Legal
How ComplyScope collects, uses, and protects your personal data.
ComplyScope is a compliance technology service for the UK construction sector. We provide automated document review and compliance management tools. Our contact email is hello@complyscope.co.uk.
ComplyScope acts as a data processor under the GDPR. You (the subscriber or your organisation) are the data controller responsible for the personal data contained in the documents you upload.
Account data: When you register, we collect your name, email address, and password (hashed). If you subscribe, we also store a Stripe customer ID linked to your billing record.
Documents you upload: RAMS, safety statements, insurance certificates, training certificates, and other HSEQ documents. These may contain the names, certification numbers, and company information of your workers or subcontractors.
Processed outputs: Gap report verdicts and summary counts (number of significant, major, and minor gaps). We do not store the full content of gap reports on our servers — reports are returned to your SharePoint or OneDrive folder where connected, or displayed in your dashboard session.
Usage data: Standard server logs including IP addresses, browser type, pages visited, and timestamps. These are used for security monitoring and service improvement.
Billing data: Processed by Stripe. We do not store full card details. We retain Stripe customer IDs and subscription status to manage your account.
We do not use your data for advertising. We do not sell your data to third parties.
You may request deletion of your account and associated data at any time by emailing hello@complyscope.co.uk.
We use the following third-party services to operate the platform. Each acts as a sub-processor under the GDPR and has agreed to appropriate data protection terms:
Your account data and uploaded documents are stored in Ireland (Supabase on AWS eu-west-1; Vercel dub1). Document content is transmitted to Anthropic's API for analysis — Anthropic is a US-based processor. This transfer is necessary to provide the core service. Processing by Anthropic is transient; no document content is stored after the API call completes.
Under the UK GDPR and the Data Protection Act 2018, you have the right to:
To exercise any of these rights, email hello@complyscope.co.uk. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.
A Data Processing Agreement (DPA) is available on request — email hello@complyscope.co.uk. A signed DPA is required before any commercial engagement where you upload documents containing personal data of third parties (workers, subcontractors).
The ComplyScope application uses session cookies to maintain your logged-in state. These are strictly necessary for the service to function and do not require consent under ePrivacy rules. We do not use advertising, tracking, or analytics cookies.
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be notified by email to registered users. The current version is always available at this URL.
For any questions about this policy or to exercise your data rights: hello@complyscope.co.uk
ComplyScope identifies gaps in compliance documentation against current UK legislative requirements. It does not constitute approval, sign-off, or verification of compliance. Responsibility for document review and approval remains with the duty holder.