This Privacy Policy explains how SiteLog ("we", "us", "our") collects, uses, stores, and discloses personal information when you use our website at sitelog.uk and our SiteLog mobile application (collectively, the "Service"). By using the Service you agree to the practices described in this policy.
1. Who we are
SiteLog is a construction site management platform operated by OPS Stellar Innovations LTD. We are the data controller for the personal information described below. Contact details are at the bottom of this page.
2. What information we collect
2.1 Account information
When your administrator creates an account for you, we collect:
- Full name
- Email address
- Role (worker, admin, superadmin, master admin)
- Company affiliation
2.2 Location data
The SiteLog mobile application collects precise GPS location data. We use this in two ways:
- Foreground location — when you take a site photo, sign a compliance form, or submit a timesheet, your current location is captured at that moment to verify the action took place on site.
- Background location — while you are signed in to the SiteLog mobile app and assigned to an active job, your location is shared with your team approximately every 30 seconds. This continues even when the app is in the background or your phone is locked. You will see a persistent notification on your device while this is happening. Background tracking stops automatically when you sign out.
Location data is used solely for site attendance verification and to display worker positions on your team's internal project map. We do not share location data with third parties for advertising or any commercial purpose.
2.3 Photos and uploaded files
When you take or upload site photos, signature images, or other files through the Service, we collect and store the file along with metadata (timestamp, GPS coordinates, the project and worker it relates to). Photos are visible only to authorised users in your company.
2.4 Operational data
We record information about your use of the Service necessary for it to work, including:
- Timesheet entries (project, date, hours, status)
- Compliance task submissions (form answers, signatures, GPS, timestamp)
- Job session activity (which stage of work you are in)
- Project assignments
2.5 Device and technical information
We may automatically collect basic technical information when you use the Service, such as device type, operating system, app version, and approximate IP-derived region for security and diagnostic purposes.
3. How we use your information
We use the information we collect to:
- Provide the Service and let you sign in
- Verify on-site attendance for compliance and payroll purposes
- Show worker locations on the live project map to authorised members of your company
- Allow administrators to review and approve timesheets, photos, and compliance submissions
- Send in-app and push notifications when tasks are assigned, timesheets are approved, or other events occur
- Maintain the security and integrity of the Service
- Comply with legal obligations
4. Lawful basis for processing (UK and EU users)
We rely on the following lawful bases under the UK GDPR and EU GDPR:
- Contract — processing necessary to perform the employment- or contractor-related services that your company has engaged us for (timesheets, compliance, attendance verification).
- Legitimate interests — verifying that work occurred on site, preventing fraud, and providing administrators with the operational visibility they need.
- Consent — for background location tracking and notifications, which are explicitly requested on first launch and can be revoked at any time in your device settings.
- Legal obligation — where we are required to retain records for tax, employment, or health and safety law.
5. Data sharing
We do not sell your personal information. We share data only as follows:
- Within your company — your name, photos, location, timesheets, and compliance submissions are visible to administrators and authorised members of the company you work for.
- Service providers — we use Supabase (a database and storage provider) to host the Service. Supabase is bound by a data processing agreement and processes data on our instructions.
- Legal requirements — we may disclose information if required by law, court order, or to protect the rights, property, or safety of users or others.
6. Data retention
We retain your personal information for as long as your account is active and for a reasonable period afterwards to comply with legal, tax, and audit requirements (typically up to 6 years for employment and tax records). Location history older than 12 months is automatically deleted unless required for an ongoing dispute.
7. Your rights
Subject to applicable law, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your information ("right to be forgotten")
- Object to or restrict processing
- Receive a copy of your data in a portable format
- Withdraw consent (e.g. for location tracking or notifications) at any time
- Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk
To exercise any of these rights, contact us at the email below. Note that some data may be retained where we have a legal obligation to keep it (e.g. completed timesheets for tax purposes).
8. Security
We implement appropriate technical and organisational measures to protect your information, including encryption in transit (HTTPS), encryption at rest, role-based access controls, and Supabase's row-level security policies. No system is perfectly secure, but we work to minimise risk.
9. Children
The Service is intended for working adults and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
10. International transfers
Our service providers may process data in countries outside the UK and EU. Where this happens, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top will reflect when. For material changes (such as new categories of data) we will notify you within the app or by email.