Privacy Policy

Last updated: 15 April 2026

Who we are

QueueFlow ("we", "us", "our") is a free queue management web application operated by LiteSite Limited, a company registered in the United Kingdom. For any privacy-related requests, contact us at info@litesite.uk.

This policy explains what personal data we collect when you use queueflow.app, how we use it, who we share it with, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).

What data we collect

We collect data in three categories:

  • Account data. When you sign in with Google or GitHub, we receive your name, email address, and profile picture from the provider you chose. We do not receive or store your password. We use these fields to identify you within the app and label your entries in queues.
  • Application data. The queues you create and the entries you add — titles, descriptions, estimated wait times, notes, queue membership, roles (owner/admin/member), timer state, and the order you joined. This data is required for the service to function.
  • Product analytics data. Anonymised usage events such as "page viewed", "queue created", or "join button clicked", so we can understand how the product is used and improve it. See the Analytics section below for the full detail.

We do not collect: payment information (the service is free), advertising identifiers, device fingerprints for cross-site tracking, your search queries as text, or the contents of personal notes you add to a queue.

How we use your data

  • Provide the service. Account and application data are used to authenticate you, show you your queues, and synchronise changes in real time across everyone connected to a queue.
  • Understand product usage. Analytics data helps us see which features are used, where people get stuck, and which marketing pages drive sign-ups. We do not use it to profile individuals or to target advertising.
  • Respond to you. If you contact us, we use your email address to reply.

Legal bases for processing (UK GDPR Article 6)

  • Contract. Account and application data are processed because they are necessary to provide the service you signed up for.
  • Legitimate interests. Cookieless analytics (described below) runs on all visitors and is processed under our legitimate interest in understanding how the site is used, balanced against the minimal privacy impact of the tool.
  • Consent through sign-in. Identified product analytics (PostHog, described below) runs only after you sign in. Signing in is how you indicate that you have read this policy and accept it; you can withdraw this consent at any time by signing out, which clears the identifier on your device.

Analytics — the detailed version

We use two analytics tools. Both are configured to minimise data collection; neither is shared with advertisers or data brokers.

Umami (cookieless, all visitors)

  • What it is. A privacy-focused, open-source web analytics tool, self-hosted by LiteSite Limited at umami.litesite.uk. It is the only analytics tool that runs for visitors who are not signed in.
  • What it collects. Page views, referrer URL, screen size, browser language, and the events listed in the "Event catalogue" section. When you are signed in, your Convex user ID, name, and email are attached to your session so we can tell returning visits apart from first-time visits.
  • What it does not do. Umami does not set any cookies, does not use your IP address to build a profile, and does not track you across other websites. It does not require a consent banner under PECR because it does not store or access information on your device.

PostHog (signed-in users only)

  • What it is. A product analytics tool hosted in the European Union by PostHog Inc. (at eu.posthog.com).
  • When it runs. PostHog is not loaded for visitors who are not signed in. It initialises only after you have authenticated through Google or GitHub. On marketing pages, on the login page, and on public queue pages where you have not joined, PostHog does not run at all.
  • How you are identified. After sign-in, we tell PostHog your Convex user ID (a random string, not an email) and attach your name and email as properties on your profile. The Convex user ID is what links events together; it is not personally meaningful outside the service.
  • Where the data is stored on your device. PostHog stores your identifier and session state in your browser's localStorage under the queueflow.app origin. We do not use HTTP cookies for analytics. You can clear this at any time through your browser settings, or by signing out.
  • What we switch off. We configure PostHog with person_profiles: 'identified_only' (no profiles for anonymous events), we do not enable session replay, we do not enable autocapture of every click, and we do not enable feature flags. Events are fired explicitly from the registry listed below — nothing else is captured.

Event catalogue

These are the events we send to Umami and (when you are signed in) to PostHog. Each event carries the minimum properties needed to answer a product question, and never carries personal content:

  • Marketing: page views, clicks on call-to-action buttons, navigation and footer links, FAQ open/close, outbound link clicks, theme changes.
  • Authentication: sign-in started, sign-in completed, sign-out clicked. Provider (Google or GitHub) is recorded for sign-in-started; sign-in-completed records an anonymous "unknown provider" marker.
  • Dashboard: view mode changed (grid/list), sort changed, tab switched, a queue card clicked, a search performed. Searches record only the length of the query — never the text itself.
  • Queues: queue viewed, created, updated, joined, left, note updated, shared, member role changed, and admin actions (priority toggle, delay toggle, completed). The queue ID is recorded so we can aggregate events per queue; the contents of queue notes are never included — only a boolean indicating whether a note has any text.

What is explicitly excluded from analytics

  • Raw search query text.
  • The contents of personal notes attached to queue entries.
  • Email addresses inside event payloads (email lives only on the identified profile, never on individual events).
  • Session replay, heatmaps, mouse movement, or scroll depth.
  • Advertising identifiers, fingerprinting, or third-party tags.

Cookies and local storage

QueueFlow does not use cookies for analytics, advertising, or cross-site tracking. The following client-side storage is used:

  • Authentication session. A signed session token issued by Convex Auth, necessary for you to stay signed in. Cleared on sign-out.
  • Theme preference. The light/dark/system setting is stored in localStorage so your preference persists.
  • PostHog identifier (signed-in users only). Stored in localStorage after sign-in so events from the same browser are correlated. Cleared when you sign out.

Because we do not use analytics or advertising cookies, QueueFlow does not display a cookie banner. Strictly necessary storage (such as the authentication session) is permitted under PECR without a banner.

Third parties we share data with

We share data only with the service providers we need to run the application. Each of them is a data processor acting on our instructions:

  • Convex — real-time database and authentication infrastructure. Stores your account data and application data.
  • Google (OAuth) and GitHub (OAuth) — identity providers for sign-in. We receive your profile information (name, email, avatar) from whichever provider you use. We do not receive your provider password.
  • PostHog (EU region, eu.posthog.com) — product analytics for signed-in users.
  • Umami (self-hosted by LiteSite Limited at umami.litesite.uk) — cookieless web analytics.
  • Vercel — the hosting platform that serves queueflow.app. Standard server access logs may be retained by Vercel for abuse prevention and operational purposes.

We do not sell your personal data to anyone, and we do not share it with advertising networks.

International transfers

PostHog analytics data is processed in the European Union. Umami is hosted by LiteSite Limited in the United Kingdom. Convex and Vercel may process data in other regions, including the United States, under standard contractual clauses and equivalent safeguards recognised by the UK Information Commissioner's Office (ICO).

Data retention

  • Account and application data — kept for as long as you have an account. If you delete your account or ask us to, we delete your user record and queue data.
  • Analytics data — Umami events are retained according to our Umami instance configuration (no personal content is collected, so retention poses low risk). PostHog events are retained according to PostHog's default retention settings for our project.

Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you.
  • Ask us to correct data that is inaccurate or incomplete.
  • Ask us to delete your data (the "right to be forgotten").
  • Ask us to restrict or stop certain processing.
  • Ask for a copy of your data in a portable format.
  • Object to processing based on legitimate interests (including cookieless analytics).
  • Withdraw consent (by signing out) for identified analytics.
  • Lodge a complaint with the UK Information Commissioner's Office at ico.org.uk if you believe we have not handled your data lawfully.

To exercise any of these rights, email info@litesite.uk. We will respond within one month.

Children

QueueFlow is not directed at children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with data, please contact us and we will delete it.

Security

Data is transmitted over HTTPS. Authentication is handled by OAuth providers (Google, GitHub) so we never see or store passwords. The database is operated by Convex under their standard security controls. No system can be guaranteed 100% secure; if we become aware of a personal data breach affecting you, we will notify you and the ICO as required by UK GDPR.

Changes to this policy

If we make material changes, we will update the "Last updated" date at the top of this page and, for significant changes, notify signed-in users in the app. Continuing to use QueueFlow after a change means you accept the updated policy.

Contact

Questions about this policy, or want to exercise a right listed above? Email info@litesite.uk.