Last updated: March 2026
Version 2.0 — Effective date: March 2026
ICO Registration: ZB169812
Toolminder is a workplace tool management and safety compliance application developed and operated by Earlsmere Limited (“Earlsmere”, “we”, “us”, “our”). The Toolminder service is available on iOS, Android, and via a web portal.
Earlsmere is registered as a data controller with the Information Commissioner's Office (ICO) under registration number ZB169812.
Contact details:
This Privacy Policy explains how Earlsmere collects, uses, stores, and protects personal data in connection with the Toolminder service. It applies to:
This policy does not cover data processed by our customers in their own internal systems, or data held by third-party services that you access independently.
Earlsmere acts in two distinct roles depending on the data being processed.
Data Controller
For the personal data of Account Holders (the individuals who sign up for Toolminder on behalf of their organisation), Earlsmere is the data controller. We determine the purposes and means of processing this data, which is used solely to set up and administer the Toolminder account.
Data Processor
For all personal data relating to Users within a customer's Toolminder account (including names, email addresses, tool usage records, and exposure data), Earlsmere acts as a data processor on behalf of the customer organisation, which is the data controller for its own employees' data.
As a data processor, we process User data only in accordance with the documented instructions of the customer organisation. Where required by applicable law, our data processing obligations are set out in the Data Processing Agreement contained within our Terms of Service.
Customers are responsible for ensuring they have a lawful basis for sharing their employees' personal data with Toolminder, and for informing those individuals that their data will be processed through the Toolminder service.
Account Holder data (controller role)
User data (processor role)
In the event of an error or crash, Toolminder may collect diagnostic information from your device via Crashlytics (a Google Firebase service). This may include your device's IP address, device name, operating system version, app configuration at the time of the error, and the date and time of the incident. This data is used solely to identify and resolve technical issues and is not linked to your personal profile for any other purpose.
We process personal data on the following lawful bases under UK GDPR:
For User data processed in our capacity as a data processor, the lawful basis is determined by the customer organisation as data controller. Earlsmere processes such data solely on the customer's instructions.
Earlsmere uses personal data for the following purposes:
We do not use personal data for marketing purposes, and we do not sell personal data to any third party.
On occasion, a customer may request that Earlsmere personnel access their Toolminder account in order to provide technical support or to assist with account configuration. In these cases, the customer's explicit request constitutes the instruction under which Earlsmere accesses the account as a data processor.
Such access is carried out strictly under the instructions of the customer organisation as data controller, and is limited to what is reasonably necessary to fulfil the support request. It is not used for any other purpose. Customers are advised to revoke elevated access once the support activity is complete. Customers remain responsible for informing their employees that support access of this nature is possible, as part of their own obligations as data controller.
We use the following third-party services in the operation of Toolminder. These providers act as sub-processors and are obligated not to use your data for any purpose other than providing their services to us.
Google Firebase and Firestore
We use Firebase (a Google platform) for our core database (Cloud Firestore), authentication, and cloud storage. Our Firestore database is hosted in the London (europe-west2) region and all database data is stored within the United Kingdom. For more information, see Google's privacy policy at policies.google.com/privacy.
Crashlytics (Firebase Crashlytics)
We use Crashlytics for crash reporting and diagnostics within the mobile application. Crashlytics is a Firebase product operated by Google.
Google Play Services
The Android version of Toolminder uses Google Play Services, which may collect certain device and usage data in accordance with Google's own privacy policies.
The Toolminder mobile application is distributed via the Apple App Store and Google Play Store. These platforms may collect certain usage or device information in accordance with their own privacy policies, which are independent of this policy.
Twilio
We use Twilio to send SMS notifications within the Toolminder service. To deliver SMS messages, Twilio processes the recipient's mobile telephone number. Twilio is operated by Twilio Inc. and may process data outside the United Kingdom. For more information, see Twilio's privacy policy at twilio.com/en-us/legal/privacy.
SendGrid (Twilio SendGrid)
We use SendGrid to deliver transactional and notification emails sent by the Toolminder service, including account invitations and system alerts. To deliver emails, SendGrid processes the recipient's email address. SendGrid is a service of Twilio Inc. and may process data outside the United Kingdom. For more information, see Twilio's privacy policy at twilio.com/en-us/legal/privacy.
OneSignal
We use OneSignal to deliver push notifications to users of the Toolminder mobile app. To deliver push notifications, OneSignal processes device identifiers and, where provided, email addresses or other identifiers used to target notifications. OneSignal is operated by OneSignal Inc. and may process data outside the United Kingdom. For more information, see OneSignal's privacy policy at onesignal.com/privacy_policy.
We may update our list of sub-processors from time to time. Where we add new sub-processors that process personal data, we will update this policy and provide notice to Account Holders where appropriate.
Our primary database (Cloud Firestore) is hosted in the London (europe-west2) region and all database data is stored within the United Kingdom.
However, some third-party services used in the operation of Toolminder — including Twilio, SendGrid, and OneSignal — are operated by US-based companies and may process limited personal data (such as email addresses, telephone numbers, and device identifiers) outside the United Kingdom. Where such transfers occur, each provider relies on appropriate safeguards including the UK International Data Transfer Agreement (IDTA), Standard Contractual Clauses, or equivalent mechanisms approved by the Information Commissioner's Office.
Firebase Crashlytics and Google Play Services, as Google products, are also subject to Google's international data transfer arrangements, details of which are available at policies.google.com/privacy.
We retain personal data only for as long as is necessary for the purposes set out in this policy:
Customers are solely responsible for exporting any records they wish to retain before deleting accounts or ending their subscription. Toolminder cannot recover data following deletion.
We implement commercially reasonable technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include encrypted transmission of data (TLS), role-based access controls, authentication protections, and the use of secure cloud infrastructure operated by Google.
No method of data transmission or storage is entirely secure, and we cannot guarantee the absolute security of your data. In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours and affected individuals where required by UK GDPR.
We may disclose personal data where required to comply with legal obligations or lawful requests from public authorities, including law enforcement agencies. Where legally permitted, we will notify the affected data controller before making such a disclosure.
The Toolminder mobile application does not use cookies directly. The web portal may use cookies and similar technologies for session management and authentication purposes. Third-party libraries and services used within the application (including Firebase) may set their own cookies or use similar tracking technologies. You may be able to control cookie settings through your browser or device settings; however, disabling certain cookies may affect the functionality of the service.
The Toolminder service may contain links to third-party websites or services. We have no control over and accept no responsibility for the privacy practices or content of those sites. We recommend you review the privacy policy of any third-party site you visit.
Toolminder is a workplace safety compliance tool intended for use by adults in occupational settings. The service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete that data promptly. If you believe a child's data has been submitted, please contact us using the details in section 17.
Individuals whose data we process have the following rights, subject to applicable conditions and exemptions:
If your data is processed by Earlsmere as a data processor on behalf of a customer organisation, you should direct requests relating to your rights to that organisation as the data controller in the first instance. We will assist customers in responding to such requests where required.
To exercise your rights in relation to data processed by Earlsmere as data controller, please contact us using the details in section 17. We will respond within one calendar month of receipt.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time. The ICO can be contacted at ico.org.uk or by calling 0303 123 1113.
Earlsmere Limited is responsible for data protection compliance for the Toolminder service. We do not have a formally appointed Data Protection Officer, as we do not carry out large-scale systematic monitoring or processing of special category data. If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact our Data Privacy team:
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable legal requirements. When we make material changes, we will update the effective date at the top of this document and, where appropriate, notify Account Holders directly.
We encourage you to review this policy periodically. Continued use of the Toolminder service following notification of changes constitutes acceptance of the updated policy.
Need more help? help@toolminder.com or call 01226 750111