Privacy Policy

How Workercms collects, uses and protects your personal data.

Last updated:

1. Data Controller

Workercms is a service operated by GUL SOFTWARE LTD, a company registered in England and Wales (company no. 17225516), with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. This Privacy Policy explains what we collect, why, and how we protect it under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 — and, for users in the EU, the EU GDPR.

2. Information We Collect

  • Account data: name, email, password (stored as a hash).
  • Content: posts, images, and comments you upload.
  • Technical data: IP address, browser info, usage analytics via cookies.
  • Payment data: processed by our payment provider (Stripe); card details are never stored on our servers.

3. Purposes and Lawful Bases

We process your data under Article 6 of the UK GDPR on these lawful bases:

  • Performance of a contract — to provide the service and manage your account and billing
  • Legitimate interests — security, fraud prevention, service improvement
  • Legal obligation — accounting, tax, and responding to legal requests
  • Consent — marketing and optional cookies only where you have consented

4. Sharing With Third Parties

We share personal data only when:

  • Required by law (court order or request from a competent authority)
  • With our service providers (hosting — Cloudflare, payments — Stripe, email — Resend) — only as needed for the service
  • With your explicit consent

5. International Transfers

Where data is transferred outside the UK or EU, we apply the safeguards required by the UK GDPR (adequacy decisions, Standard Contractual Clauses / the International Data Transfer Agreement).

6. Security and Retention

Passwords are hashed with PBKDF2-SHA256 (100,000 iterations). Traffic is encrypted with TLS 1.3. Backups are stored encrypted. We keep data only for as long as necessary for the purposes set out in this policy.

7. Your Rights

Under the UK GDPR you have the rights of access, rectification, erasure, restriction, portability, and objection. Contact us via the contact page to exercise these rights. You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO — ico.org.uk), if you are unhappy with how we handle your data.

8. Cookies

See our Cookie Policy for details on cookie usage.

9. Policy Changes

When we update this policy we'll refresh the date at the top. For material changes, we'll notify you at your registered email.