1. Who we are
Punchless is operated by Turbopeace Apps Ltd, a company based in the United Kingdom. Punchless is a business-to-business software product designed to help businesses manage prepaid session cards, member packages, QR passes and check-ins.
For privacy questions, contact us at support@turbopeaceapps.com.
2. Who this policy applies to
This policy applies to business owners, staff users and website visitors who use Punchless. Punchless is intended for adult business users aged 18 or over.
Businesses using Punchless may enter information about their own customers or members. In that situation, the business is normally the controller of that customer/member data, and Turbopeace Apps Ltd processes it to provide the Punchless service.
3. Information we collect
Account and business information
- Owner and staff names
- Email addresses
- Business name and business type
- Billing email
- Timezone, currency, plan, trial and subscription status
Member/customer information entered by businesses
- First name, last name and display name
- Email address and phone number
- Notes entered by the business
- Package credits, attendance and check-in history
- QR pass tokens and related pass links
Technical and usage information
- Device, browser and app version information
- IP address and basic request logs
- Crash reports and diagnostics
- Analytics events showing how the app and website are used
4. How we use information
- To create and manage Punchless accounts
- To authenticate owners and staff
- To provide member, package, QR pass and check-in features
- To manage trials, subscriptions and access status
- To provide support and respond to requests
- To monitor reliability, security and performance
- To prevent fraud, abuse and misuse of the service
- To improve Punchless and understand product usage
5. Payments
Paid subscriptions are handled by Revolut. Turbopeace Apps Ltd does not store full payment card details. Payment information is processed by Revolut according to its own terms and privacy practices.
6. QR passes and sharing
Punchless can generate QR pass links for members. The app may open the business user’s device apps, such as WhatsApp, SMS or email, to allow that business to send a pass link. Punchless does not send those messages itself.
7. Children and minors
Punchless is intended for business operators aged 18 or over. Some businesses using Punchless may provide services to minors, such as dance schools, tutoring providers or kids clubs. Those businesses are responsible for ensuring they have an appropriate lawful basis and permissions to enter and manage customer/member information in Punchless.
8. Health-related businesses
Punchless may be used by businesses such as physiotherapy clinics or wellness providers. Punchless is not designed to store formal medical records, diagnoses, treatment notes or information requiring specialist healthcare record compliance. Businesses should avoid entering sensitive medical information into Punchless notes or member records unless they are legally permitted to do so.
9. Third-party services we use
We use trusted third-party services to provide Punchless, including:
- Firebase Authentication
- Cloud Firestore
- Google Cloud Functions / Cloud Run
- Firebase Hosting
- Firebase Analytics
- Firebase Crashlytics
- Google Analytics
- Cloudflare
- Google Play
- Revolut for subscription payments
10. Data retention
We retain account and business data while the Punchless account is active or as needed to provide the service. Archived members, attendance records, package records and audit history may be retained so businesses can preserve operational history.
Business owners may request account or organisation deletion by contacting support. For MVP, deletion requests are handled manually.
11. Deletion and access requests
Business owners can contact us to request access, correction or deletion of their organisation data.
If you are a customer or member of a business using Punchless, please contact that business directly about access, correction or deletion of your personal data. We may redirect such requests to the relevant business because they control the data they enter into Punchless.
12. Security
We use reasonable technical and organisational measures to protect data, including authentication, hosted cloud infrastructure and access controls. No system is completely secure, and we cannot guarantee absolute security.
13. International processing
Our service providers may process data in countries outside the United Kingdom. Where required, we rely on appropriate safeguards provided by those service providers.
14. Your rights
Depending on your location and relationship with Punchless, you may have rights to access, correct, delete, restrict or object to processing of your personal data. You may also have the right to complain to a data protection authority.
15. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify users or make the updated policy available on our website.
16. Contact
For privacy questions or requests, contact support@turbopeaceapps.com.