Privacy Policy | The Site Book

The Site Book (“we”, “us”, “our”) is a construction compliance software service operated by SectorHQ Ltd, registered in England and Wales. This policy explains how we collect, use, and protect personal data when you use The Site Book.

We are subject to the UK GDPR (as retained in UK law under the Data Protection Act 2018) and, where applicable, the EU GDPR.

1. Who is the Data Controller?

For your account and billing data, SectorHQ Ltd is the Data Controller. For project records — including worker sign-offs, incident logs, and CDM documents — you (the principal contractor or CDM duty holder) are the Data Controller. We act as your Data Processor for those records.

2. What personal data we collect

Account data

Email address, company name, and contact phone number — required to create and operate your account
Company logo — optional, used on generated documents
Billing information — processed by Stripe (we do not store card numbers)

Worker and project data

Names, roles, email addresses, and phone numbers of workers you add to the system
Worker certifications and expiry dates (e.g. CSCS cards)
Digital sign-off records: worker name, date and time, IP address, device type
Incident and near-miss logs, including descriptions of injuries and people involved
Permits to work: names of persons issuing and receiving each permit
Site diary entries, including visitor names and optional photographs
Subcontractor company names and contact details

Technical and analytics data

Authentication tokens managed by Clerk
AI processing logs (inputs and outputs) retained for 90 days
Audit logs for security and dispute resolution, retained for 2 years
Analytics data collected via Google Analytics (GA4) and PostHog — see Section 5

3. Legal basis for processing

Data	Legal Basis
Account data	Contract performance (Art. 6(1)(b))
Worker names, roles, and CDM records	Legal obligation — CDM 2015 (Art. 6(1)(c))
Worker sign-off records, certifications	Legal obligation — CDM 2015, RIDDOR 2013 (Art. 6(1)(c))
Incident and injury descriptions	Legal obligation + employment law (Art. 6(1)(c), Art. 9(2)(b))
IP addresses in sign-offs	Legitimate interest — document authenticity (Art. 6(1)(f))
Analytics and cookies	Consent (Art. 6(1)(a)) — managed via cookie banner
Billing data	Contract performance (Art. 6(1)(b))
Audit and security logs	Legitimate interest — fraud prevention (Art. 6(1)(f))

4. How we use your data

To generate and store CDM-compliant construction documents (RAMS, CPP, Site Inductions, Emergency Plans)
To provide worker sign-off links and record digital attendance at safety briefings
To track certification expiry and send alerts if you enable notifications
To produce audit-ready compliance packs for HSE inspectors or principal contractors
To maintain audit trails of document generation and access
To process payments and manage subscriptions
To measure and improve the service using analytics

We do not use your data for advertising, profiling, or marketing. We do not sell data to third parties.

5. Cookies and analytics

We use cookies and similar technologies to operate the service and understand how it is used. When you first visit the site, we show a cookie consent banner. You can accept or decline non-essential cookies at any time.

Essential cookies

Required for the site to function — authentication session, security tokens, and consent preferences. These cannot be disabled.

Analytics cookies

We use Google Analytics (GA4) and PostHog to understand how people use the site — which pages are visited, where users drop off, and how features are used. Google Analytics uses Consent Mode v2: if you decline cookies, analytics data is processed in a privacy-safe, cookieless way with no personal identifiers.

Advertising cookies

If you arrive via a Google Ads campaign, we use conversion tracking to measure whether the ad led to a signup. This uses the Google Ads tag (AW-18049615348) and is subject to your cookie consent choice.

6. AI processing

When you upload a Pre-Construction Phase Plan (PCPP) or similar document, the text content is sent to our AI infrastructure provider to extract project information. The AI models run under a Data Processing Agreement. Uploaded text may include names and project details mentioned in the document. We minimise the amount of text sent and do not send documents containing sensitive personal health data to AI models.

AI processing logs are retained for 90 days then automatically deleted.

7. Third-party processors

We share data with the following sub-processors, all under Data Processing Agreements:

Processor	Purpose	Safeguards
Vercel	Application hosting and serverless compute	EU SCCs
Neon	PostgreSQL database hosting	EU SCCs
Clerk	User authentication and session management	EU SCCs
Stripe	Payment processing and subscription management	PCI DSS Level 1, EU SCCs
Vercel Blob	File storage for generated PDFs and uploaded photos	EU SCCs
Google Analytics	Website analytics and conversion measurement	Consent Mode v2, EU SCCs
PostHog	Product analytics and session replay	EU hosting (Frankfurt)
Resend	Transactional email delivery	EU SCCs
Gotenberg	PDF generation from HTML templates	Self-hosted (London region)

All processors are contractually required to process data only on our instructions and to maintain appropriate security measures.

8. Data retention

Data type	Retention period
CDM documents (RAMS, CPP, Site Induction)	6 years after project completion
Worker sign-off records (including IP addresses)	Duration of the project plus 6 years
RIDDOR incident logs	6 years (minimum 3 years under RIDDOR 2013)
Permits to work	6 years after permit expiry
Worker certifications	6 years after worker leaves the project
AI processing logs	90 days
Audit/security logs	2 years
User account data	Duration of subscription + 30 days after cancellation
Analytics data	14 months (Google Analytics default)

9. Your rights

Under UK GDPR, you have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion of your data (subject to legal retention obligations — CDM and RIDDOR records may be exempt for the periods above)
Portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interests
Withdraw consent — decline cookies or turn off notification emails at any time

To exercise any right, contact privacy@thesitebook.co.uk. We will respond within 30 days.

If you are a worker whose name appears in a sign-off record, contact the site manager or principal contractor — they are the Data Controller for that record, not The Site Book.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

10. Deleting your account

You can delete your account at any time from Settings → Delete Account. This permanently and immediately deletes all personal data associated with your account, including all projects, documents, workers, certifications, and compliance records. This action cannot be undone.

11. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access is controlled by Clerk authentication with session tokens. We conduct periodic security reviews and maintain access logs. If we become aware of a data breach that poses risk to individuals, we will notify the ICO within 72 hours and affected users without undue delay.

12. International transfers

Some of our sub-processors are based outside the UK and EU. Where data is transferred internationally, we rely on EU Standard Contractual Clauses (SCCs) or equivalent safeguards as set out in the table above. We do not transfer data to countries without adequate protection unless appropriate safeguards are in place.

13. Changes to this policy

We may update this policy. We will notify users of material changes by email or in-app notice. Continued use after notification constitutes acceptance.

14. Contact

Data Protection enquiries: privacy@thesitebook.co.uk
General support: support@thesitebook.co.uk

SectorHQ Ltd • Registered in England and Wales