Quick summary. SiteSign is a trading name of Roman Slyvkanych, a sole trader based in England, providing software for UK construction firms to record worker attendance and produce timesheets. This notice explains how we handle personal data.
For account holders and prospective customers (you, the buyer), we are the data controller. Sections 4–7 below describe what we collect and why.
For workers whose attendance is recorded by a construction firm using SiteSign, the construction firm — your employer or contracting party — is the data controller, and we act as their data processor. If you are a worker with a question about how your data is being used, contact your employer or contracting party first. We can pass requests on to them but cannot answer them ourselves.
You can reach us at info@sitesign.uk for any privacy-related question. You also have the right to complain to the UK Information Commissioner's Office (ICO) — see section 13 below.
1. Who we are
SiteSign is a trading name of Roman Slyvkanych, a sole trader based in England.
Contact: info@sitesign.uk.
Service address available on reasonable written request.
2. Scope of this notice
This notice describes our processing of Personal Data in connection with:
- our website at sitesign.uk and any of its pages, including the marketing landing page, signup, and login flows;
- the SiteSign service when used by an account holder (admin, owner, or invited user); and
- any other communication with us, including support emails.
For worker Personal Data uploaded by our customers (the construction firms using SiteSign), our customer is the controller and we act as their processor. The customer's own privacy notice should describe their processing. Schedule 1 of our Terms of Service governs our processor obligations.
3. When you visit the website
When you visit sitesign.uk, our hosting provider (Netlify) automatically logs basic technical data — including IP address, browser type, pages visited, and timestamps. We use this information for site operation, security, and aggregate usage analysis. We do not use this data to identify individuals.
We do not currently use third-party analytics or advertising trackers on the marketing pages. We use only essential cookies necessary for sign-in and session management once you log in. If we add analytics in future, we will update this notice and ask for your consent where required.
4. When you create an account or take a trial
When you sign up for a Trial or paid Subscription, we collect:
- your name and work email address (account holder);
- your password (stored hashed, not in plain text);
- your company name and, if you choose to add one during setup, first-site details such as site name, site address and client name;
- billing details — only if and when you take a paid Subscription. Card payment details are handled by our payment provider; we do not store full card numbers.
Why we use it. To create and operate your account; to provide the Service to you; to send service-related emails (account confirmations, security notices, billing); to comply with our legal and tax obligations.
Lawful basis. Performance of a contract with you (the Terms of Service); compliance with our legal obligations (for example, UK accounting and tax record-keeping); our legitimate interests in operating, securing, and improving the Service.
5. When you use the Service to record attendance
Once your account is active, you (and Users you invite) generate Customer Data by using the Service. This includes worker profiles, site information, check-ins, hours, timesheets, and approvals.
For this Customer Data, you — the construction firm or sole-trader builder using SiteSign — are the data controller. We process this data only on your instructions, as set out in the Terms of Service and in Schedule 1 (Data Processing Terms).
You are responsible for ensuring you have a lawful basis under UK GDPR for processing worker Personal Data, and for providing your own privacy notice to your workers. We are happy to assist with reasonable enquiries from your workers by directing them to you.
6. When you contact us
If you contact us by email or any other means, we keep a record of the correspondence. We use this information to respond to you, to maintain a record of issues raised, and (in aggregate) to improve the Service. Lawful basis: performance of contract or our legitimate interest in providing support and quality.
7. Where your data is stored
We use the following providers to operate the Service:
- Supabase — database and authentication, currently hosted in the UK region
eu-west-2. File storage may be added in future if the Service introduces uploaded files. - Netlify — website hosting and content delivery. Edge points-of-presence may be located globally for performance.
We have processor arrangements in place with each. We may add or replace providers as our infrastructure evolves; material changes will be reflected in this notice.
8. International transfers
Where any of our sub-processors stores or processes Personal Data outside the United Kingdom or European Economic Area, we rely on appropriate safeguards under UK GDPR — typically the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an applicable adequacy decision.
If you have specific questions about the location of your data, contact us at info@sitesign.uk.
9. How long we keep your data
| Category | Retention |
|---|---|
| Account data (active subscription / trial) | While the account is active, plus 30 days after termination, then deleted from live systems. |
| Customer Data uploaded via the Service | Same as above. |
| Backups containing Customer Data and account data | In line with our backup provider's standard retention cycle, then overwritten. |
| Support correspondence | 2 years from the date of last contact. |
| Billing records | 6 years (UK tax-law requirement). |
| Marketing prospect data (you contacted us but did not become a customer) | Up to 24 months from last contact. |
After the relevant retention period we will delete or anonymise the data, except where a longer period is required by law (for example, accounting records under UK tax law) or where we genuinely need it to deal with a legal claim.
10. Your rights
Under UK GDPR you have the following rights in respect of Personal Data we hold about you:
- to be informed about how we use it (this notice);
- to access a copy of your data;
- to rectify inaccurate data;
- to erase data (“right to be forgotten”) in defined circumstances;
- to restrict processing in defined circumstances;
- to data portability — to receive your data in a structured, commonly used, machine-readable format;
- to object to processing based on our legitimate interests; and
- not to be subject to automated decision-making with legal or similarly significant effect (we do not make such decisions).
To exercise any of these rights, contact us at info@sitesign.uk. We will respond within one month of receiving the request, although we may extend this by a further two months for complex or numerous requests (and will tell you if so).
If you are a worker whose data has been entered by a customer using SiteSign, contact your employer or contracting party first — they are the controller. We can forward a request to them on your behalf.
11. Security
We use reasonable technical and organisational measures designed to protect Personal Data, including access controls and encryption in transit where appropriate, plus reasonable care in selecting and managing our sub-processors.
SiteSign personnel may access customer data only where reasonably required for support, security, service operation, backup or restore, abuse investigation, or legal compliance. We do not access customer data casually.
No system is completely secure, and we cannot guarantee against breach, loss, or corruption. We will notify affected customers without undue delay if we become aware of a personal data breach affecting their data, and we will assist them in meeting their own breach-notification obligations.
We design our processing in line with UK GDPR principles. We do not claim formal certification under any specific security standard.
12. Changes to this notice
We may update this notice from time to time. The current version is shown by date at the top of this page. Where we make changes that materially affect how we use Personal Data, we will notify account holders by email and provide at least 30 days' notice before the change takes effect.
We may record the version accepted and timestamp of acceptance.
13. Contact and complaints
For all privacy-related questions, requests, and complaints: info@sitesign.uk.
You also have the right to complain to the UK Information Commissioner's Office (ICO):
- ico.org.uk
- 0303 123 1113
- Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would prefer the chance to resolve issues directly first, but you do not have to contact us before going to the ICO.