Privacy Policy

TotalSoft IT Solutions Ltd("we", "us", "our") is the data controller responsible for your personal data. We are a UK-based digital agency providing:

• Professional website design and development for clients
• Facebook / Meta advertising management services
• Garage Management Software (SaaS) — a cloud-based platform for automotive businesses
• Other SaaS products and software solutions

2.1 Data You Provide Directly

• Contact form submissions — your name, email address, phone number, and any message you send us
• Business enquiries — company name, project details, budget information
• SaaS account registration — name, email, business name, billing address, payment details (processed securely via our payment provider)
• Client data (web design) — when you engage us to build a website, we may handle content, imagery, and business information you supply

2.2 Data Collected Automatically

• Analytics data — device type, browser, pages visited, time on site, referring URLs
• Cookies and tracking pixels — including the Meta (Facebook) Pixel for advertising attribution. See our Cookie Policy
• IP address and location data — approximate geographic location derived from your IP address
• Log data — server logs including access times, errors, and technical identifiers

2.3 Data Collected via Facebook / Meta Ads

When we run advertising campaigns on your behalf (or our own), Meta collects data through the Meta Pixel, Conversions API, or Custom Audiences. This may include hashed email addresses, page views, and events on your website. You should review Meta's Privacy Policy for full details of how Meta processes this data.

2.4 SaaS Product Data (Garage Management Software & Others)

When you use our SaaS products, we collect and store data you input into the platform, including customer records, vehicle information, job sheets, invoices, and financial data. You remain the data controller for the data you input; we act as your data processor under a Data Processing Agreement (DPA) available on request.

We do not sell your personal data. We may share data with:

• Meta Platforms (Facebook / Instagram) — for advertising, Pixel tracking, and Custom Audience creation
• Google — Google Analytics and Google Workspace
• Cloud and hosting providers — e.g., Cloudflare, AWS, Vercel
• Payment processors — such as Stripe, for SaaS subscriptions and invoices
• Email service providers — for transactional and marketing emails
• Legal and professional advisers
• Law enforcement or regulators — when required by law

Some of our third-party service providers (e.g., Meta, Google, AWS) may process data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or UK Adequacy Decisions.

• Enquiry / contact data — up to 2 years after last contact
• Client project data — duration of the contract plus 6 years
• SaaS account data — duration of subscription plus 30 days after cancellation
• Financial records — 7 years (HMRC requirement)
• Analytics data — typically 26 months
• Marketing preferences — until you opt out or withdraw consent

You have the following rights regarding your personal data:

• Right of Access — request a copy of your personal data
• Right to Rectification — correct inaccurate or incomplete data
• Right to Erasure — request deletion ("right to be forgotten")
• Right to Restrict Processing
• Right to Data Portability — receive your data in a machine-readable format
• Right to Object — including for direct marketing
• Right to Withdraw Consent — at any time
• Rights regarding automated decisions

To exercise any of these rights, contact us at info@totalsoft.co.uk. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

We use cookies and similar tracking technologies on our website and, where applicable, within our SaaS products. This includes the Meta Pixel for advertising attribution and Google Analytics for website performance. For full details, see our Cookie Policy.

Our services are intended for businesses and adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/HTTPS), secure cloud infrastructure, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; however, we take all reasonable steps to protect your information.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of our services after changes constitutes acceptance of the updated policy.

For any privacy-related questions, requests, or concerns: