Last updated 10 July 2026
Privacy policy
TurnUpText sends appointment reminders on behalf of UK businesses. This policy explains what personal data we handle, why, who helps us process it, and what rights you have under UK GDPR.
Who we are
“TurnUpText” is the trading name of the appointment reminder service at turnuptext.co.uk. For data protection queries, contact hello@turnuptext.co.uk.
Two kinds of people appear in this policy: account holders (the business owners who sign up) and their customers (the people those businesses send reminders to).
Controller or processor?
For account holders, TurnUpText is the data controller. We decide how account and billing data is used to run the service.
For customers of our account holders, the business that uploaded the contact details is the data controller. TurnUpText acts as their data processor: we store and use that data only to send the reminders the business schedules, and never for our own purposes. If a business sent you a reminder and you have questions about your data, that business is your first point of contact, though you can always reach us too. More detail is on our data protection page.
What we hold and why
- Account data: your email address, password hash (or Google sign-in identifier), and sign-in metadata. Lawful basis: performance of our contract with you.
- Business details: contact name, business name, business phone number, and optional website. Used to populate your reminder messages and identify your account. Lawful basis: contract.
- Customer contact data uploaded by account holders: customer names, UK mobile numbers, and optional email addresses, plus appointment details and the reminder messages sent. Processed on the instructions of the account holder as controller.
- Billing records: top-up amounts, dates, and Stripe payment references. We never see or store full card details. Lawful bases: contract and legal obligation (tax and accounting law).
- Service logs: message delivery status, webhook events, and security logs used to run the service reliably and prevent abuse. Lawful basis: legitimate interests.
We do not use advertising trackers, we do not profile anyone, and we never sell or share personal data for marketing.
Who processes data for us
We use a small set of subprocessors, each bound by contract to protect personal data:
| Provider | Purpose |
|---|---|
| Supabase (on AWS) | Database, authentication, and file storage |
| Stripe | Payment processing for credit top-ups |
| Vercel | Application hosting |
| PureSMS (Divergent) | SMS delivery to UK mobile networks |
| Email provider (Resend) | Delivery of email reminders and service emails |
Data is stored and processed in the UK/EEA where the provider offers it; where a provider processes data outside the UK, transfers are covered by UK-approved safeguards such as the UK Addendum to the EU Standard Contractual Clauses.
How long we keep data
- Operational data (customers, appointments, message history) is kept for 12 months, then deleted or anonymised automatically.
- Earlier deletion is always available: account holders can delete customers, appointments, or their entire account from the app at any time.
- Billing records are kept for as long as UK tax and accounting law requires (normally six years), even after an account is deleted.
Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased (“right to be forgotten”);
- restrict or object to processing;
- receive your data in a portable format;
- withdraw consent where processing is based on consent.
To exercise any of these, email hello@turnuptext.co.uk. We respond within one month. If you are unhappy with our answer, you can complain to the Information Commissioner’s Office at ico.org.uk or on 0303 123 1113.
Security
Data is encrypted in transit (TLS) and at rest by our infrastructure providers. Access is restricted on a least-privilege basis, and every account’s data is isolated from every other account’s at the database layer. Our practices follow the Cyber Essentials guidance. See the data protection page for detail.
Cookies
We only use essential cookies needed to keep you signed in, no analytics or advertising cookies. See the cookie policy.
Changes to this policy
If we make material changes we will email account holders before the changes take effect and update the date at the top of this page.