Privacy Policy
Last updated: 6 March 2026
AllGreen is a service operated by Invoco Ltd ("we", "us", "our"), a company registered in England and Wales.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the AllGreen platform at allgreen.page ("the Service").
We are committed to protecting your privacy and handling your data transparently and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Information We Collect
1.1 Account Holders (Tenant Admins)
When you create an AllGreen account, we collect:
- Email address — used for authentication (magic link login) and account-related communications.
- Name — used for display within the admin panel and incident attribution.
- Organisation name — used to identify your tenant and status page.
1.2 Status Page Subscribers
When a visitor subscribes to a tenant's status page, we collect:
- Email address — used to send incident notifications and status updates on behalf of the tenant.
- Service preferences — which services or service groups the subscriber has opted to receive notifications about.
1.3 Automatically Collected Information
When you visit any AllGreen page (including tenant status pages), we may collect:
- Log data — IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is collected for security, performance monitoring, and abuse prevention.
- Cookies — see Section 5 below.
We do not collect or process any special category (sensitive) personal data.
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Providing and operating the Service | Performance of a contract (Art. 6(1)(b)) |
| Sending magic link authentication emails | Performance of a contract (Art. 6(1)(b)) |
| Sending incident and status notifications to subscribers | Consent (Art. 6(1)(a)) |
| Sending service announcements and important account updates | Legitimate interest (Art. 6(1)(f)) |
| Monitoring and improving the security and performance of the Service | Legitimate interest (Art. 6(1)(f)) |
| Responding to support requests | Legitimate interest (Art. 6(1)(f)) |
We will never sell your personal data to third parties. We will never use subscriber email addresses for marketing purposes unrelated to the Service.
3. Data Sharing and Third Parties
We share personal data only with the following categories of third-party service providers, and only to the extent necessary to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (AWS) | Infrastructure and hosting | All data (encrypted at rest and in transit) |
| Mailgun | Transactional email delivery | Email addresses, notification content |
All third-party providers are bound by data processing agreements and are required to handle personal data in accordance with applicable data protection law.
We may also disclose personal data if required by law, regulation, or legal process, or to protect the rights, property, or safety of Invoco Ltd, our users, or the public.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Account holder data | Retained for the duration of the account, plus 30 days after deletion to allow for recovery. |
| Subscriber data | Retained until the subscriber unsubscribes or the tenant deletes their account. Unconfirmed subscribers are deleted after 48 hours. |
| Authentication tokens (magic links) | Deleted after use or after 15 minutes (whichever comes first). Expired tokens are purged hourly. |
| Log data | Retained for up to 90 days for security and performance purposes, then deleted. |
5. Cookies
AllGreen uses a minimal number of cookies, limited to what is necessary for the Service to function:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| Session cookie | Maintains authenticated admin sessions | Strictly necessary | 7 days |
We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies, but we include this information for transparency.
6. Data Security
We take appropriate technical and organisational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS on all connections).
- Encryption at rest for stored data.
- Secure, hashed authentication tokens (magic links are never stored in plain text).
- Access controls limiting who can access production data.
- Regular security reviews and updates.
While we take all reasonable steps to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7. International Data Transfers
Our infrastructure is hosted on Amazon Web Services. Data may be processed in the United Kingdom, the European Economic Area, or the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions as applicable.
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your data (subject to legal obligations).
- Right to restrict processing — request that we limit how we use your data.
- Right to data portability — request your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interest.
- Right to withdraw consent — where processing is based on consent (e.g. subscriber notifications), you may withdraw consent at any time by unsubscribing.
To exercise any of these rights, contact us at privacy@allgreen.page (or privacy@invoco.net).
We will respond to all requests within 30 days. If we require additional time, we will inform you within the initial 30-day period.
9. Subscribers and Data Controller Relationships
AllGreen operates as a data processor on behalf of tenant organisations (our customers) with respect to subscriber data. The tenant is the data controller for their subscribers.
If you have subscribed to a tenant's status page and wish to exercise your data rights, you may:
- Unsubscribe at any time using the unsubscribe link included in every notification email.
- Contact the tenant directly, as they are the data controller for your subscription.
- Contact us at privacy@allgreen.page if you need assistance.
10. Children's Privacy
AllGreen is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify account holders by email and update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
Invoco Ltd
Email: privacy@allgreen.page
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully:
- Website: ico.org.uk
- Helpline: 0303 123 1113