Login

Last reviewed January 2026

How Goodform Manages Privacy

We believe in communicating in an open, transparent manner about the ways in which user data is collected and used, particularly any personal data relating to an identifiable person, and respecting choice and control over personal data.

Scope Of This Notice

This Privacy Notice applies to authorized users who access the Goodform Insights platform, typically employees or representatives of our client organizations who have been granted access by their employer to log in and view data dashboards and analytics.

If your organization has a written agreement with Goodform governing our processing of personal data (such as our Terms and Conditions), that agreement applies with regard to its subject matter. This privacy notice is about our practices and does not affect your contractual arrangements with Goodform.

For privacy information relating to Goodform’s other activities (such as our website), please see our separate Privacy Policy.

Who We Are

Goodform Ltd (company number 04359302) is registered in England & Wales. Our registered office is at:

1 Mill Street
Leamington Spa
CV31 1ES
Email: hello@goodformgroup.co.uk

We are committed to protecting your privacy and keeping any personal data, you provide to us confidential at all times, in accordance with UK data protection laws. Our Data Protection Officer is Data Protection People Limited, email dpo@goodformgroup.co.uk. Please state "Data Protection Officer" in the subject line.

What Personal Information We Collect

We collect and process the following personal information about you:

When your account is created (by your organization):

First name
Surname
Email address
Username
Password (stored securely in hashed/encrypted form)

When you use the platform:

Login dates and times
IP addresses
Pages and dashboards accessed within the platform
Browser and device information

When you contact us for support:

Any additional information you provide in your support requests or correspondence with us

How We Get Your Personal Information

Account creation:
Your organization (your employer) provides your information to us when they request that we create a user account for you. We do not offer public registration - all user accounts are configured by Goodform on behalf of our client organizations.

Platform usage:
This information is collected automatically when you log in and use the Goodform Insights platform.

Support requests:
You provide this information directly to us when you contact our support team.

Why We Use Your Information And Our Lawful Basis

We use your personal information for the purposes and on the lawful bases set out below:

Table 1
Purpose	Lawful Basis under UK GDPR
Creating and managing your user account	Article 6(1)(b) - Performance of contract: Necessary to provide platform access as agreed with your organization
Authenticating your identity and managing secure login	Article 6(1)(b) - Performance of contract: Necessary to provide secure access to the platform
Providing access to platform features and dashboards	Article 6(1)(b) - Performance of contract: Necessary to deliver the contracted services
Platform security, fraud prevention, and detecting unauthorized access	Article 6(1)(f) - Legitimate interests: Our legitimate interest in protecting the platform, preventing fraud, and ensuring data security. We have assessed that this does not override your rights and freedoms.
Technical support and troubleshooting	Article 6(1)(f) - Legitimate interests: Our legitimate interest in providing effective support and maintaining platform functionality
Managing our relationship with your organization (invoicing, account management, contract administration)	Article 6(1)(b) - Performance of contract: Necessary to fulfil our contractual obligations to your organization

Who We Share Your Information With

We share your personal information with the following service providers who process data on our behalf:

Amazon Web Services (AWS)

We use AWS in three ways:

1. AWS Cognito - User Authentication
AWS Cognito manages user accounts and login credentials for the Goodform Insights platform. For this service, AWS acts as a data controller and determines how your authentication data (username, email address, and password) is processed. AWS's privacy notice: https://aws.amazon.com/privacy/

2. AWS Cloud Hosting
AWS provides cloud infrastructure to host the Goodform Insights platform. Your data is stored on AWS servers located in the United Kingdom (AWS EU-West-2 London region). For this service, AWS acts as our processor and handles your data according to our instructions.

3. AWS QuickSight
AWS QuickSight provides the analytics and visualization tools within the Goodform Insights platform. This is part of AWS's service and operates under the same processing arrangements as AWS Cloud Hosting above.

Disclosure to your organization:
We may share information about your platform usage with your employer (the organization that authorized your access) for account management, usage reporting, billing, and compliance with organizational policies.

Legal and regulatory disclosure:
We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

We do not sell or rent your personal information to third parties.

All service providers are required to:

Process your data only for specified purposes according to our instructions
Implement appropriate security measures to protect your data
Comply with applicable data protection laws

International Transfers

Your personal data is stored and processed exclusively in the United Kingdom (AWS EU-West-2 London region). We do not transfer your data to countries outside the UK.

How Long We Keep Your Information

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal and contractual obligations.

Our retention periods are:

Table 1
Data Category	Lawful Basis under UK GDPR	Header 3
Account details (name, email, username)	Duration of your organization's contract with us + 7 years	Legal and contractual obligations, including potential disputes and tax requirements
Authentication data (password hashes, authentication logs)	Duration of your organization's contract with us + 90 days	Security monitoring and account recovery purposes
Platform usage data (login history, pages accessed)	Duration of your organization's contract with us + 3 years	Service improvement, support purposes, and contractual obligations
Support correspondence	Duration of your organization's contract with us + 3 years	Customer service and contractual obligations

Data deletion:
When retention periods expire, we securely delete your personal information following our data deletion procedures, which include:

Removal from active databases
Deletion from backup systems
Overwriting of storage media where applicable

If your organization's contract with us ends, we will delete your account and associated personal data in accordance with the retention periods above, unless we are required by law to retain it for longer.

How We Store Your Information

Your information is securely stored using appropriate technical and organizational measures, including:

Technical measures:

Encryption of data at rest and in transit
Secure authentication systems
Regular security monitoring and intrusion detection
Firewall and network security controls
Regular security updates and patching
Automated encrypted backups
Secure data centres (AWS ISO 27001 certified infrastructure)

Organizational measures:

Access controls based on need-to-know principle
Regular access rights reviews
Staff training on information security and data protection
Incident response procedures
Third-party security audits

Your Data Protection Rights

Under UK data protection law, you have the following rights:

Your right of access
You have the right to ask us for copies of your personal information. This is commonly known as a "subject access request."

Your right to rectification
You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances, including where:

The data is no longer necessary for the purposes for which it was collected
You object to the processing and there are no overriding legitimate grounds
The data has been unlawfully processed
The data must be erased to comply with a legal obligation

Note: This right is not absolute. We may need to retain certain information to comply with legal obligations or for legitimate business purposes (e.g., contract administration, legal claims).

Your right to restriction of processing You have the right to ask us to restrict the processing of your personal information in certain circumstances, including where:

You contest the accuracy of the data (while we verify accuracy)
The processing is unlawful, but you don't want the data erased
We no longer need the data, but you need it for legal claims
You have objected to processing (while we verify our legitimate grounds)

Your right to object to processing
You have the right to object to processing of your personal information where we rely on legitimate interests as our lawful basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if we need to process the data for legal claims.

Your right to data portability
You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in a commonly used, machine-readable format. This right applies where:

The lawful basis for processing is consent or performance of a contract, AND
The processing is carried out by automated means

How to exercise your rights:
To exercise any of these rights, please contact our Data Protection Officer:

Email: dpo@goodformgroup.co.uk Subject line: "Data Subject Rights Request - Goodform Insights". In your request, please:

Clearly state which right you wish to exercise
Provide sufficient information to identify you (name, email address, organization)
Specify the personal data your request relates to (if applicable)

Response times:

We will respond to your request without undue delay
In most cases, within one month of receiving your request
We may extend this by a further two months if your request is complex or we receive multiple requests from you
We will inform you of any extension and the reasons for the delay

No fee: You will not be charged a fee for exercising your rights, unless your request is clearly unfounded, repetitive, or excessive. In such cases, we may charge a reasonable fee or refuse to comply with the request.

Verification: For your security, we may need to verify your identity before fulfilling your request.

Is Providing Personal Data Mandatory?

To access the Goodform Insights platform, you are required to have:

First name
Surname
Email address
Username
Password

These details are configured by your organization when they request account access for you. If this information is not provided:

We cannot create a user account for you
You will not be able to access the Goodform Insights platform
We cannot fulfil our contract with your organization to provide you with platform access

Automated Decision-making And Profiling

We do not use your personal data for automated decision-making (making decisions solely by automated means without human involvement) or profiling (automated processing to evaluate certain personal aspects about you). All decisions about your platform access, permissions, and account management involve human review and decision-making.

Cookies And Similar Technologies

The Goodform Insights platform uses essential authentication cookies to keep you logged in during your session and to ensure the platform functions correctly.

Essential cookies:
These cookies are necessary for the platform to operate and cannot be disabled. They include:

Authentication cookies (to keep you logged in)
Security cookies (to prevent fraud and unauthorized access)
Session management cookies (to maintain your session state)

We do not use:

Analytics cookies
Marketing cookies
Tracking cookies
Third-party advertising cookies

Managing cookies:
You can control and delete cookies through your browser settings. However, disabling essential cookies will prevent you from accessing the Goodform Insights platform. For more information about cookies and how to manage them, please see our cookies policy.

Links To Other Websites

The Goodform Insights platform may contain links to other websites or services (such as help documentation, support resources, or integrated tools).

Important:

This Privacy Notice applies only to the Goodform Insights platform
When you click on third-party links, you will be subject to those organizations' privacy policies
We are not responsible for the privacy practices or content of third-party websites
We encourage you to read the privacy policies of any websites you visit

We do not endorse or make representations about third-party websites.

Changes To This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes:

We will update the "Last updated" date at the top of this notice
If we make material changes that significantly affect how we process your personal data, we will notify you directly via email
The updated notice will be available on the Goodform Insights platform login page

Continued use:
Your continued use of the Goodform Insights platform after we post changes to this Privacy Notice will constitute your acknowledgment of the changes. We encourage you to review this notice periodically to stay informed about how we protect your personal information.

How to complain

If you have concerns about how we handle your personal information, we encourage you to contact us first so we can try to resolve the issue.

Contact us at:
Email: hello@goodformgroup.co.uk Or write to us at the address at the top of this notice Or contact our Data Protection Officer at: dpo@goodformgroup.co.uk

You also have the right to complain to the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113
Website: https://www.ico.org.ukk

Change Password

Reset Password

Change Password