Privacy Policy

Last updated: 16 April 2026

1. Who we are

SiteVault is operated by The Supports Desk, 39 Rathmore Heights, Ballymena, BT43 6NQ, United Kingdom. For any privacy-related queries, contact us at brian@thesupportsdesk.com.

2. What data we collect

We collect the following personal data when you use SiteVault:

  • Account data: name, email address, company name, and password (hashed)
  • Worker data: worker names, phone numbers, job roles, and compliance document details (document types, expiry dates, notes) that you add to the platform
  • Uploaded documents: photos or scans of compliance documents (e.g. CSCS cards, certificates) uploaded by you or your workers via magic link
  • Payment data: processed securely by Stripe. We do not store card numbers — only your Stripe customer ID and subscription status
  • Usage data: pages visited, browser type, IP address, and device information collected automatically via cookies

3. How we use your data

We use your personal data to:

  • Provide and maintain the SiteVault service
  • Process your subscription payments via Stripe
  • Send expiry alert emails for worker documents approaching their expiry date
  • Perform OCR (optical character recognition) on uploaded documents to extract expiry dates
  • Respond to support requests
  • Improve the service based on usage patterns

4. Legal basis for processing (GDPR)

We process your data under the following legal bases:

  • Contract: processing necessary to provide the SiteVault service you have subscribed to
  • Legitimate interest: usage analytics to improve the service, sending expiry alerts related to your account
  • Consent: marketing communications (you can opt out at any time)

5. Third-party services

We share data with the following third-party processors:

  • Supabase (database and authentication) — data stored in the EU/UK
  • Stripe (payment processing) — PCI DSS Level 1 certified
  • Vercel (hosting) — edge network with UK presence
  • Mindee (OCR document scanning) — processes uploaded document images to extract text
  • Resend (email delivery) — sends expiry alert emails on our behalf

We do not sell your personal data to any third party.

6. Data retention

We retain your account and worker data for as long as your subscription is active. If you cancel your subscription, your data is retained for 90 days in case you resubscribe, after which it is permanently deleted. You can request immediate deletion at any time by contacting us.

7. Your rights

Under the UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability — receive your data in a structured format
  • Withdraw consent at any time

To exercise any of these rights, email brian@thesupportsdesk.com. We will respond within 30 days.

8. Cookies

We use cookies to keep you signed in and to understand how you use the service. See our Cookie Policy for full details.

9. Security

We use industry-standard security measures including encrypted connections (TLS/SSL), hashed passwords, row-level security on our database, and secure API keys. Uploaded documents are stored in encrypted cloud storage.

10. Children

SiteVault is not intended for use by individuals under the age of 18. We do not knowingly collect data from children.

11. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by displaying a notice within the application.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

13. Contact

The Supports Desk
39 Rathmore Heights
Ballymena, BT43 6NQ
United Kingdom
brian@thesupportsdesk.com