Yew Technologies logoYEW Technologies
← Back to home

Privacy Policy

Last updated: June 2026

1. Who We Are

YEW Technologies (“we”, “us”, “our”) is a software and technology company providing digital solutions to businesses. We are the data controller responsible for the personal data collected through this website and our associated product websites ( documentscabinet.com and yewepos.com) and our products.

Our ICO registration number is ZC121566.

If you have any questions about this policy, wish to exercise your data protection rights, or submit a Data Subject Access Request (DSAR), please contact our privacy team at privacy@yewtechnologies.co.uk.

2. What Data We Collect

We collect personal data in the following ways:

  • Contact form: When you submit an enquiry, we collect your name, email address, and the contents of your message, plus an optional business or company name.
  • Product usage (Zero Paper / RetailOS): If you use our products, we may collect data necessary to provide the service, as described in the relevant product agreement.
  • Technical data: Standard server logs may record your IP address, browser type, and pages visited for security and performance purposes.
  • Background Removal (RetailOS): When you or your staff use the Background Removal feature to process product images, those images are transmitted to Microsoft Azure AI for processing. Product images are generally not personal data; however, if an uploaded image incidentally contains an identifiable person (e.g. a staff photo used as a product image), that image may constitute personal data and you should ensure you have a lawful basis to process it before using this feature.
  • Network Insights (RetailOS — opt-in only): If your organisation enables the optional Network Insights feature in the RetailOS Admin Portal, anonymised trading signals derived from your sales data (category performance, basket size bands, trading time patterns, and regional indicators) are contributed to an aggregated benchmark dataset. No personally identifiable information is included. See section 9 below for full details.

We do not use cookies for tracking or advertising.

3. How We Use Your Data

We use your data to:

  • Respond to your enquiry or request for a demo.
  • Provide and support the products and services you have requested.
  • Comply with legal obligations.
  • Protect the security of our website and systems.
  • Where you have opted in, contribute anonymised trading signals to the Network Insights benchmark pool and return aggregated benchmark comparisons to your Admin Portal (see section 9).

We will never sell your personal data to third parties.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Legitimate interests — to respond to enquiries and improve our services.
  • Contractual necessity — to deliver products and services you have engaged us for.
  • Legal obligation — where we are required to process data to comply with applicable law.
  • Consent — for Network Insights aggregation (RetailOS only), where an authorised administrator has explicitly opted in via the Admin Portal. See section 9 for details.

5. How We Share Your Data

We do not sell or rent your personal data. We may share your data with trusted third-party service providers who assist us in operating our website and services, including:

  • SendGrid (Twilio) — used to deliver contact form submissions to our team. SendGrid is based in the USA; personal data submitted via our contact form is transferred to the United States under the UK–US Data Bridge (an adequacy decision for the EU–US Data Privacy Framework extended to the UK), ensuring lawful transfer under UK GDPR.
  • Microsoft Azure — cloud infrastructure hosting our services, with data held in UK regions (UK South / UK West).
  • Microsoft Azure AI (Cognitive Services) — used exclusively to process images when the Background Removal add-on feature is enabled. Images are transmitted to the Azure AI service hosted in the West Europe region for background removal processing and are not retained by Microsoft after processing is complete. This involves a transfer of image data to the European Economic Area (EEA); such transfers are lawful under the UK–EU adequacy regulations (SI 2021/95), which recognise the EU as providing adequate protection for personal data.
  • Microsoft Azure OpenAI Service — used to generate AI-powered summaries of sales and trading data (for example, daily Z-report and dashboard summaries) within the RetailOS platform. Only anonymised, aggregated business metrics (such as sales totals and category breakdowns) are transmitted; no personal data identifying individual customers is sent to this service. The Azure OpenAI Service is hosted in the UK South region; no international transfer of data takes place. Microsoft does not use data submitted via the Azure OpenAI API to train or improve its underlying AI models.
  • Google Fonts — web fonts served by Google, which may process your IP address. No personal data beyond your IP is transmitted. See our Cookie Policy for further details on technical services active before consent.

All third-party providers are bound by contractual obligations to keep your data secure and to process it only as instructed.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected or as required by law. Contact form submissions are retained for up to 12 months. Product data is retained in accordance with the applicable service agreement.

7. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure of your data (the “right to be forgotten”).
  • Object to or restrict certain types of processing.
  • Request portability of your data.
  • Withdraw consent at any time where consent is the legal basis for processing.

To exercise any of these rights, please email privacy@yewtechnologies.co.uk. We will respond within one calendar month in accordance with UK GDPR Article 12. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

8. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. Our services are hosted on Microsoft Azure infrastructure with industry-standard encryption in transit and at rest.

9. AI Features & Network Insights Data Aggregation

This section applies specifically to clients of RetailOS who enable the optional Network Insights feature. Please also refer to section 9 of our Terms & Conditions for the full contractual terms governing this feature.

9.1 What is Network Insights?

Network Insights is an optional, opt-in feature within RetailOS that enables clients to receive anonymised benchmarking data showing how their trading patterns compare with similar businesses on the RetailOS platform. It is disabled by default and requires explicit activation by an authorised administrator within the RetailOS Admin Portal.

9.2 Does Network Insights process personal data?

Network Insights aggregates anonymised trading signals (product category performance, basket size bands, time-of-day patterns, and regional trading trends). These signals do not contain, and are specifically designed to exclude, any personally identifiable information relating to customers, staff, or the client business itself.

YEW Technologies does not consider the aggregated data processed under Network Insights to constitute personal data under UK GDPR. However, because the source transaction data from which signals are derived may pass through our systems, we apply a consent-based processing model as a matter of best practice and transparency.

9.3 Lawful basis & consent

Processing for Network Insights aggregation is conducted on the lawful basis of consent(UK GDPR Article 6(1)(a)). Consent is captured through the explicit opt-in toggle in the RetailOS Admin Portal and recorded with a timestamp. Consent may be withdrawn at any time by disabling the toggle; withdrawal will not affect the lawfulness of processing carried out before withdrawal, and will not affect the client’s access to any other RetailOS feature.

9.4 Data minimisation & anonymisation

Only the minimum trading signals necessary for benchmarking are extracted. Individual transaction records, customer identifiers, and exact financial figures are never included. Aggregated data is only published in benchmark outputs where it is derived from at least five distinct participating clients, preventing any single business’s patterns from being individually identifiable.

9.5 Storage & security

Aggregated Network Insights data is stored in a dedicated analytics environment on Microsoft Azure UK South, physically and logically separated from live client operational data. Access is restricted to authorised YEW Technologies engineering personnel only.

9.6 Exercising your rights

If you believe that any processing under Network Insights relates to your personal data, you may exercise any of your rights set out in section 7 above by contacting privacy@yewtechnologies.co.uk. You may also withdraw consent at any time via the Admin Portal settings without needing to contact us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will reflect any changes. Continued use of our website or services after changes are posted constitutes acceptance of the updated policy.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please get in touch.