Privacy Policy

1. Information We Collect

All Platforms (Web, iOS, and Android)

• Account information — name, email address, organisation name, and login credentials.

• Project and work content — project data, activity notes, timesheet entries, digital forms, purchase orders, risk assessments and method statements (RAMS), signatures, and other content you create within the Service. This data is linked to your account and used solely to provide app functionality.

• Photos and videos — photos you attach to project activity notes, forms, or plan markups are uploaded and stored within your organisation's project data. Photos are linked to your account and used solely for app functionality.

• Precise location — when you clock in or clock out, the app requests your device location to verify proximity to the work site. Location coordinates are used only for this real-time check and are not stored. You may also optionally use your current location to auto-fill a project address; in this case the coordinates are converted to a text address server-side and then discarded. On the web app, location is accessed via your browser; on mobile, it is accessed via device location services with your permission.

• AI assistant interactions — prompts, attached files, and outputs processed to provide AI assistant functionality. Conversations are stored against your account so you can resume them later.

• Customer support — support requests, emails, and feedback you send to us. This data is linked to your account and used for app functionality and to improve the Service.

Web App Only

• Billing information — payment details collected and processed securely by our third-party payment provider. We do not store your full payment card details.

Mobile Apps Only (iOS and Android)

• Push notifications — if you allow notifications, we send push notifications to your device for project updates. You can disable notifications at any time in your device settings.

What We Do Not Collect

• We do not collect location data in the background. Location is only accessed while the app is in use and only when you perform a clock in, clock out, or address lookup action.

• We do not collect device identifiers, advertising IDs, or usage analytics beyond what is described above.

• We do not use tracking technologies to follow you across other apps or websites.

2. How We Use Information

• To provide and improve the Service.

• To process payments and manage subscriptions (web app).

• To provide support and communicate with you.

• To verify worker location at clock in/out (all platforms).

• To deliver push notifications for project updates (mobile apps).

• To provide AI assistant functionality.

• To ensure security, prevent misuse, and comply with legal obligations.

We do not sell personal data. We do not use your data for tracking or advertising.

3. Data Processing & Storage

• Luke Rutley Ltd is the data controller for personal data collected when you browse our website, request a demo, create an account, purchase a subscription, or contact us.

• Customer organisations are normally the data controllers for workspace content they upload to the Service, and Luke Rutley Ltd acts as a data processor for that content when hosting and processing it on their behalf.

• Data is stored securely on Microsoft Azure infrastructure, including Azure SQL Server and Azure Blob Storage.

4. Legal Basis for Processing

We process personal data under the following lawful bases:

• Contract - to provide and operate the Struxor service, including account creation, subscription management, and core platform functionality.

• Legitimate interests - to improve and secure the platform, including monitoring performance, investigating issues, and preventing abuse or fraud.

• Legal obligation - to comply with applicable laws, including financial record keeping and responding to lawful requests.

• Consent - where applicable, including optional communications and device-level permissions such as location access or push notifications.

5. Cookies & Similar Technologies

We do not use cookies for analytics, advertising, or tracking purposes.

We only use strictly necessary cookies required for the operation of the service, such as:

• Authentication and session management.

• Security and fraud prevention.

These cookies are essential for the website to function and cannot be disabled.

No third-party tracking cookies are used.

6. Third-Party Services & Sub-Processors

We use the following third-party services to operate the Service:

We do not share photos, location data, or user content with any third parties for their own purposes. Third-party services receive only the minimum data required to perform their function.

7. Data Retention

• Account data is retained while your subscription is active.

• Photos and project data are retained as part of your organisation's project records until deleted by an authorised user or upon account closure.

• Location coordinates are never stored and exist only for the duration of the clock in/out verification or address lookup request.

• AI assistant conversation history is retained while your account is active.

• You may request deletion of your data at any time.

• We may retain limited records where legally required (e.g., invoices).

8. Security

We apply measures including encryption in transit (TLS) and at rest, access controls, tenant data isolation, and regular backups. All inter-service communication uses encrypted connections.

9. Your Rights

Under UK GDPR you may:

• Access, correct, or delete your data.

• Restrict or object to processing.

• Port your data to another provider.

• Withdraw consent at any time (e.g., for location or push notifications via your device settings).

You have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO), if you believe we have not handled your data appropriately.

Website: https://ico.org.uk/

To exercise your rights, contact us at the address below.

10. International Transfers

We use the OpenAI service for AI assistant functionality, which may process data outside the UK.

11. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the Service or by email. Continued use after changes constitutes acceptance.

13. Contact

To exercise your rights, make a privacy enquiry, or send a formal notice, contact Luke Rutley Ltd using the details below.