Sukiru : Better admin.

PRIVACY POLICY

Last Updated: 20 February 2026

Sukina Software Ltd (“we”, “us”, “our”) operates the Sukiru app (the “Service”).

This Privacy Policy explains what information we collect, how we use it, and your rights.

1. Who We Are

Sukina Software Ltd
20–22 Wenlock Road
London
N1 7GU
United Kingdom

Email: hello@sukiru.app

We are the data controller for the limited data we collect directly.

2. What We Collect

2.1 Information We Collect Automatically

We do not collect personal client records stored in your account for our own purposes.

We only collect limited technical data necessary to operate and improve the app, including:

App performance logs
Error and crash reports
Device type and operating system version
General usage information (such as feature usage and session duration)
Anonymous or pseudonymous identifiers
IP address (for security and diagnostics)

This information is used only to:

Maintain and improve app performance
Fix bugs and errors
Monitor reliability and security

We do not use this data for advertising.

2.2 Information You Store in the App

The app allows you to store:

Client details
Appointment records
Ink tracking information
Treatment notes
Forms and reports

This information is stored to provide the Service to you.

We do not access, review, share or sell your client data except:

Where technically necessary to provide the Service
If required by law

You are responsible for ensuring you have appropriate consent and legal grounds to store your clients’ personal data.

3. Payments

If you connect a Stripe account or purchase a subscription through Apple App Store or Google Play:

Payments are processed by those providers directly
We do not store your card details
Billing data is handled according to the relevant provider’s privacy policy

Please review:

Stripe’s Privacy Policy
Apple’s Privacy Policy
Google’s Privacy Policy

4. Third-Party Services

The app may interact with third-party services, including:

Apple Calendar
Google Calendar
Stripe
External websites you choose to open

If you enable calendar syncing or visit external links, those third parties may process data according to their own privacy policies.

We are not responsible for third-party privacy practices.

Stripe – for the purposes of payment transaction management.

https://stripe.com/privacy

6. Data Retention

We retain technical logs only for as long as reasonably necessary to:

Maintain performance
Resolve errors
Meet legal obligations

If you delete your account, your stored data may be deleted in accordance with our system processes.

You are responsible for maintaining your own backups of important business records.

7. Data Security

We take reasonable technical and organisational measures to protect data.

However, no online service can guarantee 100% security. You use the Service at your own risk.

8. International Transfers

Your data may be processed in countries outside your own, including where our hosting providers operate.

Where required, we ensure appropriate safeguards are in place.

9. Your Rights (UK & EU Users)

If you are located in the UK or European Economic Area, you may have the right to:

Request access to personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict certain processing
Lodge a complaint with your local data protection authority

Because we collect minimal personal data, these rights will generally apply only to account and technical information.

To exercise your rights, email: hello@sukiru.app

10. Children

The Service is intended for users aged 16 or over.

We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time.

When we do, we will update the “Last updated” date. Continued use of the Service means you accept the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, contact:

Email: hello@sukiru.app

13. Data Processing Addendum (DPA)

(For professional users storing client medical or treatment data)

This document is suitable for UK GDPR / EU GDPR compliance and written proportionately to your app’s structure.

DATA PROCESSING ADDENDUM (DPA)

Last Updated: 20 February 2026

This Data Processing Addendum (“DPA”) forms part of the Terms and Conditions between:

Sukina Software Ltd (“Processor”, “we”, “us”), and
The professional user of the Service (“Controller”, “you”).

This DPA applies where you store personal data, including special category data (such as medical or treatment information), within the Sukiru app.

1. Roles of the Parties

You are the Data Controller in respect of all client data you enter into the app.

Sukina Software Ltd acts solely as a Data Processor, processing personal data on your behalf for the purpose of providing the Service.

We do not determine the purpose or means of processing your client data.

2. Nature and Purpose of Processing

Processing is limited to:

Hosting and storing client records
Enabling appointment management
Providing reporting and record-keeping features
Maintaining system security and functionality

We do not use client data for marketing or advertising.

3. Categories of Data

Depending on how you use the Service, personal data may include:

Client names and contact details
Appointment records
Treatment notes
Consent forms
Photographs (if uploaded)

Medical or treatment information may constitute special category data under UK/EU data protection law.

You are solely responsible for ensuring you have a lawful basis to process such data.

4. Controller Obligations

You warrant that:

You have obtained valid consent or have another lawful basis to process client data
You comply with applicable data protection laws
You provide appropriate privacy notices to your clients
You implement appropriate confidentiality safeguards within your business

You remain fully responsible for your client relationships and legal compliance.

5. Processor Obligations

We agree to:

Process personal data only on your documented instructions
Implement appropriate technical and organisational security measures
Ensure persons authorised to process data are bound by confidentiality
Not sell or share client data for marketing purposes
Assist you, where reasonably possible, in responding to data subject rights requests

6. Sub-Processors

We may engage trusted third-party service providers (such as hosting providers or infrastructure services) to support delivery of the Service.

Where we use sub-processors:

They are contractually bound by confidentiality and data protection obligations
They may only process data to provide services to us

A list of primary infrastructure providers is available upon request.

7. International Transfers

Where data is transferred outside the UK or EEA, we will ensure appropriate safeguards are in place, such as:

Adequacy decisions
Standard contractual clauses

8. Security Measures

We implement reasonable technical and organisational measures designed to protect personal data against:

Unauthorised access
Accidental loss
Destruction or damage

However, no system can guarantee absolute security.

9. Data Breach Notification

If we become aware of a personal data breach affecting your stored data, we will notify you without undue delay after becoming aware of it.

You are responsible for determining whether notification to a supervisory authority or affected individuals is required.

10. Data Retention and Deletion

Client data is retained for the duration of your account.

Upon account deletion, data may be deleted in accordance with our system processes.

You are responsible for exporting or backing up records required for your legal or regulatory obligations.

11. Liability

Each party’s liability under this DPA is subject to the limitations of liability set out in the main Terms and Conditions.

12. Governing Law

This DPA is governed by the laws of England and Wales.