1. Who We Are
Enovate FSM ("we", "us", "our") provides field service management software for the UK gas, heating, and electrical trades. Our website is enovatefsm.com.
For data protection enquiries, contact us at support@enovatefsm.com.
2. What Data We Collect
The data we collect depends on whether you use the Team plan (cloud-hosted) or the Solo plan (device-local).
2.1 Account & Business Data
- Name, email address, phone number
- Password (stored as a salted hash — we never store plaintext passwords)
- Business name, address, logo, company number, VAT number
- Professional registration numbers (e.g. Gas Safe, electrician certification)
- Job title, qualifications
- Profile avatar and signature image
2.2 Customer & Property Data
- Customer names, email addresses, phone numbers, and postal addresses
- Property addresses, descriptions, and coordinates (latitude/longitude)
- Property tenant names and phone numbers
- Energy Performance Certificate (EPC) data retrieved from the UK Government API
2.3 Job & Work Data
- Job details: titles, descriptions, schedules, status, priority, duration
- Job completion reports: work performed, materials used, hours, customer satisfaction ratings
- Quotes, invoices, and purchase orders (including financial line items and totals)
- Gas safety certificates, compliance forms, and survey responses
- Heat loss calculation data (room measurements, building materials, floor plans)
2.4 Photos & Files
- Inspection photos and job attachments (up to 50 MB each)
- Photo metadata including location coordinates and timestamps
- Generated PDF documents (certificates, invoices, quotes, reports)
- Floor plan images for heat loss calculations
2.5 Device & Technical Data
- Device push notification token (Firebase Cloud Messaging)
- Device GPS location (when you grant permission, used for address autocomplete)
- Authentication tokens (stored encrypted on your device)
2.6 Messages
- In-app messages between team members (sender, receiver, message content, read status)
3. Solo Plan vs Team Plan
Solo Plan
Your data stays on your device. Only your business name and user account details are stored on our servers. All customer records, jobs, invoices, forms, and files are saved locally in the app's database on your phone or tablet. No data syncs to any cloud server.
Team Plan
Each business gets its own private, isolated PocketBase instance. Your data is stored on that dedicated server and synced to your team's devices. No other business can access your instance. Data is transmitted over encrypted HTTPS connections.
4. How We Use Your Data
- Providing the service — managing jobs, customers, quotes, invoices, forms, and certificates
- Authentication — verifying your identity and managing access
- Push notifications — alerting you to new jobs, messages, and updates
- Address lookup — using Google Places API to autocomplete addresses
- EPC data — retrieving energy performance data for properties from the UK Government API
- PDF generation — creating certificates, invoices, quotes, and reports
- Team communication — enabling in-app messaging between team members
- Support — responding to your enquiries via the contact form
5. Legal Basis for Processing (GDPR)
We process your data under the following legal bases:
- Contract — processing necessary to provide you the service you signed up for
- Legitimate interest — improving the app, preventing fraud, ensuring security
- Consent — where you grant device permissions (camera, location, photo library) or opt in to notifications
- Legal obligation — where required by UK law (e.g. retaining gas safety records)
6. Third-Party Services
We share data with the following third parties, only as needed to provide the service:
| Service | Purpose | Data Shared |
| Google Places API | Address autocomplete and geocoding | Address text, device coordinates |
| UK Government EPC API | Retrieving Energy Performance Certificates | Property postcode and address |
| Firebase Cloud Messaging (Google) | Push notifications | Device token, notification content (job titles, message previews) |
| PocketBase (self-hosted) | Backend data storage (Team plan) | All business data on your dedicated instance |
We do not sell your data to any third party. We do not use any advertising or analytics tracking SDKs.
7. Device Permissions
The app may request the following permissions. You can decline any of them, though some features may be limited:
- Camera — taking photos during inspections and site visits
- Photo Library — selecting existing images to attach to jobs and properties
- Location — address autocomplete suggestions and recording job/property coordinates
- Push Notifications — receiving alerts for new jobs, messages, and updates
8. Data Storage & Security
- Authentication tokens are stored in encrypted device storage (iOS Keychain / Android Keystore)
- All network communication uses HTTPS (TLS encryption in transit)
- Passwords are salted and hashed — never stored in plaintext
- Team plan data is isolated per business — no shared databases
- Solo plan data remains entirely on your device, protected by the operating system's app sandbox
9. Data Retention
- Your data is retained for as long as your account is active
- Gas safety certificates and compliance records are retained in line with UK regulatory requirements
- If you delete your account, we will remove your data from our servers within 30 days
- Solo plan users can delete all data by uninstalling the app or using the in-app backup/restore feature
- Contact form submissions are retained for up to 12 months
10. Your Rights (UK GDPR)
Under UK data protection law, you have the right to:
- Access — request a copy of your personal data
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — ask us to limit how we process your data
- Portability — receive your data in a portable format
- Object — object to processing based on legitimate interest
- Withdraw consent — where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, email support@enovatefsm.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
11. Children's Privacy
Enovate FSM is a professional business tool and is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.
12. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. The "last updated" date at the top of this page will always reflect the most recent revision.
13. Contact Us
If you have questions about this privacy policy or how we handle your data: