Skip to main content
The Site Book
Get started

Mobile App Privacy Addendum

Last updated: 16 May 2026

← Main Privacy Policy

This addendum supplements the main Privacy Policy and describes the additional ways The Site Book native mobile app (iOS and Android) handles personal data. Where this addendum is silent, the main Privacy Policy applies in full.

The Site Book is operated by REDCLAN VENTURES LTD (Company No. 17142372), registered in England and Wales, trading as The Site Book. For data-protection enquiries email [email protected].

1. What the mobile app does differently from the website

The mobile app uses the same backend services as our website (thesitebook.co.uk). It signs in to the same account, reads and writes the same projects and documents, and stores files in the same secure storage. The mobile-specific differences are:

  • Device permissions — the app requests permissions for the camera, photo library, and microphone, with user-friendly explanations described in §2.
  • Local storage — the app caches some data on your device for offline resilience (so you don’t lose a wizard draft if your signal drops).
  • App-specific analytics — the app uses PostHog to record product interactions (which screens you view, which buttons you tap) so we can improve the product. PostHog runs on the same account-linked user ID as the web.
  • Optional crash reporting — Sentry is scaffolded but disabled by default in v1.0. When we enable it, this addendum will be updated and you will be informed in-app.

2. App-specific permissions and why we ask for them

Each permission is requested with a human-readable explanation that appears in your phone’s permission prompt. You can grant or deny each independently and revoke at any time from your device’s Settings.

PermissionWhen askedWhat we do with it
CameraWhen you tap “Take photo” on a Site Diary entry, Incident report, COSHH SDS upload, or Project imageWe capture a single photo and upload it to your account’s project. We do NOT keep the camera open in the background.
Photo LibraryWhen you tap “Choose from library” on any of the aboveYou pick a single image; we upload it to your account. We do NOT browse your library beyond what you select.
MicrophoneWhen you tap “Voice note” inside a RAMS, CPP or Site Diary input fieldWe record an audio clip you control (you tap stop), transcribe it via our AI provider (OpenAI), and discard the audio after transcription. The transcript is attached to the field you chose.

If you deny a permission, the relevant feature is unavailable but the rest of the app continues to work. We never block sign-in or core features on these permissions.

3. Push notifications

v1.0 does NOT send push notifications and does NOT ask for notification permission. If we add push notifications in a future release, this addendum will be updated and the in-app onboarding flow will explain what notifications you’ll receive and how to disable them per category.

4. Mobile analytics

We use PostHog (posthog.com) to record:

  • Which screens you visit
  • Which buttons or wizard steps you tap
  • The general device type (model class, OS version) — used to prioritise bug fixes
  • The result of key actions (e.g. “document generated”, “signature request sent”)

We do NOT record:

  • The content of your documents, projects, RAMS, CPPs, or diaries
  • Photos you capture or upload
  • Voice notes or their transcripts
  • Form input values

The PostHog user identifier matches your authenticated account ID (same as on web). Analytics is currently required and cannot be disabled in the app; an opt-out is planned for a future release. You can request deletion of your PostHog data along with the rest of your account by following the “Account deletion” steps in §8.

5. Crash reporting

v1.0 of the mobile app does NOT send crash reports.

We have scaffolded an integration with Sentry (sentry.io) that we may enable in a future release. When enabled:

  • We will capture stack traces from crashes
  • We will NOT capture personally-identifying information by default (Sentry is configured to scrub email, names, and form values)
  • Capture is anonymous (not linked to your user account)
  • This addendum will be updated and the change announced in-app

6. Local storage on your device

The app uses the operating system’s secure storage to keep your sign-in token (iOS Keychain on iPhone/iPad, Android Keystore on Android). The token is encrypted by the OS and is only readable by the app.

The app also uses the standard React Native AsyncStorage to cache:

  • The current state of any in-progress wizard (so you don’t lose data if the signal drops or the app is force-quit). The cache is cleared when you successfully submit the wizard or sign out.
  • The most recent list of projects, for fast cold-start display (the cache is overwritten on every sign-in or pull-to-refresh).

Cached data lives in the app’s private sandbox and is removed when you uninstall the app.

7. Data residency

All data is stored on servers operated by DigitalOcean in their London (LON1) region. Data does not leave the United Kingdom for storage. Some processing (notably AI-assisted text generation and voice transcription) is performed by OpenAI and may transit through servers outside the UK — see the main Privacy Policy §“AI processing” for the detailed list of providers and safeguards.

8. Your rights (access, deletion, portability)

Your rights under UK GDPR apply identically to data the mobile app collects:

  • Access — request a copy of all data we hold about you by emailing [email protected].
  • Deletion — open the mobile app, go to Settings → Account → Delete Account. This opens our web account-deletion page where you confirm. Deletion removes your account, all projects, all documents, all uploaded files, and your PostHog analytics data within 30 days.
  • Portability — request an export of your project and document data in machine-readable form by emailing [email protected].
  • Rectification — edit any field in-app, or email if you can’t reach a field via the UI.
  • Objection — withdraw consent for any optional processing by emailing.

Right to lodge a complaint: the UK regulator is the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Children

The Site Book is built for the UK construction industry and is not directed at people under 18. We do not knowingly collect data from anyone under 18. If you believe we have data from someone under 18, email [email protected] and we will delete it.

10. App-Specific Data Handling (Apple-required)

The following Apple-required disclosures apply:

  • The app does NOT track you across other companies’ apps and websites. No AppTrackingTransparency prompt is shown.
  • Data is encrypted in transit (HTTPS only; iOS App Transport Security is enforced).
  • Data is encrypted at rest (DigitalOcean managed PostgreSQL default at-rest encryption).
  • You can request data deletion via Settings → Account → Delete Account (see §8).
  • No data is shared with third parties for advertising. The third parties we do share with are listed in the main Privacy Policy (auth provider, payment processor, AI provider, analytics provider, infrastructure providers).

11. Changes to this addendum

Material changes will be announced in-app on next sign-in and the “Last updated” date above will change. Continued use of the app after a material change constitutes acceptance.

12. Contact

Email: [email protected]
Postal address: REDCLAN VENTURES LTD, [registered office address]
Data Protection contact: [email protected]

For the full Privacy Policy, see /legal/privacy.