1. INTRODUCTION

Lanmark Limited (“we,” “us,” “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use TekFix AI.

We comply with:

• UK GDPR (UK General Data Protection Regulation)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR)

1.1 Data Controller

Lanmark Limited is the data controller responsible for your personal data.

2. LAWFUL BASIS FOR PROCESSING

We process your personal data under the following lawful bases:

Purpose	Legal Basis
Provide TekFix AI service	Contract – necessary to perform our agreement with you
Process subscription payments	Contract – necessary for payment processing
Bill engineer support time	Contract – necessary to charge for services used
Improve service & prevent fraud	Legitimate Interest – our business needs
Comply with tax/accounting laws	Legal Obligation – required by UK law
Send marketing emails (if opted in)	Consent – you explicitly agreed

3. WHAT PERSONAL DATA WE COLLECT

3.1 Data You Provide Directly

Registration & Account

• Email address (required for account creation)
• Name (optional, for personalization)
• Device identifier (hashed, for trial tracking and device limits)

Payment Information

• Billing details collected by Stripe (see Section 5.2)
• We do NOT store your full credit/debit card numbers
• We receive limited data from Stripe: last 4 digits, card type, expiry date

Chat & Support Data

• AI chat messages: Your questions and AI responses
• Support tickets: Information you provide when contacting human engineers
• Engineer session notes: Details documented by engineers during support sessions
• Screenshots or files: If you choose to share them (future feature)

3.2 Automatically Collected Data

System Information

Collected to provide technical support:

• Device type and manufacturer (e.g., “iPhone 14 Pro”, “Dell Latitude”)
• Operating system and version (e.g., “Windows 11 22H2”, “macOS 14.2”)
• App version (e.g., “TekFix AI 1.0”)
• Device memory (RAM) and storage capacity
• Processor type
• Network adapter information
• Display resolution
• Battery status (mobile devices)
• System language and region

Network & Connection Data

• IP address (for fraud prevention and approximate location)
• Network status (online/offline)
• Connection type (WiFi, cellular, ethernet)
• Internet Service Provider (ISP) – derived from IP

Usage & Analytics Data

• Feature usage: Which features you use (AI chat, engineer support, settings)
• Session data: App open/close times, session duration
• Interaction data: Button clicks, navigation patterns (anonymized)
• Error logs: App crashes or errors (anonymized, no personal data)
• Performance metrics: App load times, response times

Authentication & Security

• Login timestamps: When you access the app
• Device tokens: For app authentication
• Session tokens: Temporary authentication tokens
• Security events: Failed login attempts, suspicious activity

3.3 Data We Do NOT Collect

4. HOW WE USE YOUR DATA

4.1 Service Delivery

We use your data to:

• ✅ Authenticate and manage your account
• ✅ Provide AI chat support (send messages to OpenAI)
• ✅ Connect you with human engineers
• ✅ Display relevant system information in chat
• ✅ Track device usage against 3-device limit
• ✅ Enforce free trial (one per user)
• ✅ Process subscription and engineer payments via Stripe

4.2 Billing & Payments

• ✅ Process monthly subscription charges (£1/month)
• ✅ Bill engineer support time (£60/hour)
• ✅ Generate invoices and receipts
• ✅ Handle refunds and payment disputes
• ✅ Detect and prevent payment fraud
• ✅ Comply with tax and accounting requirements (7-year retention)

4.3 Customer Support

• ✅ Respond to your support inquiries
• ✅ Troubleshoot technical issues
• ✅ Provide engineer support sessions
• ✅ Maintain support ticket history for continuity

4.4 Service Improvement

• ✅ Analyse usage patterns to improve features
• ✅ Identify and fix bugs
• ✅ Optimise app performance
• ✅ Develop new features based on user needs
• ✅ Train and improve AI responses (via OpenAI)

4.5 Security & Fraud Prevention

• ✅ Detect suspicious activity or abuse
• ✅ Prevent unauthorised access
• ✅ Enforce Terms & Conditions
• ✅ Protect against payment fraud
• ✅ Monitor for system attacks or exploitation

4.6 Legal & Compliance

• ✅ Comply with legal obligations (tax records, court orders)
• ✅ Enforce our Terms & Conditions
• ✅ Protect our legal rights
• ✅ Respond to law enforcement requests (when legally required)

4.7 Communications

• ✅ Send service notifications (subscription renewal, payment failed, Terms updates)
• ✅ Send engineer session confirmations and invoices
• ✅ Respond to your inquiries
• ✅ Send critical security alerts

Marketing emails: Only if you opt in (see Section 11)

5. DATA SHARING & THIRD PARTIES

We share your data with the following third-party service providers:

5.1 OpenAI (AI Processing)

Attribute	Details
Purpose	Process AI chat queries
Data Shared	• Your chat messages (questions and AI responses) • Conversation history (for context) • System information (device, OS, app version) • Session metadata (timestamps, user ID)
Location	USA (adequate safeguards in place)
Legal Basis	Necessary for service delivery (Contract)
Privacy Policy	https://openai.com/privacy
Data Retention	Per OpenAI’s retention policy (typically 30 days)

5.3 HaloPSA (Support Ticketing) – If Applicable

Attribute	Details
Purpose	Manage human engineer support tickets
Data Shared	• Support ticket content (your questions, engineer responses) • System information (for troubleshooting) • Chat history (if escalated from AI chat) • Contact information (email, name)
Location	[Check HaloPSA data location]
Legal Basis	Necessary for service delivery (Contract)
Data Retention	24 months

5.4 Cloud Hosting & Infrastructure

Attribute	Details
Purpose	Host TekFix AI backend services
Data Shared	All data stored on our servers
Providers	[Specify: AWS, Azure, Google Cloud, etc.]
Location	[Specify: UK, EU, USA]
Security	Data encrypted at rest and in transit

5.5 Analytics Services (If Used)

Attribute	Details
Purpose	Anonymous usage analytics
Data Shared	Anonymized usage data (no personally identifiable information)
Providers	[Specify if using Google Analytics, Mixpanel, etc., or state “None”]
Opt-Out	Available in app Settings

6. DATA WE DO NOT SELL OR SHARE

7. INTERNATIONAL DATA TRANSFERS

7.1 Data Locations

Your data may be processed in:

• United Kingdom (our primary operations)
• USA (OpenAI for AI processing, Stripe for payments)
• [Other locations] (if applicable for hosting/infrastructure)

7.2 Safeguards for International Transfers

For transfers outside UK/EEA, we ensure adequate protection through:

• UK adequacy decisions (where applicable)
• Standard Contractual Clauses (SCCs) approved by UK ICO
• Processor contractual commitments to GDPR-equivalent protections
• Encryption of data in transit and at rest

7.3 Your Rights

You have the right to:

• Request information about international transfers
• Object to transfers (though this may limit service availability)
• Lodge complaint with ICO if you believe transfers are inadequate

8. DATA RETENTION

8.1 How Long We Keep Your Data

Data Type	Retention Period	Reason
Account information	Active account + 30 days after deletion	Service delivery, reactivation window
Chat history	Stored locally on device; deleted when you clear chat	User control, privacy
Support tickets	24 months after ticket closure	Service quality, continuity of support
Engineer session logs	24 months	Billing disputes, quality assurance
Payment/invoice records	7 years	UK tax law requirement (HMRC)
Anonymous analytics	Indefinitely (anonymized, no personal data)	Service improvement
Security logs	12 months	Fraud prevention, security investigations
Marketing consent records	Until consent withdrawn + 3 years	Legal compliance (proof of consent)

8.2 Deletion After Retention Period

After retention period expires, data is:

• Permanently deleted from active systems
• Removed from backups during next backup cycle
• Anonymized if needed for statistical purposes (no personal identifiers retained)

8.3 Legal Holds

We may retain data longer if:

• Required by court order or legal process
• Needed for ongoing legal dispute or investigation
• Subject to litigation hold

9. YOUR RIGHTS UNDER UK GDPR

9.1 Right to Access (Subject Access Request)

You can request:

• Confirmation we process your data
• Copy of your personal data
• Information about how we use your data

How to Exercise: Email support@lanmark.com with subject “Data Access Request”
Response Time: Within 30 days
Cost: Free (first request); £10 for excessive/repeated requests

9.2 Right to Rectification

You can request correction of:

• Inaccurate personal data
• Incomplete information

How to Exercise: Update in app Settings, or email support@lanmark.com
Response Time: Within 30 days

9.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your data if:

• No longer necessary for original purpose
• You withdraw consent (where consent was the legal basis)
• You object to processing (and no overriding legitimate grounds)
• Data unlawfully processed
• Required by legal obligation

Exceptions: We may retain data if required by law (e.g., 7-year tax records)

How to Exercise: App Settings → Delete Account, or email support@lanmark.com
Response Time: Account deleted within 30 days

9.4 Right to Restriction of Processing

You can request we limit processing if:

• You contest data accuracy (while we verify)
• Processing is unlawful (but you don’t want deletion)
• We no longer need the data (but you need it for legal claims)
• You’ve objected to processing (pending verification of grounds)

How to Exercise: Email support@lanmark.com
Response Time: Within 30 days

9.5 Right to Data Portability

You can request:

• Copy of your data in machine-readable format (JSON, CSV)
• Transfer to another service provider (where technically feasible)

Applies to: Data you provided (account info, chat history)
Does NOT apply to: Derived data (analytics, logs)

How to Exercise: Email support@lanmark.com with subject “Data Portability Request”
Response Time: Within 30 days

9.6 Right to Object

You can object to processing based on:

• Legitimate interests: We must stop unless we demonstrate compelling legitimate grounds
• Marketing: We must stop immediately (no exceptions)

How to Exercise: Email support@lanmark.com, or use “Unsubscribe” in marketing emails
Response Time: Immediate for marketing; 30 days for other objections

9.7 Right to Withdraw Consent

Where processing is based on consent (e.g., marketing):

• You can withdraw consent at any time
• Withdrawal doesn’t affect lawfulness of processing before withdrawal

How to Exercise: App Settings → Privacy → Manage Consents, or email support@lanmark.com

9.8 Right to Lodge Complaint

If unhappy with our data practices:

Step 1: Contact us first: support@lanmark.com (we’ll try to resolve within 30 days)

Step 2: If unresolved, contact the UK supervisory authority:

10. DATA SECURITY

10.1 Technical Measures

We protect your data with:

• ✅ Encryption in transit: HTTPS/TLS 1.3 for all data transfers
• ✅ Encryption at rest: Database encryption for stored data
• ✅ Access controls: Role-based permissions, principle of least privilege
• ✅ Authentication: Strong password requirements, secure session management
• ✅ Tokenization: Payment cards tokenized by Stripe, we never see full numbers
• ✅ Hashing: Device IDs hashed for trial tracking (not reversible)
• ✅ Secure coding: Regular security audits and penetration testing
• ✅ Logging & monitoring: Security event monitoring and alerts

10.2 Organizational Measures

• ✅ Staff training: Data protection and security training for all employees
• ✅ Data minimization: We only collect data necessary for service
• ✅ Access controls: Limited employee access to personal data (need-to-know basis)
• ✅ Confidentiality agreements: All staff bound by confidentiality
• ✅ Incident response plan: Documented breach response procedures
• ✅ Regular reviews: Annual data protection impact assessments

10.3 Data Breach Notification

If we suffer a data breach likely to pose a risk to your rights:

• We will notify ICO within 72 hours of becoming aware
• We will notify you without undue delay (email to registered address)
• Notification includes: Nature of breach, likely consequences, measures taken, contact point

10.4 Your Security Responsibilities

To protect your account:

• ✅ Use a strong, unique password
• ✅ Don’t share your login credentials
• ✅ Log out when using shared devices
• ✅ Keep your device’s OS and security software updated
• ✅ Notify us immediately if you suspect unauthorised access: support@lanmark.com

10.5 Limitations

11. MARKETING & COMMUNICATIONS

11.1 Service Communications (No Opt-Out)

We will send essential service emails:

• Subscription renewal reminders
• Payment confirmations and invoices
• Failed payment notices
• Terms & Conditions updates
• Security alerts
• Engineer session confirmations

These are required for service delivery and cannot be opted out.

11.2 Marketing Communications (Opt-In Only)

We may send promotional emails about:

• New TekFix AI features
• Special offers or discounts
• Tips and best practices
• Lanmark Limited services (if applicable)

Opt-In Required: Marketing emails only sent if you explicitly opt in during registration or in Settings

Opt-Out: Click “Unsubscribe” in any marketing email, or disable in App Settings → Notifications

Response Time: Removed from marketing list within 48 hours

11.3 Third-Party Marketing

We will NEVER share your email or data with third parties for their marketing purposes.

12. CHANGES TO THIS PRIVACY POLICY

12.1 Updates

We may update this Privacy Policy to reflect:

• Changes in data processing practices
• New features or services
• Legal or regulatory requirements
• Changes in third-party processors

12.2 Notification of Changes

Material changes (affecting your rights or how we use data):

• 30 days’ advance notice via email and in-app notification
• Posted on website: https://lanmark.com/privacy-policy
• Effective date updated at top of policy

Minor changes (clarifications, contact information):

• Immediate effect
• Posted on website
• Version number incremented

12.3 Acceptance

Continued use of TekFix AI after notification period constitutes acceptance of updated Privacy Policy.

If you disagree: Cancel your account before effective date (see Section 9.3).

13. CONTACT & DATA PROTECTION OFFICER

13.1 General Privacy Inquiries

Email: support@lanmark.com
Subject Line: Include relevant keyword (e.g., “Data Access Request”, “Privacy Question”)
Response Time: Within 14 days (30 days for complex requests)

13.2 Data Protection Officer (If Appointed)

13.3 Company Information

14. SUPERVISORY AUTHORITY

If you’re unhappy with our data practices and we haven’t resolved your concern:

15. ADDITIONAL RIGHTS FOR EEA/EU RESIDENTS

If you’re located in the European Economic Area (EEA) or EU:

• This Privacy Policy also complies with EU GDPR
• You have the same rights as outlined in Section 9
• You can lodge complaint with your local EU supervisory authority
• Contact details: https://edpb.europa.eu/about-edpb/board/members_en

16. CALIFORNIA PRIVACY RIGHTS (CCPA) – If Applicable

If TekFix AI serves California residents:

• This section outlines additional CCPA rights
• [Include CCPA-specific disclosures if app available to US users]
• [If not applicable, state: “Not applicable – TekFix AI currently only available to UK/EU users”]

17. ACKNOWLEDGMENT