Tyst.
Open the app Book a demo
Legal

Privacy Policy

How Tyst collects, uses and protects your data. Last updated 15 June 2026.

1. Who we are

Tyst is a cleaning-operations platform provided by Reflow × Graig JV ("Tyst", "we", "us", "our"). Our Android app — together with the web dashboard at app.tyst.uk — gives cleaning companies and their clients the tools to schedule, witness and report on cleaning work across holiday parks, cottages, short lets, offices and commercial premises.

We are the data controller for the information processed through the Tyst platform. If you have questions about this policy, contact us at sam@tyst.uk.

2. What this policy covers

This policy explains:

  • What data we collect through the Tyst Android app and web dashboard
  • How we use it
  • Who we share it with
  • How we store and protect it
  • Your rights under UK GDPR and the Data Protection Act 2018

3. Data we collect

3.1 Account data

When your cleaning company onboards with Tyst, we collect:

  • Company details — business name, address, contact information
  • User accounts — names, email addresses, and roles (owner, manager, cleaner, client) for everyone who uses the platform
  • Authentication credentials — biometric templates (face / fingerprint) stored securely on-device for app login; email-and-password credentials for the web dashboard

3.2 Operational data

As your team uses Tyst day to day, we collect data that makes the platform work:

  • Scheduling data — cleaner availability, rotas, unit assignments, cleaning-step checklists
  • Job evidence — photographs, timestamps and GPS location captured at the point of cleaning
  • Defect reports — photos, video and notes documenting issues found during cleaning
  • Lost-property logs — photos and descriptions of items found
  • Consumable-stock logs — supply usage recorded per unit
  • Inventory verifications — checklist completions for high-value assets
  • Performance analytics — completion times, defect rates and quality metrics by cleaner and by unit

3.3 Device and usage data

When the Tyst Android app is used, we collect:

  • Device identifiers — Android device ID, for associating the app installation with a user account
  • App usage analytics — which screens are visited, feature adoption, error logs — to help us improve the product
  • Crash reports — diagnostic data when the app encounters an error
  • Sync logs — records of when offline data is synchronised with our servers

3.4 Location data

The Tyst app captures GPS coordinates alongside job photos and completion records. This is core to the product: it proves a cleaner was physically at the unit when the work was recorded. Location data is captured only while the app is in active use; we do not track background location.

You can deny location permission in Android settings, but the app's evidential value — timestamped, location-tagged proof — depends on it.

4. How we use your data

We use the data we collect for these purposes, and on these lawful bases under UK GDPR:

Purpose Lawful basis
Delivering the Tyst platform — scheduling, job witnessing, defect tracking, reporting and analytics Performance of a contract
Authenticating users via biometric or email login Performance of a contract; legitimate interest (security)
Providing client read-only access to cleaning progress and defect reports Performance of a contract (between the cleaning company and its client)
Improving the product — crash diagnostics, feature-usage analytics Legitimate interest (product improvement)
Sending service notifications — schedule changes, defect alerts, behind-schedule warnings Performance of a contract
Complying with legal obligations Legal obligation

5. How we share data

We do not sell personal data. We share data only as follows:

5.1 Within your organisation

Cleaning-company owners and managers can see all data within their organisation — schedules, job evidence, defects, analytics. Cleaners see their own rotas, task lists and submission history. Client users (unit owners, park operators) see a read-only view limited to the units they own or manage: cleaning progress, defect reports and lost-property logs. They cannot see other clients' data, nor can they modify anything.

5.2 Service providers

We use carefully vetted sub-processors to run the platform:

  • Cloud hosting — our platform infrastructure
  • Push-notification services — Firebase Cloud Messaging (for Android notifications)
  • Error and crash reporting — diagnostic tools to keep the app stable

Every sub-processor is bound by a data-processing agreement that matches the protections in this policy.

5.3 Legal disclosure

We may disclose data if required by law, court order or regulatory authority — and only to the extent necessary.

6. Data storage and retention

6.1 Where data lives

All platform data is hosted on managed infrastructure within the European Economic Area (EEA) or the United Kingdom. We do not transfer personal data outside the EEA / UK without adequate safeguards in place.

6.2 Offline data

The Tyst Android app stores the current day's tasks, photos and evidence on-device so it works fully offline. This local data is encrypted at rest by Android's file-based encryption. When a network connection becomes available, the app syncs to our servers and the local copy is reconciled. No offline data is accessible to other apps on the device.

6.3 How long we keep it

  • Account data — retained for the life of your organisation's subscription, then deleted within 90 days of termination unless you request earlier deletion
  • Job evidence (photos, timestamps, location) — retained for the life of the subscription plus a 12-month post-termination window, to allow clients to export their records
  • Analytics and usage data — retained for up to 24 months in aggregate form
  • Crash logs — retained for up to 90 days

You can request earlier deletion of specific data at any time by contacting us.

7. Biometric data

The Tyst Android app supports fingerprint and face authentication for quick, secure login. Here is how that works:

  • Biometric templates are generated and stored entirely on the device by Android's BiometricPrompt API. Tyst never receives, stores or has access to raw biometric data — we only receive a signed confirmation from the device that authentication succeeded.
  • If your device does not support biometrics, or you choose not to enrol, you can log in with your account credentials instead.
  • Biometric data on the device is protected by the Android Keystore system and is never exported off the device.

8. Photos and video

Photographs and video captured through Tyst are job evidence. They are stored on our platform alongside the associated cleaning record — timestamped, location-tagged and attributed to the cleaner who captured them. Key points:

  • Photos and video are visible to the cleaning company's owners, managers and — where the company chooses — to the relevant unit owners and park operators via read-only client access.
  • We do not scan, analyse or process photo / video content for any purpose beyond storage and delivery.
  • Media is stored on encrypted infrastructure within the EEA / UK.

9. Children's data

Tyst is a business-to-business platform for cleaning companies and property operators. It is not directed at children under the age of 16, and we do not knowingly collect data from children. If we become aware that a child under 16 has provided personal data through the platform, we will delete it promptly.

10. Your rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure — ask us to delete your data (the "right to be forgotten")
  • Right to restrict processing — ask us to limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Rights relating to automated decision-making — Tyst does not use automated decision-making or profiling that produces legal effects

To exercise any of these rights, email sam@tyst.uk. We will respond within one calendar month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

11. Data security

We take the security of your data seriously:

  • Encryption in transit — all data between the Android app and our servers is encrypted with TLS 1.3
  • Encryption at rest — server-side data is encrypted at rest; on-device data is protected by Android file-based encryption
  • Biometric authentication — app login is tied to the individual, eliminating shared-passwords risk
  • Role-based access — data visibility is strictly scoped by role: owner, manager, cleaner, client
  • Infrastructure security — our hosting provider maintains SOC 2 and ISO 27001 certifications
  • Access controls — only authorised Tyst personnel can access production data, and only for support and maintenance purposes

If we become aware of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and — where the risk is high — notify affected users without undue delay.

12. Changes to this policy

We may update this privacy policy from time to time. When we do, we will:

  • Post the updated policy on this page with a revised "last updated" date
  • Notify account holders of material changes via email or in-app notice

Continuing to use Tyst after a policy update means you accept the revised terms.

13. Contact us

Questions about this policy, or about how Tyst handles your data?

Email: sam@tyst.uk
Post: Reflow × Graig JV (Tyst), 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

Our Data Protection Officer can be reached at the same address, marked "FAO: Data Protection Officer".