Privacy Policy

Effective: 14 August 2025
Last Updated: 14 August 2025

Welcome to Queue‑EZ. This policy explains how we collect, use, store, and protect personal data across our website and app. It reflects our current architecture and features, including Firebase‑based authentication, Firestore, user‑defined appearance settings, advisor rotation, PWA usage, and in‑app/customer notifications.

1) Who We Are

EZ Made Ltd (UK). Company No: 16473008.

Address: 11 Hampton Grove, WA14 5AW, UK
Email: privacy@ez-made.co.uk

2) What We Collect

A. You provide

  • Account setup: name, email, organisation/store details.
  • Queue/Scheduling: customer name (optional “No name”), journey type (e.g., sale/service), service type, scheduling time, and optional preferred advisor.
  • Branding & UI: uploaded logos and appearance preferences (e.g., gradient colors, labels).

B. Collected automatically

  • Device/usage: IP address, browser/device type, timestamps, app/page events.
  • Auth state via Firebase Authentication.
  • PWA runtime info (e.g., service worker install/updates) where enabled.

C. Cookies/Local Storage

  • Authentication/session via Firebase (required to use secure areas).
  • Lightweight preferences (e.g., split‑view toggle) in localStorage.
We do not require phone numbers for the web experience. Notifications are handled in‑app/on‑site (see §7). If you later enable SMS in your tenant, additional terms will apply (see §7C).

3) How We Use Data

  • To operate live queues and appointments (including advisor rotation logic and “next up” indicators).
  • To show/store customer records, reschedule, mark served/left, and compute wait times.
  • To render your brand/theme (e.g., card gradients, labels) consistently across app and web.
  • To secure accounts, detect abuse, and improve performance/usability.
  • To provide support and comply with legal obligations.

4) Legal Bases (UK GDPR)

  • Contract – delivering core queue/scheduling features you request.
  • Legitimate interests – analytics, product improvement, fraud prevention.
  • Consent – optional communications (e.g., marketing) or tenant‑enabled SMS (if used).

5) Where We Store Data

We use Firebase (Google Cloud) for Authentication, Firestore, Hosting/Functions, and optionally Storage for brand assets. Transport is protected with TLS. Access is restricted to authorised personnel only.

6) Data We Maintain in Firestore (Illustrative)

  • users/{uid}/queue – live queue entries (customer name, journey/service type, timestamps, optional preferred advisor, notifyRequestedAt for on‑site notifications).
  • users/{uid}/served_customers – active/closed service interactions and advisor assignment.
  • users/{uid}/scheduled_customers – scheduled appointments (time, optional preferred advisor).
  • users/{uid}/advisors – advisor roster/status (online/serving/lastServedAt) used for rotation.
  • users/{uid}/settings – UI/labels and theme (e.g., cardTypeColors, journeyLabels).

7) Notifications

A. In‑app/On‑site

Advisors can mark a customer as notified by setting notifyRequestedAt. This powers a short, in‑app timer and on‑site display; no phone number is required or stored for this feature.

B. Email/Marketing

Only with your consent (opt‑in). You can unsubscribe at any time.

C. SMS (Tenant‑Optional)

By default, Queue‑EZ web and app do not send SMS. If a tenant enables SMS, we will process the minimal required phone metadata with a compliant provider solely for queue alerts. Numbers are not used for marketing. Tenant‑level settings and provider retention controls apply; details will be shown at the point of capture and reflected in tenant‑specific terms.

8) Sharing

We do not sell personal data. We share limited data with subprocessors to run the service (e.g., Firebase/Google). For tenant‑enabled SMS, a telephony provider may process the message for delivery under strict DPAs.

9) Retention

  • Queue entries: removed when served/left, or moved to served/scheduled collections.
  • Served history: retained for operational analytics/reporting; you can request deletion.
  • Scheduled customers: retained until the appointment completes or is cleared.
  • Account & settings: kept until you delete your account or request erasure.
  • Logs/diagnostics: short‑lived, for reliability and security.

10) Your Rights (UK)

  • Access, rectification, erasure, restriction, portability, objection.
  • Withdraw consent for optional processing (e.g., marketing).
  • Lodge a complaint with the ICO.

Contact: privacy@ez-made.co.uk

11) Children

Not intended for children under 13. We do not knowingly collect data from children.

12) Security

  • TLS in transit, Firebase security rules, role‑based access.
  • Principle of least privilege for staff access.
  • Ongoing reviews of authentication and Firestore rules.

13) PWA & Service Worker

Where enabled, we register a service worker to improve performance and offline resilience. This may cache static assets; it does not change your privacy rights. You can remove cached data via your browser settings.

14) Changes

We may update this policy as we evolve features (e.g., advisor rotation or theming). Significant changes will be communicated through the app/website or by email.

15) Contact

EZ Made Ltd
11 Hampton Grove, WA14 5AW, UK
privacy@ez-made.co.uk