Privacy Policy

Last Updated: 30 July 2025

Welcome to RAMSGen. Your privacy is a top priority for us. This Privacy Policy explains how RAMSGen Ltd ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our software, website, and related services (the "Service").

We are committed to complying with our data protection obligations under the UK General Data Protection Regulation (UK GDPR) and applicable UK data protection legislation.

This policy forms part of our Terms and Conditions. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Who We Are and How to Contact Us

Data Controller: For the purpose of UK GDPR, the data controller is RAMSGen Ltd, a company registered in England and Wales.

Data Support: Contact us here

3. Information We Collect

We collect information in three main ways:

3.1. Information You Provide Directly to Us

  • Account Information: When you create an account, we collect your name, email address, and encrypted password. This is handled securely by our authentication provider, Clerk.
  • Payment Information: When you subscribe to our Service, our payment processor, Stripe, collects your payment card details. We do not store your full payment card information on our servers - only transaction references for billing purposes.
  • User Content: We collect the data you voluntarily input into the Service to create your RAMS documents, such as project names, site addresses, task descriptions, hazard information, and control measures.
  • Communications: If you contact us for support or feedback, we will collect your name, email address, and the contents of your message to provide assistance and improve our Service.
  • Profile Information: Any additional information you choose to add to your profile, such as company name or job title.

3.2. Information We Collect Automatically

  • Usage Data: We collect information about how you interact with our Service, including features used, documents created, time spent on different sections, and frequency of use, to ensure service functionality, security, and improvement.
  • Device and Connection Information: We collect information about your device and connection, including IP address, browser type and version, operating system, screen resolution, and referring website, for security, troubleshooting, and service optimisation.
  • Log Data: Our servers automatically record information when you use our Service, including access times, pages viewed, and any errors encountered.
  • Cookies and Similar Technologies: We use essential cookies and similar technologies to operate our Service. For details, see Section 9.

4. How We Use Your Information

We use your personal information for the following purposes:

  • To Provide and Maintain the Service: To create and manage your account, process your subscriptions, enable you to create, save, and download your RAMS documents, and provide customer support.
  • To Improve and Develop the Service: To understand how users interact with the Service, analyse usage patterns for performance optimisation and bug fixes, develop new features, and conduct research to enhance user experience.
  • To Communicate With You: To respond to your enquiries, send essential service-related notifications (such as security alerts, billing notices, or service updates), and provide account-related information.
  • For Marketing Purposes: With your explicit consent, we may send you information about new features, updates, or related services. You can opt out at any time using the unsubscribe link in any marketing email.
  • For Security and Fraud Prevention: To protect against unauthorised access, detect and prevent fraud, ensure platform security, and investigate suspicious activity.
  • For Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforce our Terms and Conditions.

5. Our Lawful Basis for Processing (UK GDPR)

Under UK GDPR, we must have a lawful basis for processing personal data. Our lawful bases are:

  • Performance of a Contract: We process your data to fulfill our contractual obligations when you subscribe to and use our Service.
  • Legitimate Interests: We process your data for our legitimate business interests, such as improving our Service, ensuring security, preventing fraud, and conducting analytics, provided these interests do not override your fundamental rights and freedoms.
  • Consent: We rely on your explicit consent for marketing communications and non-essential cookies (where applicable).
  • Legal Obligation: We may process your data to comply with legal or regulatory obligations, such as tax requirements or law enforcement requests.
  • Vital Interests: In rare circumstances, we may process data to protect someone's life or prevent serious harm.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share your data only in the following limited circumstances:

6.1. Third-Party Service Providers

We work with carefully selected service providers who are essential to operating our Service:

  • Authentication Services: Clerk provides user authentication and account security services.
  • Payment Processing: Stripe processes payments for subscriptions and handles billing operations.
  • Cloud Infrastructure: Cloud service providers host our application and securely stores your data in the UK.
  • Email Services: We use email service providers to send transactional and marketing emails (with your consent).
  • Analytics: We may use privacy-focused analytics services to understand how our Service is used and improve performance.

6.2. Legal Requirements

We may disclose your information if required by law, court order, or in response to valid requests by public authorities, or to protect our rights, property, or safety, or that of our users or the public.

6.3. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

All third-party service providers are contractually obligated to protect your data and use it only for the specified purposes.

7. International Data Transfers

Our primary data storage and processing takes place within the United Kingdom using Amazon Web Services (AWS) London region (eu-west-2).

Some of our third-party service providers may process data outside the UK. When this occurs, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Where data is transferred to countries with adequacy decisions from the UK government (such as EU member states).
  • Standard Contractual Clauses (SCCs): We use UK-approved SCCs with service providers in countries without adequacy decisions (such as the United States) to ensure your data receives equivalent protection.
  • Additional Safeguards: We may implement additional technical and organisational measures where necessary to protect your data during international transfers.

You have the right to request information about any international transfers of your data and the safeguards in place.

8. Data Security and Retention

8.1. Security Measures

We implement comprehensive technical and organisational security measures to protect your personal information:

  • Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption.
  • Access Controls: Strict access controls ensure only authorised personnel can access your data on a need-to-know basis.
  • Regular Security Audits: We conduct regular security assessments and updates to maintain protection standards.
  • Secure Infrastructure: Our AWS infrastructure includes multiple layers of security, including firewalls, intrusion detection, and monitoring.
  • Employee Training: All staff receive regular data protection and security training.

8.2. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

  • Active Accounts: We retain your data while your account is active and you continue to use our Service.
  • Account Closure: Upon account deletion, your data will be permanently removed from our live systems within 30 days, except where legal obligations require longer retention.
  • Backup Data: Data in backups will be deleted according to our backup retention schedule, typically within 90 days of account closure.
  • Legal Requirements: Some data may be retained longer to comply with legal, tax, or regulatory obligations (typically up to 7 years for financial records).

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Service. Here's what we use:

9.1. Essential Cookies

These cookies are necessary for the basic functioning of our Service and cannot be disabled:

  • Authentication Cookies: Managed by Clerk to keep you logged in securely.
  • Session Cookies: To maintain your session state and preferences during your visit.
  • Security Cookies: To protect against cross-site request forgery and other security threats.
  • Payment Cookies: Managed by Stripe to process payments securely.

9.2. Analytics Cookies (Optional)

With your consent, we may use privacy-focused analytics cookies to understand how our Service is used and identify areas for improvement. These cookies do not track you across other websites.

9.3. Managing Cookies

You can control cookies through your browser settings, but disabling essential cookies may prevent you from using certain features of our Service. We will request your consent for any non-essential cookies.

10. Your Data Protection Rights

Under UK GDPR, you have comprehensive rights regarding your personal data:

  • Right to Access: You can request a copy of all personal data we hold about you, including details about how it's processed.
  • Right to Rectification: You can request correction of any inaccurate or incomplete personal data.
  • Right to Erasure ('Right to be Forgotten'): You can request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: You can request that we limit how we process your data in certain situations.
  • Right to Data Portability: You can request to receive your data in a structured, machine-readable format or have it transferred to another service provider.
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: You can withdraw consent for marketing communications or optional cookies at any time.
  • Right to Lodge a Complaint: You can complain to the Information Commissioner's Office (ICO) if you're unhappy with how we handle your data.

How to Exercise Your Rights:

To exercise any of these rights, please contact us at privacy@ramsgen.com. We will respond to your request within one month (or sooner where possible). In some cases, we may need to verify your identity before processing your request.

Some rights may not apply in all circumstances, and we will explain any limitations when responding to your request.

11. Complaints and Supervisory Authority

If you have concerns about how we handle your personal information, please contact us first at privacy@ramsgen.com. We take all complaints seriously and will investigate promptly.

If you're not satisfied with our response, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Children's Privacy

Our Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18.

If we discover that we have collected personal information from a child under 18, we will delete such information immediately. If you believe we may have collected information from a child under 18, please contact us at privacy@ramsgen.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email if you have an active account
  • Display a prominent notice on our website
  • For significant changes, seek your renewed consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

RAMSGen Ltd

Support: Contact us here

Company Registration: England and Wales

We aim to respond to all privacy-related enquiries within 2 business days and formal data subject requests within one month as required by UK GDPR.