Privacy Policy

Last updated: May 2026

signedin is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your data in compliance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

signedin ("we", "us", "our") is a staff attendance and payroll tracking platform operated by Agora Construction Ltd, based in the United Kingdom. You can contact us at hello@signedin.co.uk.

2. Data We Collect

We collect the following types of data:

Company data: Company name, contact name, email address, password (encrypted)
Staff data: Name, trade/role, pay rates, email address
Attendance data: Check-in/check-out times, dates, site locations
Location data: GPS coordinates at time of check-in/out (only when GPS is enabled by your company admin)
Payment records: Payment amounts, dates, references
Technical data: Browser type, device type, session data stored in your browser's local storage

3. How We Use Your Data

To provide and manage the signedin service
To track staff attendance and calculate payroll
To send account-related emails (registration confirmation, account approval)
To generate reports and valuations
To improve our service and fix issues

4. Legal Basis for Processing

We process your data under the following legal bases:

Contract: Processing necessary to provide the service you signed up for
Legitimate interests: Improving our platform and preventing fraud
Consent: GPS location tracking (you can disable this at any time in Admin Console)

5. GPS Location Data

GPS location tracking is an optional feature. It is disabled by default and must be explicitly enabled by a company administrator. When enabled, staff GPS coordinates are captured at the time of check-in and check-out. This data is stored securely and is only accessible to authorised company administrators.

6. Data Storage & Security

Your data is stored securely using Supabase (hosted on AWS infrastructure in the EU region). We implement industry-standard security measures including encrypted connections (HTTPS), access controls, and regular security reviews.

Passwords are stored using secure hashing. We do not store plain-text passwords.

7. Data Sharing

We do not sell your data to third parties. We may share data with:

Supabase: Our database provider (data processor)
EmailJS: For sending transactional emails
Netlify: For hosting our platform
Law enforcement: If required by law

8. Data Retention

We retain your data for as long as your account is active. If you close your account, we will delete your data within 30 days, except where we are required to retain it for legal or regulatory purposes.

9. Your Rights (UK GDPR)

You have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Limit how we process your data
Portability: Receive your data in a portable format
Object: Object to processing based on legitimate interests

To exercise any of these rights, contact us at hello@signedin.co.uk. We will respond within 30 days.

10. Cookies

We use essential cookies and browser local storage to keep you signed in and remember your preferences. We do not use advertising or tracking cookies. You can decline non-essential cookies via the banner shown on your first visit.

11. Changes to This Policy

We may update this policy from time to time. We will notify active users of significant changes by email. The "Last updated" date at the top of this page will reflect the most recent revision.

12. Contact & Complaints

For privacy-related questions, contact us at hello@signedin.co.uk.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).