Privacy Policy
How we collect, use, and protect your data.
Last updated: 28 February 2026
This Privacy Policy explains how Luke Rutley Ltd, trading as Struxor ("we", "us"), collects and uses personal data across our web application and mobile apps (iOS and Android) in line with UK GDPR.
1. Information We Collect
All Platforms (Web, iOS, and Android)
Account information — name, email address, organisation name, and login credentials.
Project and work content — project data, activity notes, timesheet entries, digital forms, purchase orders, risk assessments and method statements (RAMS), signatures, and other content you create within the Service. This data is linked to your account and used solely to provide app functionality.
Photos and videos — photos you attach to project activity notes, forms, or plan markups are uploaded and stored within your organisation's project data. Photos are linked to your account and used solely for app functionality.
Precise location — when you clock in or clock out, the app requests your device location to verify proximity to the work site. Location coordinates are used only for this real-time check and are not stored. You may also optionally use your current location to auto-fill a project address; in this case the coordinates are converted to a text address server-side and then discarded. On the web app, location is accessed via your browser; on mobile, it is accessed via device location services with your permission.
AI assistant interactions — prompts, attached files, and outputs processed to provide AI assistant functionality. Conversations are stored against your account so you can resume them later.
Customer support — support requests, emails, and feedback you send to us. This data is linked to your account and used for app functionality and to improve the Service.
Web App Only
Billing information — payment details collected and processed securely by our third-party payment provider. We do not store your full payment card details.
Mobile Apps Only (iOS and Android)
Push notifications — if you allow notifications, we send push notifications to your device for project updates. You can disable notifications at any time in your device settings.
What We Do Not Collect
We do not collect location data in the background. Location is only accessed while the app is in use and only when you perform a clock in, clock out, or address lookup action.
We do not collect device identifiers, advertising IDs, or usage analytics beyond what is described above.
We do not use tracking technologies to follow you across other apps or websites.
2. How We Use Information
To provide and improve the Service.
To process payments and manage subscriptions (web app).
To provide support and communicate with you.
To verify worker location at clock in/out (all platforms).
To deliver push notifications for project updates (mobile apps).
To provide AI assistant functionality.
To ensure security, prevent misuse, and comply with legal obligations.
We do not sell personal data. We do not use your data for tracking or advertising.
3. Data Processing & Storage
We act as a data processor for customer-uploaded content (including photos, project data, and forms) and a data controller for account and billing data.
Data is stored securely on Microsoft Azure infrastructure, including Azure SQL Server and Azure Blob Storage.
4. Third-Party Services & Sub-Processors
We use the following third-party services to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Microsoft Azure | Hosting, database, and file storage | All service data (encrypted at rest and in transit) |
| OpenAI | AI assistant functionality | Prompts and attached files sent during assistant conversations |
| Google Maps Platform | Reverse geocoding (converting coordinates to a text address) | Device coordinates (transiently, not stored by us) |
| What3Words | Address lookup from coordinates | Device coordinates (transiently, not stored by us) |
| Expo | Push notification delivery (mobile apps) | Device push notification identifier |
We do not share photos, location data, or user content with any third parties for their own purposes. Third-party services receive only the minimum data required to perform their function.
5. Data Retention
Account data is retained while your subscription is active.
Photos and project data are retained as part of your organisation's project records until deleted by an authorised user or upon account closure.
Location coordinates are never stored and exist only for the duration of the clock in/out verification or address lookup request.
AI assistant conversation history is retained while your account is active.
You may request deletion of your data at any time.
We may retain limited records where legally required (e.g., invoices).
6. Security
We apply measures including encryption in transit (TLS) and at rest, access controls, tenant data isolation, and regular backups. All inter-service communication uses encrypted connections.
7. Your Rights
Under UK GDPR you may:
Access, correct, or delete your data.
Restrict or object to processing.
Port your data to another provider.
Withdraw consent at any time (e.g., for location or push notifications via your device settings).
To exercise your rights, contact us at the address below.
8. International Transfers
We use the OpenAI service for AI assistant functionality, which may process data outside the UK.
9. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via the Service or by email. Continued use after changes constitutes acceptance.
11. Contact
Luke Rutley Ltd
Email: luke@lukerutley.com