltd, registered in England and Wales (Company No. 15598424, registered office at 210 Tonge Moor Road, BL2 2HN), collects, uses and protects your personal data when you use the Njinius Logbook mobile application (the β€œApp”).
Njinius Ltd is the Data Controller for all processing described in this policy.

Contact details

2. What Data We Collect

The Digital Logbook only collects information necessary to provide, maintain, and improve our services. The types of data we process include:

  • Account Information – Includes your full name, email address, password, and (optionally) phone number. This information is provided directly by you when creating or updating your account.

  • Professional Information – Covers your work experience, training records, CPD logs, verifier comments, and digital signatures. These details are provided by you and, where applicable, by your chosen verifiers during the verification process.

  • Generated Records – Consist of automatically created PDFs and audit logs of your entries, generated by the system to maintain accurate records and traceability.

  • Technical Data – Includes device information such as model, operating system version, crash logs, and usage events. This data is collected through the app to improve stability, performance, and user experience.

  • Payment Data – Payments are securely processed through the Apple App Store and Google Play Store. Njinius does not store or process card details directly; all payment data remains managed by the respective platform provider.

Your data is handled securely and transparently at every stage, with strict adherence to GDPR and industry best practices.

3. How We Use Your Data

We collect and process personal data only for specific, lawful purposes and retain it for no longer than necessary. The key purposes and their lawful bases are outlined below:

  • Account creation & authentication – Processed under Contract (Article 6(1)(b)) to enable user access and secure login. Data is retained until the account is deleted, plus an additional 30 days for secure removal.

  • Logbook creation & verification – Processed under Contract to support the recording, verification, and management of professional records. Data is retained for 6 years in line with professional and audit requirements.

  • Audit trail & dispute evidence – Processed under Legitimate Interest (Article 6(1)(f)) to maintain a verifiable record of actions for accountability and dispute resolution. Retained for 6 years.

  • Service communications & support – Processed under Contract to provide user notifications and customer support. Retained for 12 months from the date of interaction.

  • Analytics & performance improvement – Processed under Legitimate Interest using anonymous data only to improve service performance and user experience. Retained for 90 days.

  • Legal or security compliance – Processed under Legitimate Interest or Legal Obligation, where required to meet statutory, regulatory, or security requirements. Data is retained only as long as required by law.

We ensure that all data processing follows Privacy by Design principles, with appropriate technical and organisational measures in place to protect user information at every stage.

4. Data Storage & Security

All personal data is hosted in EU-based Google Cloud (Firebase) regions.
We apply encryption in transit (TLS 1.2+) and at rest (AES-256).
Access is strictly role-based and protected by multi-factor authentication.

5. Sharing & Processors

We share data only with trusted processors that support core app functionality:

To deliver the Digital Logbook service securely and efficiently, we work with carefully selected third-party providers. All processors operate under appropriate Data Processing Agreements (DPAs) and comply with UK GDPR and EU GDPRstandards.

  • Google (Firebase) – Provides secure hosting, database, and authentication services. All data is stored and processed within the European Union (Ireland and Belgium) under strict data protection safeguards, with a DPA in place.

  • SendGrid (Twilio) – Handles email notifications related to user verification and account activity. Processing takes place within the EU under Standard Contractual Clauses (SCCs), with a DPA in place to ensure continued compliance and data protection.

All third-party partners are vetted to ensure that user data remains protected, processed lawfully, and handled with the highest security standards.

No data is sold, rented, or transferred outside the EEA.

6. Data Retention & Deletion

  • Accounts deleted β†’ data removed automatically within 30 days.

  • Verified records β†’ retained 6 years for audit purposes.

  • Backups β†’ encrypted, overwritten after 90 days.
    To request deletion or export of your data, email privacy@njinius.com.

7. Your Rights

You can:

  • Access a copy of your data

  • Request correction or erasure

  • Restrict or object to processing

  • Request data portability
    Contact privacy@njinius.com. We respond within 30 days.

If you are not satisfied, you may complain to the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.

8. Children

The App is not intended for children under 16.

9. Updates

We may update this policy to reflect legal or technical changes. The latest version will always be available in-app and on our website.

10. Governing Law

This policy is governed by the laws of England and Wales.

Β© Copyright 2025 NJINIUS LTD
NJINIUS LTD registered in England and Wales with company number: 15598424 whose registered office is at 210 Tonge Moor Road, BL2 2HN