Privacy Policy

This privacy policy explains how D4N LTD ("GroundPin", "we", "us") collects, uses, and protects personal information when you use the GroundPin platform. We act as a data controller for account information and as a data processor for the utility and site records you upload on behalf of your organisation.

Who we are

GroundPin is operated by D4N LTD, Company No. 17061504, registered in England and Wales. We are registered with the UK Information Commissioner's Office (ICO) for the processing of personal data under UK GDPR and the Data Protection Act 2018.

What we collect

• Account data: your name, email address, password hash (managed by Clerk), and organisation membership.
• Content you create: sites, pins, photos, annotations, notes, verifications and any free-text you enter. Photos are stored on Cloudflare R2 in the EU. Coordinates are stored in PostGIS on a UK-based server.
• Usage data: an activity log of actions (e.g. "pin created", "photo uploaded") linked to your user ID, used for audit and incident investigation.
• Billing data: if your organisation is on a paid plan, Stripe processes and stores payment details on our behalf. We receive only the subscription status, plan, and seat count.
• Device data: standard request metadata (IP address, user agent) retained for 30 days for security and abuse prevention.
• Share-link viewer data: when someone opens a shared site link, we log the hash of their IP address (salted with a server-side secret, not reversible), a truncated user-agent string, and the access timestamp. We do not store the raw IP. This is retained alongside the rest of the activity log so the issuing organisation can investigate misuse of a link they have shared.

Mobile app permissions

When you install the GroundPin app on iOS or Android, we only request the following device permissions and only use them for the purposes described:

• Camera: used when you tap "Take photo" to attach a photo to a pin. We never capture images in the background. The camera is not used for face detection, analytics, or advertising.
• Photos / media library: used when you tap "Choose from library" to attach an existing photo to a pin. We only read the specific photos you select; we do not scan your full library.
• Precise location: used to drop pins at your current GPS position and centre the map on where you are. We do not record a location history and we do not read your location when the app is in the background.
• Push notifications: used to notify you when teammates share a pin with you, when a site you're assigned to is updated, or when your organisation admin posts an announcement. You can disable these any time in your device settings.

How we use it

• To provide the service and deliver the features you request.
• To operate billing, seat management, and account recovery.
• To maintain the audit trail of construction records (industry best practice is 6–7 year retention).
• To investigate security incidents and prevent abuse.

We do not sell personal data and we do not use your content to train AI models.

Your rights (UK GDPR)

You have the right to access, rectify, port, restrict, and erase your personal data. You can exercise these directly from the app:

• Access & portability: contact us at privacy@groundpin.co.uk — we respond within 30 days.
• Delete your account: Profile → Delete account. This removes your account and anonymises your contributions (the construction records themselves are retained for the legal audit period under your organisation's ownership; your personal identifiers are severed).
• Complain: if you're unhappy with how we handle your data you can complain to the ICO at ico.org.uk.

Retention

• Account data: while your account is active, plus 30 days after deletion for incident investigation.
• Construction records (sites, pins, photos, annotations): retained by your organisation for up to 7 years to meet industry audit expectations. Deleted pins sit in the restore bin indefinitely until an organisation admin hard-deletes them. When an individual leaves an organisation their contributions stay with the organisation but their personal identifiers are anonymised.
• Activity log: retained for 7 years, then purged.
• Billing records: retained for 7 years (HMRC requirement).

Sub-processors

• Clerk — identity & authentication (USA, SCCs in place)
• Cloudflare R2 — photo storage (EU)
• Mapbox — map tiles (USA, SCCs in place)
• Stripe — payment processing (USA / Ireland)
• Laravel Forge / DigitalOcean — hosting (UK)

Contact

Data protection enquiries: privacy@groundpin.co.uk