Privacy Policy

This Privacy Policy explains how Defence Legal Services Ltd (trading as Police Station Agent), the provider of the Custody Note desktop software ("Custody Note", "the Software"), processes personal data in connection with the website custodynote.com and related services. It is written for users in the United Kingdom and reflects the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

The data controller for personal data processed through this website and for account, licensing and support enquiries is Defence Legal Services Ltd. Contact: robertcashman@defencelegalservices.com (Outlook Web). You may also use our contact page.

Case and client data you enter into the Software on your own devices is primarily processed by you or your firm as data controller for your professional activities. Where optional cloud backup or sync features process that data on our infrastructure, section 4 below describes the roles and safeguards.

2. Data we collect through the website

We may process:

• Contact and enquiry data — name, email address, and message content when you email us or use contact facilities.
• Technical data — standard server and security logs (e.g. IP address, browser type, date/time) where our hosting provider processes them; duration and detail depend on hosting configuration.
• Licensing and product support — information you provide in connection with licence keys, trials, and support requests.

We do not sell your personal data. We do not use third-party advertising trackers on this website unless we tell you otherwise in an updated Cookie Policy.

3. The Custody Note application — local storage and encryption

Custody Note is designed so that attendance records and related professional content are stored primarily on your Windows device in an encrypted local database using AES-256 (or equivalent industry-standard encryption as implemented in the product). We do not have routine access to the plaintext content of your case files on your machine.

You are responsible for device security, passwords, recovery credentials, and compliance with your firm's policies and professional obligations.

4. Optional cloud backup and sync (AWS London)

If you enable optional features that back up or synchronise encrypted data with cloud services, such data is processed in infrastructure located in AWS London (eu-west-2) or as otherwise disclosed in the product. Data is transmitted and stored in encrypted form; decryption keys remain under controls tied to your account and the product design.

For such processing, we act in accordance with our agreements with you and applicable law. Where we process personal data on your behalf, we will support your obligations as data controller, including appropriate processing terms where required.

5. Legal bases (UK GDPR)

Depending on the activity, we rely on:

• Contract — providing the Software, licence, and support you request.
• Legitimate interests — operating a secure website, improving the product, and preventing abuse (balanced against your rights).
• Legal obligation — where we must comply with law or regulation.

6. Retention

We retain enquiry and account-related data only as long as necessary for the purposes above, including legal, regulatory, and complaint handling. Local data retention on your device is controlled by you and the Software settings.

7. Your rights

Under UK data protection law you may have the right to:

• Access your personal data
• Rectification of inaccurate data
• Erasure in certain circumstances
• Restriction of processing
• Data portability (where applicable)
• Object to processing based on legitimate interests
• Withdraw consent where processing is consent-based

To exercise these rights, contact us using the details above. You may also complain to the Information Commissioner's Office (ICO) at ico.org.uk.

8. International transfers

We design services so that core professional data for UK users is kept in the UK/EU where the product provides for that. If any transfer outside the UK/EEA occurs, we will ensure appropriate safeguards (e.g. UK IDTA or approved clauses) as required by law.

9. Microsoft Store

If you obtain Custody Note through the Microsoft Store, Microsoft Corporation operates the storefront and processes certain personal data in connection with the purchase, download, and update of the application (for example account, payment, and Store telemetry data) under Microsoft's own privacy statement and policies. This Privacy Policy continues to apply to how we process personal data when you use our website, licensing, support, and optional product features we provide.

Your use of the Store is also subject to Microsoft's applicable Store terms of sale. See also our Microsoft Store information page.

10. Changes

We may update this policy from time to time. The "Last updated" date at the top will change; material changes will be highlighted where appropriate.