TemporGDPR Compliance
Last updated: 22 June 2026
Temporra, operated by Alpha IT Solutions in the United Kingdom, is built to help you meet your obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page summarises how we handle personal data; for full detail see our Privacy Policy.
1. Controller and processor roles
When you use Temporra to manage your workforce, you are the data controller of your workers' personal data and we are the data processor — we process that data only on your documented instructions. For the account, billing and subscription data of the business owner / admin, Temporra (Alpha IT Solutions) is the controller.
2. UK data residency
Personal data processed through Temporra is hosted on servers located in the United Kingdom / European Economic Area. We do not transfer personal data outside the UK/EEA except where the recipient is covered by safeguards recognised under UK GDPR (such as an adequacy decision or standard contractual clauses).
3. Lawful processing and special category data
Some features involve sensitive ("special category") data and are handled with extra care:
| Feature | How it is protected |
|---|---|
| Facial recognition (biometric data) | Optional, off by default, enabled by the employer. Requires the worker's explicit consent (Article 9(2)(a)). We store a mathematical template (128 numbers), not a viewable photo; it can be deleted on request at any time. |
| GPS clock-in location | Captured only at the moment of clock-in/out — never continuously or in the background — and stored with the timesheet to confirm site attendance. |
4. Data subject rights
Temporra supports the rights of individuals under UK GDPR — access, rectification, erasure, restriction, objection, portability and withdrawal of consent. Workers should direct requests about their workforce records to their employer (the controller); we provide the tools to action them, including exporting and permanently deleting individual records.
5. Sub-processors
We use a small number of trusted providers to deliver the Service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Hosting provider | Application and database hosting | UK / EEA |
| Stripe | Subscription payment processing | UK / EU, with UK GDPR safeguards |
| Email delivery provider | Service and notification emails | UK / EEA |
6. Security measures
- Encryption in transit using TLS (HTTPS) on all connections
- Passwords stored using strong one-way hashing — we can never read them
- Role-based access control so workers, managers and admins see only what their role allows
- Firewalled servers with restricted access to production systems
- Per-tenant data separation between businesses
7. Data retention
We keep personal data only as long as needed for the purposes it was collected, or as required by law. Workforce records are retained while your account is active or until you delete them; facial templates until consent is withdrawn or the profile is deleted; account and billing data for the period required by UK tax law. Full detail is in our Privacy Policy.
8. Data breach notification
We maintain procedures to detect and respond to personal-data breaches. Where a breach is likely to result in a risk to individuals, we will notify affected controllers without undue delay so they can meet their own reporting obligations to the ICO and, where required, to data subjects.
9. Data Processing Agreement
If your business requires a signed Data Processing Agreement (DPA) covering our role as processor, we are happy to provide one — just contact us.
10. Contact
For any data-protection question, to request a DPA, or to exercise your rights:
Alpha IT Solutions — Temporra
London RM9, United Kingdom
Email: support@temporra.app
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).