CountBuddy Privacy Policy

WeBoost Ltd, the business operating the CountBuddy deployment, quote, invite, or workspace you are using, is the controller of the personal data described here. In this Policy, WeBoost Ltd is referred to as the CountBuddy operator, we, or us.

If you are using a pilot or staging deployment, the controller may still be validating the product before full production release. This Policy still applies to that environment.

Depending on how you use the service, CountBuddy may store:

• account and organisation details such as names, work email addresses, roles, organisation names, and hashed passwords;
• warehouse data such as products, SKUs, supplier codes, barcode values, location records, expected stock, and session notes;
• count activity such as counted quantities, variances, recount state, confirmation reasons, timestamps, and the user who entered or reviewed a count;
• accountability and sync data such as device IDs, offline-created timestamps, sync events, attempt group IDs, and audit trail records;
• import, export, print, quote, invite, and referral data, including uploaded spreadsheet rows, saved quote answers, invite email addresses, invite tokens, and referral preview content;
• browser-side storage needed for sign-in, preferences, and offline queueing on supported devices.

We use CountBuddy data to:

• authenticate users and manage role-based workspace access;
• import stock lists, create barcodes and labels, run count sessions, and generate variance and export outputs;
• preserve accountability around who counted, reviewed, confirmed, or synced data;
• generate and reopen guided quotes, invite links, and referral previews;
• protect the service, troubleshoot issues, and maintain a usable audit trail;
• support billing and onboarding where those paths have been explicitly enabled in the relevant environment.

Where UK GDPR applies, we usually rely on one or more of these bases:

• Contract — to provide the service, run your account, generate quotes, and process count data you ask us to handle.
• Legitimate interests — to keep CountBuddy secure, investigate issues, preserve audit records, and improve the product for business use.
• Legal obligation — where we must keep or disclose data to meet legal, regulatory, tax, or fraud-prevention requirements.

If you enter someone else's email address for an invite, you are responsible for making sure you have a lawful basis to share it with us.

We do not sell CountBuddy workspace data. We may share data with service providers that help us run the product, such as hosting, database, storage, and payment providers used by the current deployment.

If billing is enabled, Stripe or another payment provider may receive the data needed to process checkout or invoices. If billing is not enabled, no payment processor should be used for that environment.

The current CountBuddy build does not automatically send invite or referral messages on your behalf. It stores invite details, referral preview content, and share links so you can copy or manually share them yourself.

CountBuddy uses essential browser storage to keep the product working. That can include sign-in cookies, local storage or IndexedDB for offline counting, and cached app assets where appropriate for the current build.

The current build does not include third-party advertising cookies or marketing pixels. Product-side in-browser events are used for app behaviour and UI feedback rather than external ad tracking.

We keep workspace data for as long as the relevant account, pilot, or rollout remains active and for a reasonable period afterwards where it is needed for audit, billing, rollout support, or legal reasons.

Invite links, saved quotes, referral previews, and audit records may be retained while they are active or still relevant to the workspace. Offline queue data can also remain on the user's device until it is synced or cleared locally.

We use reasonable technical and organisational measures to protect the data handled by CountBuddy, including role-based access, hashed passwords, audit records, and environment-level controls where they are available.

We do not claim any certification or compliance framework that has not actually been obtained. If data is processed outside the UK, we aim to do so under appropriate legal safeguards.

Depending on the laws that apply, you may have rights to access, correct, delete, restrict, or object to the processing of your personal data, and in some cases to ask for a portable copy of it.

If you are in the UK and believe your data has been handled improperly, you may also complain to the Information Commissioner's Office.

Direct support, billing, and privacy inboxes are being finalised. If you already have a quote, invite, or rollout thread, use that route first so the right context stays attached. If you were not given a direct route, start with the contact page and identify the workspace, quote, or deployment involved.