Hello edun.

Privacy Policy

Last Updated: 23/12/2025

Edun Ltd operates the edun: MyWork application and the website https://www.helloedun.co.uk (collectively, the "Service").

This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our Service.

By downloading, installing, accessing, or using the App or our website, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

To provide and improve our Service, we may collect the following types of personal information:

  • Name
  • Email address
  • Phone number
  • Authentication and account details if you create an account
  • Usage data and interaction data within the App
  • Device information (e.g. operating system, device type)
  • Log and diagnostic data (see below)

Third-party accounting and finance integrations

Our Service allows you to connect with third-party accounting and financial management platforms to enable data synchronization and related features. When you authorize these integrations:

  • We store authentication credentials securely to maintain your connection
  • We access financial data (e.g. invoices, contacts, transactions, account settings) as authorized by you
  • We use this data only to provide the Service to you (e.g. timesheet management, invoicing, reporting)
  • We do not sell or share your financial data with third parties for marketing purposes

You may revoke these integrations at any time through your account settings. When you disconnect an integration, we stop accessing new data from that service, though we may retain historical data where required for record-keeping and contractual obligations.

We use this information to:

  • provide access to the Service
  • communicate with you
  • improve functionality and user experience
  • provide customer support
  • maintain security, prevent fraud, and troubleshoot issues

Lawful Basis for Processing (GDPR / UK GDPR)

We process personal information under the following lawful bases:

  • Contractual necessity- to provide access to and operate the App and Service
  • Legitimate interests- to improve the Service, maintain security, and provide support
  • Consent- where you choose to opt-in to communications or optional features
  • Legal obligation- where we are required to retain information for regulatory or tax purposes

Where processing is based on consent, you may withdraw your consent at any time.

Log Data

When you use our App or website, we may collect log data including:

  • error reports
  • diagnostic information
  • performance data

We do not log identifiable personal data within error logs.

Cookies and Tracking Technologies

Our website uses cookies to enable essential functionality and improve user experience. Cookies may store anonymous identifiers.

For more information, please see our Cookie Policy: https://www.helloedun.co.uk/about/cookies

The App may use similar technologies (e.g. local storage) for authentication and performance purposes.

Third-Party Service Providers

We may employ third-party companies and individuals to:

  • facilitate the Service
  • provide the Service on our behalf
  • perform Service-related functions
  • analyse how the Service is used

These third parties may have access to personal information only to perform tasks on our behalf and are required not to disclose or use it for any other purpose.

Examples include:

  • hosting providers
  • analytics services
  • customer support tools

Data Retention

We retain personal information only for as long as necessary to:

  • provide the Service
  • meet legal, accounting, or reporting requirements
  • resolve disputes
  • enforce agreements

Typical retention periods include:

  • account information- retained while the account remains active
  • support enquiries- up to 12 months
  • technical logs- up to 90 days
  • financial records- up to 7 years (legal requirement)

When information is no longer required, it will be securely deleted or anonymised.

International Data Transfers

Your personal information may be processed and stored outside the United Kingdom.

Where this occurs, we will ensure appropriate safeguards are in place, such as:

  • UK GDPR standard contractual clauses
  • adequacy decisions
  • encryption and secure transfer protocols

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or significant effects on users.

If this changes, we will update this Privacy Policy and notify users where required.

Security

We implement industry-standard security measures to protect your data, including:

  • encryption of data in transit
  • encryption of sensitive data at rest (where applicable)
  • secure authentication and access controls (including OAuth 2.0 for supported integrations)
  • regular security audits and updates
  • access controls limiting employee access to personal data on a need-to-know basis

However, no method of internet transmission or electronic storage is 100% secure, and we cannot guarantee absolute security. In the event of a data breach that affects your personal data, we will notify you and relevant authorities within 72 hours where required by law.

  • We collect and store authentication credentials securely to maintain your connection
  • We access financial data including invoices, contacts, transactions, and account settings as authorized by you
  • We use this data solely to provide our services to you, such as timesheet management, invoicing, and reporting
  • We do not sell or share your financial data with any third parties for marketing purposes

You may revoke these integrations at any time through your account settings. When you disconnect an integration, we will cease accessing your data from that service, though we may retain historical data necessary for record-keeping and contractual obligations.

Data Retention and Deletion

We retain your personal and financial data for as long as your account is active or as needed to provide you services. Specifically:

  • Active account data is retained while your account remains active
  • Financial records may be retained for up to 7 years to comply with accounting and tax regulations

Your Data Rights

Under data protection laws including GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of all personal data we hold about you
  • Right to Erasure: You can request deletion of your personal data (subject to legal obligations)
  • Right to Data Portability: You can request your data in a structured, machine-readable format
  • Right to Withdraw Consent: You can withdraw consent for data processing at any time
  • Right to Object: You can object to certain types of data processing

To exercise any of these rights, please contact us at info@helloedun.co.uk. We will respond to your request.

Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data in transit
  • Encryption of sensitive data at rest
  • Secure authentication using OAuth 2.0 protocols for third-party integrations
  • Regular security audits and updates
  • Access controls limiting employee access to personal data on a need-to-know basis

In the event of a data breach that affects your personal data, we will notify you and relevant authorities within 72 hours as required by applicable law.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contractual Necessity: Processing is necessary to provide the services you've requested
  • Consent: You have given explicit consent for specific processing activities (e.g., connecting third-party integrations)
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services and preventing fraud
  • Legal Obligations: Processing is required to comply with legal and regulatory requirements

International Data Transfers

Your data may be transferred to and processed in countries outside of your country of residence. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your data.

Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Links to Other Sites

The Service may contain links to external websites. We are not responsible for the content or privacy practices of third-party sites and recommend reviewing their privacy policies.

Children’s Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

If we become aware that a child under 13 has provided personal information, we will delete it immediately. If you believe this may have occurred, please contact us.

User Rights (UK GDPR / GDPR)

Depending on your location, you have the following rights relating to your personal information:

  • the right to access the personal data we hold about you
  • the right to request correction of inaccurate data
  • the right to request deletion (“right to be forgotten”)
  • the right to restrict processing
  • the right to object to processing based on legitimate interests
  • the right to data portability
  • the right to withdraw consent
  • the right to lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, please contact:

Email: info@helloedun.co.uk

App Store / Google Play Requirements

To comply with app store policies:

  • the App may request access to device storage to save authentication data
  • the App may request internet access to operate the Service

We do not access:

  • photos
  • contacts
  • precise location
  • microphone
  • camera

unless explicitly stated and permission is requested within the App.

Your Choices

You may:

  • uninstall the App at any time
  • disable cookies in your browser
  • request deletion of your account data

If you request account deletion, we will remove personal information unless we are legally required to retain certain records.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page and become effective immediately upon posting.

Contact Us

If you have any questions or concerns regarding this Privacy Policy, please contact:

Email: info@helloedun.co.uk

Service Level Agreement

The Agreement is made between the Supplier & the Customer.

This SLA outlines service levels relating to:

  • customer support enquiries
  • technical support enquiries
  • bespoke developments
  1. Definitions
    1. Customer: the person, firm or company who purchases Services from the Supplier.
    2. Services: the services to be provided by the Supplier under the Contract.
    3. Supplier: EDUN LTD with registered company number 13689679.
    4. Business hours: Hours occurring within a normal business day, 08:00 – 18:00 GMT.
    5. Bespoke Developments: Services that are not currently available within the Edun product offering which require specific development for the Customer.
    6. Additional Services: Services that are expressly requested by the Customer to the Supplier that are not currently available from Edun.
    7. Existing Services: Services that currently exist within Edun that are available for Customers to use.
  2. Service Level Agreement
    1. The Supplier shall aim to resolve all support problems for existing services in line with the following conditions.
      1. Tier 1 - Critical Issues:
        • Critical issues cause complete or partial service outage and affect the customer’s ability to conduct business-critical operations.
        • Supplier Response Time: 1 business hour from the time of reporting the issue to a representative of the Supplier.
        • Resolution Time: 4 business hours from the time of acknowledging the issue by the Supplier.
        • Please note that ‘bespoke developments’ are quoted on independent milestones and do not formulate this SLA. Please refer to your contract for the definition of ‘bespoke development’
      2. Tier 2 - Major Issues:
        • Major Issues cause significant impairment of service but do not cause a complete service outage.
        • Response Time: 3 business hours from the time of reporting the issue to a representative of the Supplier.
        • Resolution Time: 8 business hours from the time of acknowledging the issue by the Supplier.
        • Please note that 'bespoke developments' are quoted on independent milestones and do not formulate this SLA. You will refer to your contract for the definition of 'bespoke development'
      3. Tier 3 - Minor Issues:
        • Minor issues do not significantly affect the service but cause minor inconvenience to the customer.
        • Response Time: 24 business hours from the time of reporting the issue to the Supplier.
        • Resolution Time: Varying and agreed with the customer independently from the time of acknowledging the issue by our support team.
        • Please note that 'bespoke developments' are quoted on independent milestones and do not formulate this SLA. You will refer to your contract for the definition of 'bespoke development '
    2. The Customer acknowledges that the resolution times refer to the time taken by the Supplier to provide a solution or workaround for the reported issue. These times are subject to change depending on the complexity of the issue, the availability of resources, and any other factors that may affect the resolution time. Where a workaround is available the supplier makes no guarantees additional solutions can be sought but will make reasonable efforts to accommodate this.
    3. The customer acknowledges that data migration complications do not fall within the remit of this service level agreement.
    4. The customer acknowledges that any complications that arise which require input from a third party will affect resolution times from the supplier & our support team will make reasonable effort to communicate this.
  3. Bespoke Developments
    1. The Supplier may (at its sole discretion) offer Bespoke Developments and/or Additional Services to Customers which can be expressly requested by the Customer. The Supplier does not guarantee that all requests will be possible but where they are, these Additional Services will be charged on a pro-rata basis and quoted on individual milestones.
    2. The Customer acknowledges and accepts that when Bespoke Developments and/or Additional Services are created, technical issues may delay the quoted milestones and could also affect the estimated costs.
    3. Bespoke developments and/or Additional services are delivered within agreed milestones but do not correlate to the service level agreement for Existing Services