Plain-language summary: Loginboard is an accountability platform — named records are core to the product. When you use the Service, your name, actions, and timestamps are permanently attached to records you create. We do not collect GPS or location data. Board administrators see everything on their boards. Some records are public if you configure them that way. We do not sell your data. We use it solely to operate the Service.
Overview
Loginboard ("we," "us," or "our") operates the Loginboard platform, accessible at loginboard.com and through related services (the "Service"). This Privacy Policy describes how we collect, use, store, share, and protect information about you when you use the Service.
This policy applies to all users of the Service, including board administrators, board members, and any person who accesses a public board page or external sign-off link. By using the Service in any capacity, you acknowledge that you have read and understood this policy.
Privacy by design — within limits. The Service is intentionally built around named accountability. Records you create are permanent, named, and visible to appropriate parties. This is a feature, not a flaw. Please read this policy in full before using the Service.
Data We Collect
We collect the following categories of data:
| Category | Examples | How collected |
|---|---|---|
| Account data | Name, email address, password (hashed), account creation date | Provided by you at registration |
| Operational records | Shift logs, SOP attestations, handoff records, decisions, incident reports, notes, audit log entries | Created by you while using the Service |
| Accountability metrics | Streak count, total items completed, last active date (date only, no time, no location) | Computed automatically from shift and task activity |
| Usage data | Pages visited, features used, timestamps, session duration, errors encountered | Collected automatically as you use the Service |
| Device & technical data | IP address, browser type and version, operating system, referring URL | Collected automatically via server logs and cookies |
| External sign-off data | Name submitted, timestamp, sign-off token used | Provided by third parties accessing a sign-off link |
| Communications | Messages you send to us via contact forms or email | Provided by you |
We do not collect: GPS coordinates or location data of any kind, payment card numbers, biometrics, government identification numbers, or any data about you that you do not actively provide or that the Service does not technically require.
How We Use Your Data
We use the data we collect for the following purposes:
- To provide the Service — creating and managing your account, storing and displaying records, enabling board functionality, and all core features of the platform.
- To maintain the audit trail — permanently attributing every action to a named user and timestamp. This is the core value of the Service.
- To compute task completion metrics — calculating handoff task completion rates from your activity, visible to board members in the Analytics section.
- To communicate with you — sending transactional emails (account confirmation, password reset), and, where you have opted in, product updates.
- To improve the Service — analysing usage patterns in aggregate to understand how to improve the platform.
- To ensure security — detecting, investigating, and preventing fraudulent or abusive use and unauthorised access attempts.
- To comply with legal obligations — responding to lawful requests from authorities, court orders, or legal process.
We do not use your data for advertising, profiling for third-party marketing, or any purpose unrelated to the operation and improvement of the Service.
Legal bases (for users in the UK and EEA). Where applicable law requires a legal basis for processing, we rely on: (a) contract performance — to provide the Service you have agreed to use; (b) legitimate interests — to improve the Service, ensure security, and maintain the integrity of audit records; and (c) legal obligation — to comply with applicable laws.
Named Accountability & Record Visibility
Important: Loginboard has no anonymous mode. Every action you take is permanently attributed to your real name and account. This is fundamental to the product. If you require anonymity, Loginboard is not the right tool for you.
Board administrator visibility. All records created on a board — including shift logs, attestations, handoffs, notes, decisions, incident reports, and audit log entries — are fully visible to board administrators at all times. By joining a board, you irrevocably consent to this level of visibility.
Board member visibility. Depending on board configuration, other members may be able to see certain records including shift summaries, open handoffs, and task completion records.
Permanent records. Records you create cannot be deleted from the audit trail once created. This immutability is intentional and integral to the Service.
Location Data
Loginboard does not collect, request, or store GPS coordinates, device location, or any other location data from users or their devices. All location capture functionality has been permanently removed from the Service as of 10 April 2026. Your device's location permission is never requested by Loginboard.
If you are reviewing a cached or archived version of this policy that referenced location data collection, that functionality no longer exists. Any location data collected prior to that date may remain attached to historical audit log entries. You may request deletion of your account and all associated data in accordance with Section 11 (Your Rights).
No location data is used for advertising, profiling, or any purpose other than the Service.
Task Completion Metrics
Where you use the task handoff feature, the Service records the following aggregate metrics per board member:
- Total completed — a running count of handoff tasks you have marked complete on that board.
What these metrics do not include: no GPS or location data, no device data, no time-of-day precision beyond what the board audit log already captures, and no health or biometric data of any kind.
Who can see these metrics: Task completion counts are visible to all members of the board on which the activity occurred. They are not exposed on any public page and are not shared with third parties.
Legal basis: We rely on contract performance — the metrics are a core feature of the task tracking module that you have chosen to use. You may request deletion of your data by deleting your account or contacting us under Section 11 (Your Rights).
External Records
Incident acknowledgement. Board members may record that an external party (such as a manager, client, or inspector) has been made aware of an incident. The submitted name and timestamp are permanently recorded in the incident audit trail.
Your responsibility. Board administrators are solely responsible for what information they choose to share externally or record on behalf of third parties.
Data Sharing
We do not sell, rent, or trade your personal data to third parties. We share data only in the following circumstances:
- Service providers. We use third-party providers to operate the Service — including hosting infrastructure, email delivery, and error monitoring. These providers process data only on our behalf and under our instructions.
- Board administrators. All records on a board are visible to the board's administrator(s). This is core functionality of the Service.
- Legal compliance. We may disclose data if required to do so by law, regulation, court order, or lawful request from a government authority.
- Business transfers. If Loginboard is acquired or substantially restructured, your data may be transferred to the successor entity. We will notify registered users in advance where reasonably practicable.
- With your consent. We may share data for any purpose with your explicit prior consent.
We do not sell your data. Loginboard's business model is based on providing a software service, not on monetising your personal information. We do not share data with advertisers or data brokers.
Data Retention
Operational records. Audit log entries, shift records, attestations, handoff records, decision logs, and incident reports are retained indefinitely by design. These records are immutable and cannot be deleted. This is fundamental to the accountability purpose of the Service.
Accountability metrics. Streak counts, total completed, and last active date are retained for as long as your account is active and the relevant board exists. These are deleted when you close your account or the board is destroyed.
Account data. If you close your account, your profile is deactivated. Records you created on boards remain as part of those boards' permanent audit trails, attributed to your name. Your name cannot be removed from records you have created without an erasure request (see Section 11).
Usage and technical data. Server logs and analytics data are retained for a maximum of 12 months unless required longer for legal or security purposes.
Security
We implement industry-standard technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include encryption of data in transit (HTTPS/TLS), hashing of passwords, access controls, and security headers applied to all responses.
No system is infallible. We cannot guarantee absolute security. In the event of a data breach likely to result in risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.
Your role in security. You are responsible for maintaining the security of your account credentials. Use a strong, unique password. Do not share your login. Notify us promptly if you suspect unauthorised access.
Cookies & Similar Technologies
| Type | Purpose | Required? |
|---|---|---|
| Session cookies | Maintain your authenticated session while you are logged in. | Yes — the Service cannot function without these |
| CSRF tokens | Protect against cross-site request forgery attacks. | Yes — required for security |
| Preference cookies | Remember settings such as your last-used board or UI preferences. | No — but refusing may affect your experience |
| Analytics cookies | Understand how users interact with the Service in aggregate. | No — you may opt out without losing functionality |
We do not use third-party advertising cookies or place cookies for the benefit of any advertiser or marketing platform.
Your Rights
Depending on your location, you may have certain rights regarding your personal data. We will endeavour to honour all valid requests subject to the constraints described below.
- Right of access. You may request a copy of the personal data we hold about you.
- Right to rectification. You may ask us to correct inaccurate personal data — for example, a misspelled name on your account. This does not extend to operational records already created, which are immutable.
- Right to erasure. You may request deletion of your account and personal profile data. Upon a valid erasure request, your name in operational records will be replaced with an anonymised identifier (e.g. "Former User") rather than deleted outright. Timestamps, action descriptions, and the integrity of the record are preserved; your personal identity is removed.
- Right to data portability. You may request an export of data you have provided to us in a structured, machine-readable format.
- Right to object or restrict processing. You may object to or request restriction of certain processing activities, including analytics.
- Right to withdraw consent. Where we rely on your consent, you may withdraw it at any time. Withdrawal does not affect data already collected on that legal basis.
Immutability and anonymisation. Operational records are intentionally permanent — their timestamps and content cannot be altered or deleted. An erasure request will anonymise your identity within those records but will not remove the records themselves. If full record deletion is required, Loginboard is not the right tool for your use case.
To exercise any of the above rights, contact us through the Service or via the details on our website. We will respond within 30 days, or within any shorter period required by applicable law.
If you are in the UK or EEA and believe we have not handled your data appropriately, you have the right to lodge a complaint with your local data protection authority.
Children
The Service is not directed at, and we do not knowingly collect personal data from, individuals under the age of 16. If you are a parent or guardian and believe your child has provided personal data through the Service, please contact us and we will take appropriate action.
International Data Transfers
Loginboard operates globally, and your data may be stored and processed in countries other than your own. Where we transfer personal data outside the UK or EEA, we take steps to ensure an appropriate level of protection is in place — for example, by using standard contractual clauses or relying on adequacy decisions where applicable.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where practicable, notify registered users via email or an in-product notice. Your continued use of the Service after any update constitutes acceptance of the revised policy.
The current version is always available at loginboard.com/privacy.
Contact
If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us through the Service or via the details on our website. We aim to respond to all privacy enquiries within 30 days.
For formal data protection enquiries, please mark your message "Privacy — Data Subject Request" and provide sufficient information to verify your identity.
Questions about your data?
Contact us through the Service or via the details on our website. We are committed to handling your personal data with care and transparency.