Privacy Policy - CineLog

1. Data Controller

CineLog is operated by EZLOG LTD, registered in the United Kingdom.

For any privacy-related enquiries, contact: contact@cinelog.co.uk

2. Data We Collect

The App is designed to function with minimal data collection. Most information you enter is stored on your iPhone or iPad (and, if you use teams, within Apple's CloudKit sharing between members you invite). It is not uploaded to CineLog-operated servers unless this policy says otherwise for a specific optional feature.

2.1 Data You Enter in the App (on your device)

Work logs: dates, times, and crew roles you select
Job labels you choose for your own records (for example a production, show, or employer name you type in). These labels help you organise work on your device; they are not sent to CineLog-operated servers
Optional notes you enter
Optional invoicing details (only if you enable invoicing features)
Subscription status and entitlement metadata

If you opt in to anonymous rate insights (section 9.1), we process only production type (for example HETV or Feature Film), budget band, department, crew role from the in-app list, and day rate. We do not send your job labels, production titles, or client names for that feature.

2.2 Data Automatically Generated

Anonymous app identifiers required for iOS functionality
Subscription transaction receipts (handled by Apple)

2.3 Data We Do Not Collect

                No real names required
No contact lists
No precise location data
No production titles, job names, client names, or employer names on CineLog-operated servers (including anonymous rate insights and Refer crew)
No pay rates shared between team members in team features (your rate stays on your device; the team only sees hours)
No behavioural tracking across apps or websites
No advertising identifiers

            

Anonymous rate insights (section 9.1) is optional and off by default. If you opt in, only the categorised fields in section 9.1 are sent, never your free-text job labels or production titles.

2.4 Refer crew (optional)

If you use Refer crew in the App, limited data is sent to our referral service. This runs on separate infrastructure from optional anonymous rate insights (section 9.1). Your timesheet, job, invoice, and tax data are not mixed into referral storage.

Data processed for referrals may include:

A pseudonymous device identifier (HMAC hash, not your name or email)
Your referral code and whether a new install was attributed to it
App Store subscription notification metadata needed to confirm a qualifying paid referral (such as appAccountToken and transaction identifiers)

We do not upload jobs, time entries, invoices, bank details, or HMRC or accounting tokens for referrals.

3. On-Device Processing

All earnings calculations, tax estimates, deductions, and invoice generation are performed entirely on your device.

Financial and invoicing data:

Is encrypted using Apple platform encryption
Is stored locally on your device only
Is not transmitted to CineLog servers
Is not accessible to other users, teams, or productions

CineLog has no technical capability to access this data.

4. Invoicing & Accounting Integrations

The App offers optional accounting integrations, including APIs to third-party accounting platforms such as QuickBooks, for users who choose to enable them.

Invoicing information remains encrypted using Apple's encryption mechanisms
Invoice data is stored on-device only
Data is transmitted directly from your device to the selected accounting provider
CineLog does not store, process, or retain invoice contents

Use of third-party accounting services is governed by their respective privacy policies.

5. HMRC Making Tax Digital (MTD)

CineLog includes an optional Making Tax Digital (MTD) feature that allows self-employed users to submit quarterly income and expense updates, and an annual final declaration, directly to HM Revenue & Customs (HMRC) on their behalf.

5.1 What data is processed

National Insurance Number (NINO) — entered by you and stored encrypted in the iOS Keychain on your device only. Used in HMRC API request paths.
HMRC OAuth tokens (access token and refresh token) — stored in the iOS Keychain on your device only. Never transmitted to CineLog.
HMRC Business ID — your HMRC-assigned self-employment business identifier, stored in the iOS Keychain on your device only.
Quarterly income and expense totals — calculated on-device from your CineLog time entries and submitted to HMRC at your explicit instruction.

5.2 How data is transmitted

Direct device-to-HMRC connection: All HMRC API calls are made directly from your device to HMRC's servers (MOBILE_APP_DIRECT). CineLog does not operate any server that receives, stores, or processes your HMRC credentials or submission data. Your NINO, tokens, and quarterly figures never pass through any CineLog-operated system.

5.3 Consent and control

Before connecting to HMRC for the first time, you are shown a clear explanation of what CineLog will do on your behalf
No submission is ever made without your explicit instruction — there are no automatic or background submissions
You can disconnect from HMRC at any time from within the app. This immediately clears all stored tokens from your device's Keychain
Access can also be revoked directly through the HMRC Government Gateway

5.4 Legal basis

Processing HMRC-related data is carried out under:

Contract — to provide the MTD service you have subscribed to
Legal obligation — to assist you in meeting your statutory Making Tax Digital for Income Tax obligations

5.5 Third party

By using the MTD feature, your income and expense data is submitted to HMRC on your behalf. HMRC's handling of that data is governed by HMRC's own privacy notice.

6. Cloud Storage & Sync

Where enabled by the user, the App uses Apple CloudKit to sync work logs across a user's own devices or within explicitly joined teams.

CloudKit data is encrypted by Apple
CineLog cannot read encrypted record contents
Team sharing includes only work time entries required for production visibility
Financial, tax, and invoicing data are excluded from CloudKit syncing

CineLog does not operate user-data servers for your financial, tax, or invoice data. If you opt in to anonymous rate insights (section 9.1), limited data is processed on secure EU-based infrastructure operated by a third-party processor, as described in section 9.1.

7. Team & Production Sharing

When you join or create a team:

Only work time entries relevant to the production are shared
Pay rates, earnings, tax data, and invoice data are never shared
Access is governed by Apple's CloudKit permission model
You may leave a team at any time, ending future data sharing

8. Subscriptions & Payments

Subscriptions are processed entirely by Apple In-App Purchases.

CineLog:

Does not receive payment card details
Does not store billing information
Only receives subscription entitlement status

Apple's privacy policy governs payment data handling.

8.1 Refer crew rewards

Subscribers may share a personal invite link with crew. New users who install through that link receive the same introductory trial as other new subscribers. Referrers do not receive extended trials for referees.

When crew become paying subscribers after a trial, referrers may earn free subscription time through Apple In-App Purchase promotional offers. Rewards are applied by Apple to the referrer's subscription, not by unlocking Pro locally in the App.

9. Analytics & Tracking

CineLog does not use:

Advertising SDKs
Cross-app tracking
Behavioural profiling

Limited, aggregated diagnostic data may be provided by Apple for stability and performance improvements. This data is non-identifying and is separate from the optional feature below.

9.1 Optional anonymous rate insights (BECTU Camera Branch)

The App offers optional anonymous rate insights for eligible camera-branch departments. If you opt in, you share pay-context data that is designed to be anonymous to help BECTU Camera Branch with rate-card research.

This is optional. It is off by default. You are prompted during job setup (and can change your choice at any time under Privacy & Sharing in the app).

What may be shared (only if you opt in):

Production type (e.g. HETV or Feature Film)
Production budget band (where applicable)
Your department and crew role (from the in-app role list — not free-text labels)
Your day rate as entered in the app (or a day rate derived from your pay settings in the app)

What is not shared:

Your name or contact details
Production or job titles
Client, employer, or agency details
Invoice or tax data
Team-shared hours or other users' data
Your Apple ID or advertising identifiers
Free-text role descriptions (including if you choose "Other" in the role list)

Who receives it:

Data is sent from your device to EZLOG LTD and held on secure EU-based infrastructure operated by a third-party processor we use.

We do not include your name, contact details, or production titles in this data.

Anonymous submissions are shared with BECTU Camera Branch for rate-card research. Because day rates can be specific, we cannot guarantee that every combination of role, band, and rate is unique in the industry, but the feature is not intended to identify you personally.

Legal basis:

Your consent (you can withdraw it at any time).

How to opt out:

Turn off sharing in the app (Privacy & Sharing). This stops new uploads and deletes the data we still hold for this feature. Data already shared with BECTU may be retained by them under their policies and our data-sharing agreement.

Processing on our systems:

We may process limited technical information needed to run this feature and prevent misuse. We do not publish the details of those checks.

10. Data Retention

On-device data remains until you delete it or uninstall the App
Cloud-synced work logs remain until you delete them
No invoice contents are retained by CineLog
Subscription records are retained only as required by law
Anonymous rate insights (if opted in): Data is kept on our EU infrastructure while you remain opted in. When you opt out, we delete the data we still hold for this feature.
Data shared with BECTU: Anonymous data already received by BECTU Camera Branch may be retained by BECTU under their policies.

11. Your Rights (UK & EU Users)

Under UK GDPR and GDPR, you have the right to:

Access your data
Delete your data
Restrict processing
Data portability (where applicable)

Because most data resides on your device, deletion is immediate and user-controlled.

If you have opted in to anonymous rate insights, you can withdraw consent at any time in the app (Privacy & Sharing). You may also contact us at contact@cinelog.co.uk about data we hold for this feature. Because most other data is on your device, you can delete it immediately by removing jobs, entries, or uninstalling the App.

12. Children's Privacy

CineLog is not intended for users under 16.

No data is knowingly collected from children.

13. Security

Security is enforced through:

Apple-managed encryption
Local-only storage of sensitive financial and invoicing data
No CineLog-hosted storage of your financial, tax, or invoice databases; optional anonymous rate insights are handled separately on secure EU-based infrastructure (section 9.1)

The system is intentionally designed to minimise exposure rather than rely on downstream controls.

14. Changes to This Policy

This policy may be updated as features evolve.

Material changes will be communicated via the App or App Store listing.

15. Contact

For privacy enquiries or requests:

contact@cinelog.co.uk