← Home

Privacy Policy

Last updated · 28 April 2026

The short version

CISDesk stores all your tax data on your device only. We do not collect, transmit, or store any of your personal or financial information on our servers. The only data ever sent off your device is anonymous crash reports — used solely to fix bugs in future updates, never to identify you.

Who we are

CISDesk is operated by an individual sole trader based in the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, the data controller is the individual developer of CISDesk.

You can contact us about anything in this policy at hello@cisdesk.app.

Data we collect about you

None of your tax data, ever.

Contractor names, payment amounts, UTR numbers, job records, deduction calculations, Payment & Deduction Statements — all of it lives in a local SQLite database on your iPhone. We have no access to it. We do not transmit it. We do not store it on any server.

iCloud Backup

If you have iCloud Backup enabled in your iPhone Settings, iOS will automatically include CISDesk's local database in your encrypted nightly backup. This is a feature of iOS, not of CISDesk, and is controlled entirely by your device settings. Backups are encrypted by Apple in transit and at rest, and we have no access to them.

You can disable CISDesk from iCloud Backup at any time in: Settings → [Your Name] → iCloud → iCloud Backup → Manage Storage.

Crash reporting

CISDesk uses Sentry (sentry.io) to receive automated crash and error reports when the app stops working unexpectedly.

What is in a crash report: The part of the code that crashed, your iOS version, the device model (e.g. "iPhone 12 mini"), and a stack trace showing the technical state of the app at the moment of the crash.

What is not in a crash report: Your name, your UTR, contractor names, payment amounts, job details, or any other tax data you have entered. We have configured Sentry to scrub financial and personal fields before any data leaves your device.

Where it is processed: Sentry's EU data region (Frankfurt, Germany). CISDesk does not use Sentry's US data plane.

Lawful basis (UK GDPR Article 6): Legitimate interest — specifically, our interest in identifying and fixing software defects to provide a working app. We have considered this against your privacy rights and believe the limited, technical nature of the data and the absence of any identifying information makes this a proportionate use.

Retention: Crash reports are retained by Sentry for 90 days and then automatically deleted.

Sentry's own privacy policy: sentry.io/privacy

Analytics

CISDesk uses no product analytics or tracking tools whatsoever. We do not track which features you use, how often you open the app, or your behaviour within the app. There is no PostHog, no Google Analytics, no Firebase, no Facebook SDK, and no third-party tracker of any kind.

Advertising

There are no ads in CISDesk. Your data is never used for advertising purposes by us or by anyone else.

Other network activity

Beyond the crash reports described above, CISDesk does not make network requests to our servers, because we have no servers.

The only other network activity that may occur is standard iOS system behaviour outside our control: Apple's App Store may verify the app's installation, and iOS may include the app's local database in your iCloud Backup if you have that enabled. Both of these are handled by Apple, governed by Apple's privacy policy (apple.com/legal/privacy), and not by us.

International data transfers

Crash reports are processed within the European Economic Area (Sentry's Frankfurt region). No personal data is transferred outside the EEA by CISDesk.

Your rights under UK GDPR

You have the right to:

• Access any personal data we hold about you
• Have inaccurate data corrected
• Have data erased
• Object to processing
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113

In practice, because we hold no personal tax data about you and no account information, there is nothing for us to access, correct, or delete on request. All your data is on your device. You can erase it at any time by deleting the CISDesk app, which removes the local database with it (unless you have an iCloud Backup, which you can manage separately in your iPhone Settings).

If you want us to delete a crash report we have received, contact hello@cisdesk.app and provide the approximate date and time of the crash. We will do our best to identify and delete it, though crash reports do not contain identifying information so we may not be able to locate a specific report.

Children

CISDesk is a professional tool for self-employed construction subcontractors and is not directed at or intended for use by children under 16. We do not knowingly collect any data from children.

Changes to this policy

If we make material changes to how CISDesk handles data, we will update this policy and update the "Last updated" date at the top. For minor wording changes we may update silently. The current version is always available at cisdesk.app/privacy.

Contact

For any privacy questions, requests, or concerns, contact hello@cisdesk.app.

Questions? hello@cisdesk.app