Privacy Policy

Last updated: January 2026

This Privacy Policy explains how Lytom Assess^® collects, uses, and protects your personal data in accordance with GDPR (including UK GDPR).

1. Who We Are

Lytom Assess is operated by Lytom ("we", "us", "our"). We are the data controller responsible for your personal data.

2. What Data We Collect

Account Information:

Email address
Name
Company name (optional)
Password (encrypted)

Payment Information:

Payment card details are processed securely by Stripe
We do not store your full card number
We receive billing address and last 4 digits for reference

Assessment Data:

Risk assessments you create
Site details you enter
Photos you upload
Templates you create or modify
PDF reports generated

Usage Data:

App features used (anonymised)
Device type and operating system
Crash reports (if the app crashes)

3. How We Use Your Data

To provide the Lytom Assess service
To process your subscription payments
To sync your data across devices
To send important service notifications
To improve our app based on usage patterns
To diagnose and fix technical issues
To respond to your support requests
To comply with legal obligations

4. Legal Basis for Processing

Contract Performance: Providing the service you subscribed to, processing payments, syncing your assessment data.

Legitimate Interests: Improving our service, ensuring security, analysing usage patterns (anonymised).

Consent: Marketing communications (if you opt in).

Legal Obligation: Tax and accounting requirements, responding to lawful requests.

5. Data Sharing & Third Parties

Firebase (Google): Authentication, database, file storage. Data shared: email, name, assessments, photos. Location: USA (EU-US Data Privacy Framework).

Stripe: Payment processing. Data shared: payment card details, billing address. Location: USA (EU-US Data Privacy Framework).

Mixpanel: Anonymous usage analytics. Data shared: anonymous user ID, feature usage only. No personal data or assessment content shared.

Microsoft Clarity: Website analytics and session recording on our public marketing pages (lytom.app). Data shared: anonymised visitor behaviour (page views, clicks, scroll depth, session recordings). No personal data or account content is shared. Clarity automatically masks sensitive fields. Location: USA (EU-US Data Privacy Framework). Microsoft Privacy Statement.

We do NOT sell your data to third parties. We do NOT share your assessment content with anyone.

6. International Data Transfers

Your data may be transferred to and processed in the United States by our service providers (Firebase, Stripe, Mixpanel, Microsoft Clarity). These providers participate in the EU-US Data Privacy Framework and/or have Standard Contractual Clauses in place, providing appropriate safeguards.

7. Data Retention

All data retained while your subscription is active
After cancellation: account and assessment data retained for 30 days, then permanently deleted
Payment records retained for 7 years (UK tax/accounting requirements)

8. Data Security

Encryption in transit (HTTPS/TLS)
Encryption at rest (Firebase encryption)
Secure password hashing
Access controls and authentication

9. Your Rights (under GDPR / UK GDPR)

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data
Portability: Receive your data in a portable format
Object: Object to processing based on legitimate interests
Restrict: Request restricted processing
Withdraw Consent: Where processing is based on consent

To exercise these rights, email: support@lytom.app. We will respond within 30 days.

10. Complaints

You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113

11. Children's Data

Lytom Assess is a business tool intended for professional use. We do not knowingly collect data from anyone under 18 years of age.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of the app after changes constitutes acceptance of the updated policy.

13. Contact Us

For any questions about this Privacy Policy or your data:

Email: support@lytom.app

We aim to respond to all enquiries within 48 hours.