Privacy Policy
Last updated: 27 March 2026
1. Who we are
Scaffa Ltd (“Scaffa”, “we”, “us”) is the data controller for personal data processed through the Scaffa platform. We are registered in England and Wales.
Contact us at: hello@scaffa.co.uk
2. What data we collect
We collect the following categories of personal data:
- Account data: Your name, email address, and password (stored as a secure hash by Supabase Auth).
- Company data: Company name and logo.
- Professional data: CISRS card type, card number, and expiry date that you voluntarily add to your profile.
- Client data: Client names, email addresses, and phone numbers entered when registering scaffolds.
- Inspection records: Scaffold site details, inspection checklists, defect descriptions, inspector signatures, and PDF certificates.
- Usage data: Log data and basic analytics to operate and improve the service.
3. How we use your data
We process your data for the following purposes and legal bases:
| Purpose | Legal basis |
|---|---|
| Providing and operating the service | Contract performance |
| Sending account-related emails (invites, password reset, inspection reminders) | Contract performance / Legitimate interests |
| Generating inspection certificates | Contract performance |
| Improving the service | Legitimate interests |
| Complying with legal obligations | Legal obligation |
4. Who we share data with
We do not sell your data. We share data only with the following service providers who process it on our behalf:
- Supabase — database hosting and authentication (data stored in EU region)
- Resend — transactional email delivery
- Vercel — application hosting (EU region)
All providers are bound by data processing agreements and comply with UK GDPR.
5. How long we keep your data
We retain your data for as long as your account is active. When you delete your account:
- Your personal account data is deleted immediately
- Inspection records may be retained for up to 90 days in backups before permanent deletion
Note: Under Work at Height Regulations 2005, you should keep copies of inspection records for a minimum period. We recommend downloading or exporting your records before closing your account.
6. Your rights
Under UK GDPR, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate data.
- Erasure: Request deletion of your data (right to be forgotten).
- Portability: Receive your data in a structured, machine-readable format.
- Restriction: Ask us to restrict processing of your data.
- Objection: Object to processing based on legitimate interests.
To exercise any of these rights, email hello@scaffa.co.uk. We will respond within 30 days.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
7. Cookies
Scaffa uses strictly necessary cookies only to maintain your login session. We do not use advertising or tracking cookies. No cookie consent banner is required for strictly necessary cookies under UK PECR.
8. Security
We use industry-standard security measures including encrypted data transmission (HTTPS), secure password hashing, and role-based access controls. All data is stored within the European Economic Area.
9. Changes to this policy
We may update this policy from time to time. We will notify you by email of any material changes. Continued use of Scaffa after changes take effect constitutes acceptance of the updated policy.
10. Contact
For any privacy-related questions or to exercise your rights, contact us at hello@scaffa.co.uk.