Skip to content
Terms of Service · Privacy Policy · Cookie Policy · Data Processing Agreement

Privacy Policy

Last updated: 1 May 2026 · Joshua Tyler Development Limited (Company No. 14716963) t/a WorkLane

This Privacy Policy explains how Joshua Tyler Development Limited ("we", "us", "our"), trading as WorkLane, collects, uses, stores and shares personal data when you use our website at www.worklane.co.uk and our job management platform (together, "the Service").

We are the data controller for personal data collected through the Service. We are registered with the Information Commissioner's Office (ICO registration no. 00013953894 — verify at ico.org.uk). We are committed to protecting your personal data and processing it in accordance with UK GDPR and the Data Protection Act 2018.

1. Data We Collect

Account and profile data

  • Name, email address, phone number, role
  • Profile photo (if uploaded)
  • Password (stored as a cryptographic hash — we never see your password)
  • PIN code (stored as a cryptographic hash)

Company and business data

  • Company name, address, logo
  • VAT number, bank details for invoicing purposes
  • Client names, addresses and contact details you enter into the platform
  • Property addresses and service history

Job and operational data

  • Job records, notes, status updates and timelines
  • Photos and files you upload
  • Cost records, invoices and quotes
  • Staff assignments, hourly rates and scheduling information

Billing and payment data

  • Subscription plan and billing history
  • Payment card details are processed directly by Stripe and never stored by us

Technical and usage data

  • IP addresses, browser type and device information
  • Pages visited and features used within the platform
  • Error logs and diagnostic information

2. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the Service — processing jobs, managing staff, generating invoices, and all core platform features (legal basis: contract performance)
  • Account management — creating and managing your account, authentication, password resets (legal basis: contract performance)
  • Billing — processing subscription payments, issuing invoices, handling disputes (legal basis: contract performance)
  • Communications — sending transactional emails such as job assignments, password resets and invoices (legal basis: contract performance)
  • Security and fraud prevention — monitoring for suspicious activity and protecting accounts (legal basis: legitimate interests)
  • Service improvement — understanding how the platform is used to improve features (legal basis: legitimate interests)
  • Legal compliance — meeting our obligations under applicable law (legal basis: legal obligation)

We do not use your data for advertising, and we do not sell your data to any third party.

3. Who We Share Data With

We share personal data only with the following categories of third parties, all of whom process data on our behalf under appropriate data processing agreements:

  • Supabase — database hosting and authentication (servers in the EU)
  • Vercel — web application hosting (servers in the EU and US)
  • Stripe — payment processing (compliant with PCI DSS; UK/EU)
  • Postmark / ActiveCampaign — transactional email delivery
  • Upstash — message queue and caching (EU region)
  • Anthropic — AI-powered features; only column headers from CSV files are sent, never row data
  • Xero (Xero Limited) — where you choose to connect your Xero account, WorkLane transmits invoice and contact data to Xero on your behalf. This data is governed by Xero's Privacy Policy. We store encrypted OAuth tokens to maintain the connection; you can disconnect at any time from your Integrations settings.
  • Intuit (QuickBooks Online) — where you choose to connect your QuickBooks Online account, WorkLane transmits invoice and customer data to Intuit on your behalf. This data is governed by Intuit's Privacy Statement. We store encrypted OAuth tokens to maintain the connection; you can disconnect at any time from your Integrations settings.

We may also disclose data where required by law, court order or regulatory authority.

3a. Accounting Integrations — What Data Is Transmitted

When you connect Xero or QuickBooks Online, WorkLane may transmit the following data to those services on your instruction:

  • Invoice data — invoice number, line items, amounts, VAT, due dates and status
  • Client data — company name, contact name, email address, phone number and billing address

WorkLane does not read or store financial data from your Xero or QuickBooks account beyond what is required to confirm a successful sync (e.g. the ID of the created invoice). Your accounting data remains under your control within those platforms. Encrypted access tokens are stored securely and are used only to perform syncs you have authorised. You can revoke access at any time by disconnecting the integration in WorkLane or revoking it directly within Xero or QuickBooks.

4. Data Retention

We retain your personal data for as long as your account is active. On account closure or cancellation:

  • You may request a CSV export of your data within 30 days of cancellation
  • After 30 days, your data will be permanently deleted from our systems
  • Some data may be retained for longer where required by law (for example, financial records for 6 years under UK tax law)

5. International Transfers

Some of our sub-processors may transfer data outside the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as UK adequacy decisions or standard contractual clauses (SCCs).

6. Your Rights

Under UK GDPR you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten"), subject to legal retention obligations
  • Restriction — request that we restrict processing of your data in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Automated decision-making — the right not to be subject to solely automated decisions that significantly affect you

To exercise any of these rights, email hello@worklane.co.uk. We will respond within 30 days. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

7. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • All data encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Row-level security enforced at the database level — each company's data is isolated
  • Passwords and PINs stored as cryptographic hashes and never visible to us
  • Access to production systems restricted to authorised personnel
  • Regular security reviews and dependency updates

8. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

9. Children

The Service is intended for business use only and is not directed at children under 18. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice within the platform. The current version will always be available at www.worklane.co.uk/legal/privacy.

11. Contact

For any privacy-related queries or to exercise your rights:
Joshua Tyler Development Limited t/a WorkLane
4 Colvreath Road, Newquay, TR7 2PY
Company Registration No. 14716963 · ICO Registration No. 00013953894
Email: hello@worklane.co.uk