Solicitor-review draft · not live collection

Privacy and retention wording for future app enquiries.

This notice is drafted for review before High Caliber Apps enables any customer enquiry or app-support form. It follows the shape commonly expected in UK privacy notices: who controls the data, what is collected, why it is used, the likely lawful basis, who receives it, how long it is kept, customer rights, and how to raise a concern.

No live enquiry form, form handler, CRM, analytics, email automation, customer account, upload route, or customer-data storage is connected here. This is public-facing draft wording for legal review before activation.

Short form notice Retention schedule Form readiness page

Review note

Designed to be checked before publication as an active policy.

Draft status: This wording is intended as a clear, conservative starting point for solicitor review. It should not be treated as final legal advice, a complete privacy policy, or approval to begin collecting customer data.

Inspiration scan: The structure reflects common UK privacy-notice expectations from ICO guidance and GOV.UK data-protection guidance, plus wording patterns seen in established technology companies: use data only for stated purposes, keep it only as long as necessary, protect it with reasonable safeguards, and give people a route to request access, correction, deletion, or objection where applicable.

Short form wording for the future enquiry form

Plain wording customers can read before pressing submit.

Draft form notice: High Caliber Apps will use the information you provide in this enquiry to understand your app question, reply to you, provide product-fit or support guidance, keep a limited record of the conversation, and protect the service from misuse or unsafe requests. Please do not include passwords, payment-card details, private files, full backups, recovery source files, identity documents, or sensitive personal material in your first message.

If your enquiry later needs diagnostic material, we will ask for the smallest useful amount and explain the safer route before you send anything. We do not use enquiry messages for advertising profiles, resale, unrelated mailing lists, or automated decision-making. We may use trusted service providers such as email hosting, static hosting, security, or ticketing tools only where they are needed to receive, secure, or respond to the enquiry.

Routine enquiries are intended to be kept only as long as needed to handle the request and maintain a sensible support record. Longer retention may apply where an enquiry relates to an order, dispute, security issue, legal obligation, product-fit review, or licensing discussion. You may ask for a copy, correction, deletion, or restriction of your enquiry information, subject to applicable legal and operational limits.

What a future enquiry form should collect

Minimum useful information, not maximum data.

ContactName and reply email

Used to respond to the enquiry. No identity documents or unnecessary personal details should be requested.

RoutingEnquiry type and product

Used to separate product-fit questions, install/download help, licence/order questions, support issues, platform questions, and general catalogue messages.

Support contextPlatform, version, safe summary

Used to understand the issue without asking for private files, passwords, full backups, or source data at first contact.

Operational recordsConversation history

Used to avoid losing support context, respond consistently, and review service quality where needed.

SecurityBasic technical/security logs

Used to protect the site and stop spam, abuse, or unsafe submissions. Analytics/tracking remains approval-gated.

OptionalOrder or reference number

Used only if the customer already has one. Payment-card details should never be requested in an enquiry form.

Purpose and lawful basis to review

Suggested UK GDPR structure for the solicitor.

Responding to enquiriesLegitimate interests / pre-contract steps

Replying to a question, checking product fit, or helping a customer before purchase.

Support recordsLegitimate interests / contract support

Keeping enough context to resolve a support issue and avoid repeated explanations.

Orders or disputesContract / legal obligation / legitimate interests

Keeping records connected with purchases, refunds, complaints, chargebacks, or legal claims.

Security and abuse preventionLegitimate interests

Protecting the site, inbox, customers, and business from spam, malicious files, fraud, or misuse.

Draft retention schedule

Keep enquiry data only for a clear reason.

General pre-sales enquiriesUp to 12 months after the last meaningful contact

Enough time for follow-up, then delete or anonymise unless the conversation becomes an order, support case, or legal matter.

Product support enquiriesUp to 24 months after closure

Supports continuity for version issues, repeat bugs, and customer-care history without keeping support messages indefinitely.

Order, refund, complaint, or dispute recordsUp to 6 years where needed

Allows normal UK limitation/accounting-style record needs to be reviewed by the solicitor/accountant before adoption.

Security, spam, or abuse recordsUp to 12 months, or longer if needed to investigate misuse

Protects the service while avoiding open-ended retention of ordinary visitor details.

Specialist product-fit or licensing enquiriesUp to 3 years after last contact unless replaced by a signed agreement

Keeps product-fit or licensing context separate from normal support and allows later deletion if discussions do not proceed.

Accidental sensitive materialDelete as soon as practical after identifying it is not needed

Customers should be asked not to send private files or sensitive material through the first enquiry route.

Customer rights and requests

A clear route for access, correction, deletion, and concerns.

Customers should be able to ask what enquiry information is held about them.
Customers should be able to ask for correction where enquiry details are wrong or incomplete.
Customers should be able to ask for deletion or restriction where continued retention is no longer needed, subject to legal, security, accounting, dispute, and operational limits.
Customers should be able to object to unnecessary follow-up or non-essential use of their enquiry information.
The final solicitor-reviewed policy should name the proper contact route and explain the right to complain to the UK Information Commissioner’s Office if a concern cannot be resolved directly.

Before going live

This wording is not the switch-on approval.

Solicitor review and business-owner approval of the final privacy/retention notice.
Named recipient inbox or ticketing system with secure access and deletion process.
Confirmed spam protection that does not add unapproved analytics or advertising tracking.
Dummy-data test only, followed by explicit approval before accepting real customer enquiries.