FeaturesPricingAboutSecurityContact Login Book a demo

Privacy Policy

How we collect, use and protect personal data when you use Posttime and visit posttime.uk.

Last updated: 10 June 2026  ·  Effective: 10 June 2026
This policy explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contents

  1. Who we are
  2. Controller and processor roles
  3. Data we collect
  4. How and why we use data
  5. Lawful bases
  6. Sharing & sub-processors
  7. International transfers
  8. Retention
  9. Security
  10. Your rights
  11. Cookies
  12. Children
  13. Changes
  14. Contact & complaints

1. Who we are

Posttime (“Posttime”, “we”, “us”, “our”) provides time-recording and billing software delivered as a web application at posttime.uk. We are the data controller for personal data collected through our website and for the account and billing data of our customers.

Our registered details are:

  • Trading name: Posttime
  • Registered company name: Yeti Trading and Holding Company Limited
  • Company number: 16962101 (registered in England & Wales)
  • Registered address: Garden Flat, 48 Lower Oldfield Park, Bath, BA2 3HP, United Kingdom
  • ICO registration number: ZC157856
  • Data protection contact: posttimeuk@gmail.com

2. Controller and processor roles

Posttime acts in two different capacities depending on the data:

  • As a controller — for data about our website visitors, prospects and the individual users who administer a customer account (for example, names and work email addresses, billing contacts and support correspondence).
  • As a processor — for the data our customers enter into the application, such as their own clients, matters, time entries and invoices. The customer (your firm) is the controller of that data and decides how it is used; we process it only on their documented instructions under our customer agreement and a data processing addendum.

3. Data we collect

CategoryExamples
Account dataName, work email, job role, firm name, password (stored only as a secure hash)
Billing dataBilling contact, billing address, subscription plan, payment status (card details are handled by our payment provider, not stored by us)
Customer content (processed on your behalf)Your clients and matters, time entries, charge rates, invoices, leave records and any notes you enter
Usage dataLog-in times, pages used, feature usage, device and browser type, IP address
Support dataMessages, emails and attachments you send when you contact us
Website dataInformation submitted through forms, and analytics about how the site is used

4. How and why we use data

  • To create and administer your account and provide the service.
  • To process subscriptions, take payment and issue receipts.
  • To provide support and respond to your enquiries.
  • To keep the service secure, prevent abuse and investigate incidents.
  • To improve and develop our features using aggregated, non-identifying usage data.
  • To send service messages (for example, important changes or security notices).
  • To send occasional marketing about Posttime where you have asked us to or are an existing customer — you can opt out at any time.
  • To meet our legal, accounting and regulatory obligations.

5. Lawful bases

Where we act as a controller, we rely on the following lawful bases under Article 6 of the UK GDPR:

PurposeLawful basis
Providing the service and account administrationPerformance of a contract
Taking payment and keeping financial recordsContract / legal obligation
Security, fraud prevention and service improvementLegitimate interests
Marketing emailsConsent or legitimate interests (soft opt-in for existing customers)
Meeting legal and regulatory dutiesLegal obligation

6. Sharing & sub-processors

We never sell your personal data. We share it only with trusted providers who help us run the service, each bound by contract to protect it and use it only on our instructions. These include:

  • Cloud hosting and storage — to host the application and store data securely.
  • Payment processing — to take subscription payments.
  • Accounting integration — QuickBooks Online, where you choose to connect it, to push invoices you create.
  • Companies House — to look up registered company details when you add a client.
  • Email and support tools — to deliver service messages and handle support.
  • Analytics — to understand and improve how the website and app are used.

We may also disclose data where required by law, to enforce our agreements, or in connection with a merger, acquisition or sale of assets (with appropriate safeguards). A current list of sub-processors is available on request from posttimeuk@gmail.com.

7. International transfers

We aim to keep personal data within the UK or European Economic Area. Where data is transferred outside the UK, we ensure an appropriate safeguard is in place — such as an adequacy decision, the UK International Data Transfer Agreement, or Standard Contractual Clauses with the UK Addendum.

8. Retention

We keep personal data only for as long as necessary:

  • Account & customer content — for the life of your subscription and then deleted or returned within 90 days of termination, unless you ask us to delete it sooner.
  • Billing records — kept for at least six years to meet UK tax and accounting requirements.
  • Support correspondence — typically up to 24 months.
  • Website analytics — typically up to 26 months.

9. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, role-based access controls, secure authentication and regular backups. For more detail see our Security & data protection page. No system is completely secure, but we work hard to protect your information and will notify you and the ICO of a personal data breach where we are legally required to do so.

10. Your rights

Subject to certain conditions, you have the right to:

  • be informed about how your data is used;
  • access a copy of your data;
  • have inaccurate data corrected;
  • have your data erased;
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time; and
  • not be subject to solely automated decisions with legal effects (we do not carry out such decisions).

To exercise any of these rights, email posttimeuk@gmail.com. We will respond within one month. Where the data relates to a customer’s account content (where we are a processor), we will refer your request to the relevant firm.

11. Cookies

We use a small number of essential and analytics cookies. You can read more and manage your choices in our Cookie policy.

12. Children

Posttime is a business tool and is not intended for, or directed at, children. We do not knowingly collect data about anyone under 16.

13. Changes to this policy

We may update this policy from time to time. We will post the new version here and, where changes are significant, notify you by email or in the app. The “last updated” date shows when it last changed.

14. Contact & complaints

If you have any questions or concerns about how we handle your data, please contact us first at posttimeuk@gmail.com or by post at Yeti Trading and Holding Company Limited, Garden Flat, 48 Lower Oldfield Park, Bath, BA2 3HP, United Kingdom.

You also have the right to complain to the UK’s supervisory authority, the Information Commissioner’s Office (ICO), at ico.org.uk or by calling 0303 123 1113.

Provided in good faith as a starting template and not as legal advice. It’s sensible to have it reviewed when your budget allows, and to complete the bracketed details before publishing.