Privacy Policy
Last updated: [DATE] · Effective date: [DATE]
[COMPANY LEGAL NAME] (“we”, “us”, “our”) operates the Squared mobile application (the “App”), which helps tradespeople and builders log site variations, capture customer approvals on site, record daily site diaries, and automatically log weather conditions for active job sites.
This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights you have over it. It applies to all users of the App. If you do not agree with this policy, please do not use the App.
1. Who is responsible for your data (Data Controller)
For the purposes of the EU/UK General Data Protection Regulation (GDPR), the data controller is:
- [COMPANY LEGAL NAME]
- [REGISTERED ADDRESS]
- Email: au.su.leslie@gmail.com
- [If applicable] EU/UK Representative: [NAME / ADDRESS]
- [If applicable] Data Protection Officer: [NAME / EMAIL]
2. Information we collect
We only collect information needed to provide and improve the App.
2.1 Information you provide
- Account & contact details: name, email address, phone number, business name, and login credentials.
- Customer/contact details you enter: names, phone numbers, and email addresses of customers or builders you create variations or approvals for.
- Site & work content: variations, approvals, signatures, site diary entries, notes, and job/site details you create in the App.
- Photos: images you capture with your camera or select from your library to attach to variations or diary entries.
2.2 Information collected automatically
- Location data: precise and/or approximate geolocation, used to tag job sites, enable address lookup, and retrieve local weather for active sites.
- Device identifiers: a device or installation identifier used to operate the App, secure your account, and provide support.
- Usage & diagnostic data: app version, device model, operating system, crash logs, and basic interaction logs used to keep the App working and to improve the user experience. This data is processed by our error-tracking and analytics service providers (see Section 4).
- App usage events: anonymised event signals (e.g. features used, actions taken) used to understand how the App is used in aggregate and to guide product improvements. These events do not include the content of your diaries, variations, or photos.
2.3 Information from third parties
- Weather data: weather information for your sites retrieved from our weather data provider based on site location.
- Address suggestions: when you type an address, suggestions are provided by Google Places.
We do not knowingly collect data from anyone under the age of 16 (or the minimum age in your jurisdiction). The App is intended for business/professional use by adults.
3. How we use your information (and our legal bases)
Under GDPR, we rely on the following legal bases:
| Purpose | Examples | Legal basis (GDPR) |
|---|---|---|
| Provide the App’s core features | Creating variations, approvals, site diaries; storing photos | Performance of a contract |
| Location features | Tagging sites, address autocomplete, daily weather logging | Performance of a contract / Consent (device permission) |
| Send transactional communications | Emailing variations/approvals to your customers; account emails | Performance of a contract / Legitimate interests |
| Secure accounts & prevent abuse | Authentication, fraud prevention | Legitimate interests / Legal obligation |
| Maintain & improve the App | Crash diagnostics, troubleshooting, and understanding how features are used in aggregate | Legitimate interests |
| Comply with law | Responding to lawful requests, record-keeping | Legal obligation |
We do not use your personal information for advertising, and we do not sell your personal information.
4. How we share your information
We share personal information only as described below:
- At your direction: when you send a variation, approval request, or document to a customer or builder, we share the relevant content with that recipient (e.g. by email).
- Service providers (processors) who help us run the App under contract:
- Amazon Web Services (AWS) S3 — secure storage of your content and photos.
- Amazon Web Services (AWS) SES — sending emails (e.g. variations and approvals) on our behalf.
- Google Places (Google LLC) — address search and autocomplete.
- [WEATHER PROVIDER] — supplying weather data for your sites.
- Sentry (Functional Software, Inc.) — error and crash tracking. Sentry receives technical diagnostic data such as stack traces, device type, app version, and a pseudonymous user identifier when a crash or error occurs. Sentry does notreceive your email address or the content of your diaries, variations, or photos. Sentry’s privacy policy: sentry.io/privacy.
- PostHog (PostHog, Inc.) — product analytics. PostHog receives anonymised usage event data (e.g. which features are used, actions taken) and a pseudonymous user identifier. PostHog does not receive the content of your diaries, variations, photos, or customer details, and we do notuse PostHog for advertising or cross-context behavioural tracking. PostHog’s privacy policy: posthog.com/privacy.
- Legal & safety: where required by law, regulation, legal process, or to protect the rights, property, or safety of users or the public.
- Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this policy.
We require all service providers to protect your data and to use it only for the services they provide to us.
5. International data transfers
Your information may be processed in countries other than where you live, including the United States (where AWS, Google, Sentry, and PostHog operate infrastructure). Where we transfer personal data out of the EEA, UK, or other regulated regions, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses and equivalent mechanisms. Sentry and PostHog are both certified under applicable data transfer frameworks.
6. How long we keep your data (Retention)
We keep personal information for as long as your account is active and as needed to provide the App. After account closure, we delete or anonymize your personal data within [e.g. 30–90] days, except where we must retain certain records to comply with legal, tax, accounting, or dispute-resolution obligations. Backups are purged on a rolling cycle of [e.g. up to 90 days].
Archived and inactive content. To keep your workspace tidy and to manage storage, we reserve the right to delete or anonymize archived, completed, or otherwise inactive sites, jobs, and projects (together with their associated diaries, variations, and photos) once they are older than 12 months, at our discretion and without further notice. You are responsible for exporting or saving any records you wish to keep before they reach this age. This does not affect records we are legally required to retain.
7. Your privacy rights
7.1 GDPR (EEA/UK) rights
You have the right to: access your data; correct inaccurate data; delete your data (“right to be forgotten”); restrict or object to processing; data portability; and withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority.
7.2 CCPA/CPRA (California) rights
California residents have the right to: know/access the categories and specific pieces of personal information collected; delete personal information; correct inaccurate information; and opt out of “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA, and we do not use it for cross-context behavioral advertising. We will not discriminate against you for exercising your rights.
7.3 How to exercise your rights
Contact us at au.su.leslie@gmail.com or use the in-app controls described in Section 8. We will verify your request and respond within the timeframe required by law (generally 30 days under GDPR; 45 days under CCPA, extendable as permitted). You may use an authorized agent where the law allows.
8. Data deletion
You can delete your data at any time:
- In-app: Go to [Settings → Account → Delete Account]. This permanently deletes your account, your variations, site diaries, photos, and associated personal data from our active systems.
- By request: Email au.su.leslie@gmail.com from your registered email with the subject line “Delete My Account”. We will verify and process the request.
After we process a deletion request:
- Your personal data is removed from our production databases and from AWS S3 storage, and is purged from backups within [e.g. 90 days].
- We may retain a minimal record (e.g. that an account was deleted) and any data we are legally required to keep, in de-identified or restricted form.
- Content you previously sent to a customer (e.g. an emailed approval) cannot be recalled from that recipient.
9. Security
We use industry-standard safeguards including encryption in transit (TLS), encryption at rest for stored content, access controls, and least-privilege practices with our cloud providers. No method of transmission or storage is 100% secure, but we work to protect your information and to notify you and regulators of breaches where legally required.
10. Permissions we request on your device
- Camera — to capture photos for variations and site diaries.
- Photo Library — to attach existing photos.
- Location — to tag sites, autocomplete addresses, and log daily weather for active sites.
You can change or revoke these permissions at any time in your device settings. Disabling a permission may limit related features.
11. Children’s privacy
The App is not directed to children and is intended for business use by adults. We do not knowingly collect personal data from children under 16. If you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. Material changes will be notified in the App or by email. The “Last updated” date reflects the latest version.
13. Contact us
- [COMPANY LEGAL NAME]
- Email: au.su.leslie@gmail.com
- Address: [REGISTERED ADDRESS]