Your privacy matters. This Privacy Policy explains how Smart Site Software Technologies Limited collects, uses, protects, and shares your personal information when you use SmartSite AI. We are committed to transparency and compliance with UK GDPR and Data Protection Act 2018.
1. Data Controller
Smart Site Software Technologies Limited
Company Number: 16949371
Registered Office: 123 Construction Lane, London, EC2A 4BX, United Kingdom
Email: info@smartsite-app.com
Phone: +44 20 1234 5678
2. Information We Collect
2.1 Account Information
- Name, email address, phone number
- Company name, turnover band, and registration number
- Job title and role (contractor, subcontractor, operative, etc.)
- Billing address and payment information (processed securely via Stripe)
2.2 Workforce Data
- CSCS card details (name, card number, expiry date, qualifications)
- Training certifications and expiry dates
- Site attendance records and check-in/check-out times
- Induction completion status and signatures
- Emergency contact information
2.3 Content You Create
- RAMS documents, Toolbox Talks, Method Statements
- Photos, videos, and files uploaded to SmartDrive
- Project information and site details
- Comments, notes, and form submissions
2.4 Technical Information
- IP address, browser type, device information
- Login times and access logs
- Feature usage and interaction data
- Error reports and diagnostic data
- GPS location data (only when using mobile check-in features with your permission)
2.5 Communications
- Support tickets and email correspondence
- Phone call recordings (with advance notice)
- Live chat transcripts
3. How We Use Your Information
We process your data for the following purposes:
3.1 Service Delivery
- Provide access to SmartSite AI features
- Process CSCS card scans and verify credentials
- Generate AI-powered safety documents
- Store and sync documents across devices
- Enable collaboration between team members
3.2 Account Management
- Create and manage user accounts
- Process payments and manage subscriptions
- Send welcome emails and onboarding notifications
- Provide customer support and technical assistance
3.3 Security & Compliance
- Authenticate users via Firebase Authentication
- Monitor for unauthorized access or fraudulent activity
- Maintain audit logs for compliance purposes
- Comply with legal obligations and regulatory requirements
3.4 Improvements & Analytics
- Analyze usage patterns to improve features
- Identify and fix bugs and performance issues
- Develop new features based on user needs
- Generate anonymized usage statistics
3.5 Communications
- Send service notifications (password resets, security alerts)
- Notify you of subscription renewals and billing changes
- Send SMS/text notifications for site access and alerts (with your consent)
- Provide product updates and feature announcements
4. Legal Basis for Processing
We process your data under the following legal bases:
- Contract Performance: Processing necessary to provide the Service
- Consent: Where you have explicitly agreed (e.g., SMS notifications, location tracking)
- Legitimate Interests: Fraud prevention, service improvement, analytics
- Legal Obligation: Compliance with UK law and regulatory requirements
5. Data Security
We implement comprehensive security measures to protect your data:
- Encryption: 256-bit AES encryption at rest, TLS 1.3 in transit
- Authentication: Firebase Authentication with multi-factor authentication (MFA) support
- Access Control: Role-based permissions limiting data access to authorized users only
- Infrastructure: Secure UK-based data centers with ISO 27001 certification
- Backups: Automated daily backups with point-in-time recovery
- Monitoring: 24/7 security monitoring and intrusion detection
- Audits: Regular security audits and penetration testing
- Staff Training: All staff trained in data protection best practices
6. Data Retention
We retain your data for as long as necessary to provide the Service and comply with legal obligations:
- Active Accounts: Data retained while your subscription is active
- Cancelled Accounts: Data retained for 90 days after cancellation, then permanently deleted (unless legal retention required)
- Financial Records: Retained for 7 years to comply with UK tax law
- Audit Logs: Retained for 12 months for security and compliance purposes
7. Data Sharing and Third Parties
We share data only when necessary and never sell your information:
7.1 Service Providers
- Firebase (Google): Authentication, database, cloud storage
- Stripe: Payment processing (we never store full card details)
- Twilio/SMS Provider: SMS notifications (only if you opt in)
- Email Service: Transactional emails and notifications
- Cloud Hosting: UK-based infrastructure providers
All third parties are contractually bound to protect your data and use it only for specified purposes.
7.2 Legal Requirements
We may disclose data if required by law, court order, or to protect our legal rights.
7.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner with advance notice.
8. Your Rights Under UK GDPR
You have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data (subject to legal retention)
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Export your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for SMS notifications, location tracking, etc.
To exercise your rights, email us at info@smartsite-app.com or use the Settings page in your account.
9. Cookies and Tracking
We use cookies to:
- Keep you logged in and remember your preferences
- Analyze usage with anonymized analytics
- Improve security and prevent fraud
You can disable cookies in your browser settings, but this may affect functionality.
10. International Transfers
Your data is stored in UK-based data centers. If we need to transfer data outside the UK, we ensure adequate safeguards (e.g., Standard Contractual Clauses) are in place.
11. Children's Privacy
SmartSite AI is not intended for individuals under 18. We do not knowingly collect data from children. If you believe we have collected data from a minor, contact us immediately.
12. Automated Decision-Making
Our AI features (RAMS generation, Template Learning) assist with document creation but do not make automated decisions that legally affect you. All AI-generated content should be reviewed by a competent person.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email and in-app notification. Continued use of the Service after changes constitutes acceptance.
14. Contact Us
For privacy-related questions or to exercise your rights:
- Email: info@smartsite-app.com
- Phone: +44 20 1234 5678
- Post: Smart Site Software Technologies Limited, 123 Construction Lane, London, EC2A 4BX
15. Complaints
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Your data, your control. At SmartSite AI, we believe in transparency and respect for your privacy. If you have any questions about how we handle your data, please don't hesitate to reach out.