PRIVACY POLICY
Effective Date: 30th September 2025
Last Updated: 23rd September 2025
This Privacy Policy explains how Bricks and Bot Ltd ("we", "us", "our") collects, uses, and protects your personal data when you use Buildsnpper, Buildsnpper Assessor, and Buildsnpper Manager mobile applications (the "Apps").
By using our Apps, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use our Apps.
1. DATA CONTROLLER
Bricks and Bot Ltd
Company No: 15693496
Address: 9 Quayside, Congleton, Cheshire
Email: dpo@bricksandbot.com
Phone: +33669728889
2. CRITICAL INFORMATION ABOUT DATA STORAGE
2.1 Local Device Storage
IMPORTANT: Photo evidence and associated metadata are stored locally on your device. You are solely responsible for:
- Backing up locally stored data
- Protecting against data loss
- Ensuring data security on your device
- Managing device storage capacity
We cannot access, recover, or be held liable for locally stored data.
2.2 Cloud Storage (Optional)
If you choose to enable cloud backup:
- Data is stored in Firebase Storage (see Section 5)
- You remain responsible for data management
- We process data as outlined in this policy
3. DATA WE COLLECT
3.1 Information You Provide
- Account information (name, email, company, DEA certification details for assessors)
- Subscription payment details (processed by Apple/Google for in-app purchases)
- Assessor payment information for client license purchases (processed by Stripe via web portal)
- Project information and descriptions (including Part L evidence requirements)
- Photos and metadata (stored locally unless cloud backup enabled)
- Assessor profile information (for discovery in app and report branding)
3.2 Automatically Collected Information
- Device information (model, OS version, unique identifiers)
- App usage data and analytics
- Crash reports and performance metrics
- Location data (when permission granted)
- IP address (for security and analytics)
3.3 Third-Party Data
- Authentication data from sign-in providers
- Payment confirmation from app stores
- Client assignment data when assessors purchase licenses on behalf of clients
3.4 Assessor Portal Data
When using the assessor web portal, we additionally collect:
- License purchase history and client assignments
- Bulk purchase preferences
- Assessor branding for reports
- Client project management data
- Evidence review and download activity
4. LEGAL BASIS FOR PROCESSING
We process your data based on:
- Contract Performance: To provide subscription services
- Legitimate Interests: For security, analytics, and service improvement
- Consent: For marketing communications and optional features
- Legal Obligations: To comply with applicable laws
5. THIRD-PARTY SERVICES AND DATA PROCESSORS
5.1 Firebase Services (Google LLC)
- Purpose: Analytics, authentication, storage, crash reporting
- Data Processed: Device info, usage data, crash logs, stored files
- Location: USA (Data Privacy Framework certified)
- Retention: 90 days (analytics), until deletion (authentication)
- Privacy Policy: https://policies.google.com/privacy
5.2 Algolia
- Purpose: Search functionality within apps
- Data Processed: Search queries, project metadata
- Location: EU/US (Standard Contractual Clauses)
- Retention: 90 days
- Privacy Policy: https://www.algolia.com/policies/privacy
5.4 Stripe (Assessor Portal Only)
- Purpose: Payment processing when assessors purchase licenses for clients via web portal
- Data Processed: Assessor's payment card details, billing information, transaction records
- Location: EU/US (Standard Contractual Clauses)
- Note: Card details are processed directly by Stripe; we do not store payment card information
- Privacy Policy: https://stripe.com/privacy
5.5 App Stores
- Google Play Services: Device data, purchase information, handles all in-app subscription billing
- Apple App Store: Account data, purchase information, handles all in-app subscription billing
- Note: App stores control all refund decisions for in-app purchases
6. INTERNATIONAL DATA TRANSFERS
Your data may be transferred outside the UK/EU. We ensure appropriate safeguards:
- Data Privacy Framework certification
- Standard Contractual Clauses
- Adequacy decisions where applicable
7. DATA RETENTION
| Data Type |
Retention Period |
| Account Data |
Duration of account plus 6 years (legal obligations) |
| Local Device Data |
Until you delete from device |
| Cloud Backup |
Until you request deletion |
| Analytics Data |
90 days |
| Financial Records |
7 years (UK tax requirements) |
| Payment Data |
Transaction records retained per legal requirements; card details not stored |
| Marketing Data |
Until consent withdrawn |
8. YOUR RIGHTS
Under UK/EU GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
- Complain to the ICO (UK) or CNIL (France)
Contact privacy@bricksandbot.com to exercise your rights.
9. DATA SECURITY
9.1 Technical Measures
- Encryption in transit (TLS)
- Secure authentication
- Regular security updates
- Access controls
- No storage of payment card details (handled by Stripe/App Stores)
9.2 Your Responsibilities
- Device security (PIN, biometric locks)
- Regular backups of local data
- Secure network usage
- Strong password selection
10. COOKIES AND TRACKING
10.1 Mobile App Tracking
- Firebase Analytics (helps improve app)
- Crash reporting (essential for app stability)
- Performance monitoring (helps improve app)
10.2 Managing Preferences
- Analytics opt-out in app settings
- Device-level tracking controls
- Do Not Track respected where technically feasible
11. CHILDREN'S PRIVACY
Our Apps are not intended for children under 18. We do not knowingly collect children's data. Contact us immediately if you believe we have collected data from a child.
12. DATA BREACH NOTIFICATION
In case of a data breach affecting your rights and freedoms:
- We will notify the ICO within 72 hours
- We will notify affected users without undue delay
- We will provide information about the breach and mitigation steps
13. PRIVACY BY DESIGN
We implement privacy by design principles:
- Data minimization
- Purpose limitation
- Privacy defaults
- Transparency
- User control
14. MARKETING COMMUNICATIONS
14.1 Email Marketing
- Only with explicit consent
- Managed through MailerLite
- Unsubscribe link in every email
15. CHANGES TO THIS POLICY
15.1 Updates
We may update this Privacy Policy to reflect changes in our practices or legal requirements.
15.2 Notification
Material changes will be notified through:
- In-app notifications
- Email to registered users
- 30 days' notice before changes take effect (unless required sooner by law)
15.3 Your Options
If you disagree with Privacy Policy changes:
- You may stop using the Apps and request data deletion
- Subscription users: Continue access until current paid period ends under previous policy
- Free users: Must accept new policy or lose access immediately
- Passive acceptance: Continued use after notice period constitutes acceptance
- After the current period, continued use requires acceptance of the new policy
- No refunds for unused subscription time if you choose to discontinue use
- You retain the right to request deletion of your personal data per Section 8
15.4 Legal Requirements
Changes required by law or regulatory requirements may take effect immediately with notice.
16. CONTACT US
Data Protection Queries:
Email: dpo@bricksandbot.com
Phone: +33669728889
Address: 9 Quayside, Congleton, Cheshire
Data Protection Officer:
Andrew McCracken
dpo@bricksandbot.com
Supervisory Authorities:
Location Services
This Application collects your device's location, which helps us determine your approximate geographical location for:
- Geolocation Services: Adding location metadata to Part L compliance photographs
- Compliance Requirements: Location data may be required for certain building regulation evidence requirements
Your Consent
By using the Application, you consent to our processing of your information as set forth in this Privacy Policy now and as amended by us. "Processing" means using cookies on a computer/handheld device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information.
