BossOps

Security and Retention

Last updated: 5 June 2026

Security measures

• HTTPS/TLS for app traffic.
• Secure session cookies and role-based app access.
• Account and site separation for tenant data.
• Manager permissions for sensitive modules such as rota, attendance, HR, invoices and reports.
• Audit logging for sensitive actions such as attendance edits, exports, approvals and admin changes.
• Restricted administrative access and provider-level security controls.

Retention approach

• Active workspace data is retained while the customer uses BossOps.
• Deleted or closed account data can be exported/deleted on request, subject to legal, billing, security and audit needs.
• Backups, logs and cached data may remain for limited operational periods before expiry.
• Customers should set their own legal retention periods for employment, HR, payroll, attendance, food safety and accounting records.

Incident handling

If a security incident affects customer personal data, Mackintosh Projects will investigate and notify affected customers without undue delay so they can assess their own reporting duties.

Contact

Email: [email protected]