Your data, your control

1) Who we are + contact

NippyAgent is a product operated by Nippy Agent Ltd (Company No. 16963969), registered at Suite 1-125, 39 Ludgate Hill, London EC4M 7JN. "NippyAgent" is a trading name.

Website: nippyagent.co.uk

Contact email: support@nippyagent.co.uk

2) What the product does (plain English)

NippyAgent helps self-employed trades create quotes and invoices via WhatsApp and generates PDF documents based on the information you provide.

3) Data we collect

We collect the following categories of information when you use NippyAgent:

A. WhatsApp account and messaging data

• Your WhatsApp phone number / WhatsApp ID (sender ID).
• Message content you send to us (commands, customer details, invoice/quote lines, totals).
• Message metadata such as timestamps and WhatsApp message IDs (used for deduplication and reliability).
• Delivery status data: we do not intentionally store WhatsApp delivery status beyond what is necessary to operate the service.

B. Business profile data

• Business name and address.
• Business phone number and email address (if provided).
• VAT settings (VAT enabled, VAT rate) and VAT number (optional).
• Bank transfer details if you choose bank transfer (bank name, account name, sort code, account number).

C. Customer records entered by you

• Customer name.
• Customer postcode.
• Optional customer address and phone number (only if you enter it).

D. Document data

• Quotes/invoices you create: line items, quantities, pricing, totals, VAT rate, discounts/deposits (where applicable).
• Generated PDFs and related metadata (for example file paths or hashes where applicable).

E. Billing data

• Subscription status (trial/active), plan name, usage counters and top-up credits.
• Stripe identifiers (customer/subscription IDs) used to manage billing.
• We do not store full card details. Payment card data is handled by Stripe.

F. Operational and security data

• Operational logs (errors, troubleshooting signals) to keep the service reliable.
• Abuse prevention signals such as rate limiting and deduplication records.
• IP address information may be processed by our hosting providers for website delivery and security.

4) Why we collect it and how we use it

• Provide the service: create quotes/invoices and generate PDFs.
• Store customer details inside each document you create (so the PDF contains the required information) and keep document history so you can resend documents.
• Manage billing and account status (subscriptions, top-ups, usage).
• Prevent fraud and abuse (rate limiting, spam/abuse detection, security monitoring).
• Support and troubleshooting (support tickets and operator replies).

5) Legal basis (UK GDPR)

We process personal data under the following lawful bases (as applicable):

• Performance of a contract: to provide NippyAgent features you request.
• Legitimate interests: to keep the service secure, prevent fraud/abuse, and maintain reliability.
• Consent: for optional marketing communications, if we offer them and you opt in.

6) Who we share data with (processors)

We use trusted service providers (processors) to operate NippyAgent:

• Meta / WhatsApp Business Platform (message transport).
• Supabase (database and object storage).
• Hetzner Online GmbH (application hosting, Falkenstein, Germany).
• Upstash (Redis / rate limiting).
• Stripe (payments and billing).
• Google Analytics (cookieless website analytics, with consent controls).
• Netlify (website hosting).
• Email provider (support communications, if applicable).

7) Data retention

• Business profile, customers, and documents: retained while your account is active, and for a limited period after closure for support and recovery.
• Billing records: retained as required for accounting/tax/legal obligations.
• Logs: retained for shorter periods (typically 30–90 days) unless needed for security investigations.

You can request deletion at any time. See Data deletion instructions.

8) Deletion, subscription cancellation and refunds

If you request account deletion, we cancel any active subscription immediately and access ends immediately.

Deleting your data does not automatically issue a refund. If you believe you’re eligible for a refund, we recommend submitting a refund request before deleting your data.

After deletion, we may retain a minimal billing ledger and a minimal account-deletion audit record to meet legal obligations and to resolve disputes, fraud investigations, and support requests.

9) Security measures

• TLS/HTTPS in transit.
• Access controls and least-privilege access for operational accounts.
• Encryption at rest where provided by our vendors.
• Security monitoring and logging for operational reliability.
• Payment card details are handled by Stripe and are not stored by us.

10) International transfers

Some of our service providers process data outside the UK:

• Supabase: EU region (covered by UK adequacy decision for EU).
• Hetzner: EU/Germany (covered by UK adequacy decision for EU).
• Stripe, Google, Meta: US-based (covered by UK-US Data Bridge under the UK Extension to the EU-US Data Privacy Framework).

11) Your rights and how to exercise them

Under UK GDPR you have the right to:

• Access the personal data we hold about you (Art. 15).
• Rectify inaccurate data (Art. 16).
• Erase your data (Art. 17) -- see our Data deletion page.
• Restrict processing (Art. 18).
• Data portability (Art. 20).
• Object to processing based on legitimate interests (Art. 21).
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To make a request, email support@nippyagent.co.uk or follow the steps on our Data deletion instructions page. We aim to respond within 30 days.

12) Children

NippyAgent is not intended for children under 16.

13) Updates to this policy

We may update this Privacy Policy from time to time. We will update the date at the top of this page and, where appropriate, provide notice through our website or WhatsApp.