1. Who we are
dBrief is a software service operated by Eurosat (Scotland) Limited (“we”, “us”, “our”), a company registered in Scotland.
- Company number: SC204360
- Registered office: 30 Couper Street, Glasgow, G4 0DL
- ICO registration number: ZB146676
- Contact for data matters: support@dbrief.co.uk
We are the data controller for personal data we collect directly about you as a dBrief user (your account, profile and billing data). Where you upload personal data about your customers through the service, you are the controller and we act as your data processor — see section 9.
2. What data we collect
2.1 Information you give us when you register
- Full name
- Email address
- Password (stored hashed by our authentication provider — we never see it in plain text)
- Account type (sole trader, small company, company or engineer)
- Company name (where applicable)
2.2 Profile and branding
- Company logo (uploaded image)
- Company contact details (phone, email, website, address)
- Accreditations (e.g. CAI, CEDIA, NICEIC)
- Brand accent colour
2.3 Job records you create in the app
- Customer name, phone, email and address
- Property type, job type, signal readings, equipment lists, photos, notes, signatures, outcome
- Date, engineer, job reference
2.4 Billing data
- Subscription plan, billing email, subscription status (active, trialing, past_due, cancelled)
- Payment-card details are handled entirely by our payment processor (Stripe) — we never see or store card numbers, CVCs or expiry dates
2.5 Diagnostic data
- Error and event logs are stored locally in your browser’s storage (not on our servers) via our in-app logger, and are only transmitted to us if you choose to send them with a support request
- Standard web-server access logs (IP address, user agent, timestamps) held by our hosting provider for security and abuse-prevention purposes
3. How we use your data
| Purpose | Lawful basis |
|---|---|
| Operate your account and deliver the service | Performance of contract |
| Process subscription payments and send invoices/receipts | Performance of contract |
| Send transactional emails (engineer job assignments, customer report share-links, password resets, billing notices) | Performance of contract |
| Provide support when you contact us | Legitimate interest (responding to your enquiry) |
| Detect, prevent and investigate fraud, abuse or security incidents | Legitimate interest (protecting the service and our users) |
| Comply with legal, accounting and tax obligations | Legal obligation |
We do not use your data for advertising or sell it to third parties.
4. Who we share your data with
We use a small number of carefully selected third-party providers (“sub-processors”) to deliver the service. Each is bound by a written data-processing agreement and only receives the minimum data needed for its function.
| Provider | What it handles | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU / US (SCCs in place) |
| Netlify | Static website hosting + access logs | US (SCCs in place) |
| Stripe | Subscription billing and payment-card processing | UK / US (SCCs in place) |
| Resend | Transactional email delivery (job assignments, customer share-links) | US (SCCs in place) |
| Google Fonts | Web font delivery (your browser fetches font files from Google) | US |
We may also disclose data where required by law, court order, or to protect our rights, property or safety (or that of our users or the public).
5. International transfers
Some of our sub-processors are based in the United States. Where personal data is transferred outside the UK / European Economic Area, we rely on:
- The UK’s adequacy regulations where they apply; or
- Standard Contractual Clauses (SCCs) plus, where appropriate, supplementary technical and organisational measures.
6. How long we keep your data
- Account & profile data: for as long as your account is active, plus 12 months after cancellation to allow account recovery.
- Job records: for as long as your account is active. On account deletion, all job data is deleted within 30 days unless we are legally required to retain it.
- Billing records: retained for 6 years after the end of the relevant tax year, as required by HMRC.
- Backups: may persist for up to 30 days after deletion before being overwritten.
7. Your rights
Under UK GDPR and the Data Protection Act 2018, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — ask us to delete your data (subject to legal retention requirements)
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — where we rely on consent, you can withdraw it at any time
To exercise any of these rights, email support@dbrief.co.uk. We will respond within one month.
If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner’s Office (ICO).
8. Cookies and local storage
dBrief does not use marketing or analytics cookies. We do not track you across websites.
We use the following strictly-necessary client-side storage:
- Authentication tokens (in browser
localStorage) — keep you signed in between sessions - Draft job cache (in browser
localStorage) — saves your in-progress jobs offline so they aren’t lost if you lose signal - Diagnostic log (in browser
localStorage) — recent errors, recoverable on request to help us debug issues
You can clear this data at any time from your browser settings. None of it is sent to us automatically.
9. Customer data — processor terms
When you upload personal data about your customers (their name, address, signature, photos of their property, etc.) you are the data controller and we are your data processor. By using dBrief you instruct us to process that data on your behalf, and you confirm that:
- You have a lawful basis under UK GDPR to upload it (typically performance of your installation contract);
- You will provide your customers with appropriate privacy information about how their data will be handled;
- You will only upload data that is necessary for completing and documenting the job.
As your processor, we will:
- Only process the data on your documented instructions (i.e. as required to operate the service);
- Use the sub-processors listed in section 4 above, who are bound by equivalent terms;
- Apply appropriate technical and organisational security measures (encryption in transit, role-based access controls, row-level database security);
- Assist you with data-subject requests and breach notifications;
- Delete or return customer data to you on termination of your account (subject to legal retention).
10. Security
We protect your data with:
- HTTPS / TLS encryption for all data in transit
- Encryption at rest on our database
- Row-level security policies that prevent users from seeing each other’s data
- Hashed password storage
- Multi-factor authentication on all administrative access
- Regular review of access permissions and dependencies
No service is 100% secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO within the timescales required by UK GDPR (without undue delay, and within 72 hours where feasible).
11. Children
dBrief is a business tool intended for use by professional installers. It is not directed at, and we do not knowingly collect data from, children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you by email and/or via a prominent notice in the app at least 30 days before they take effect. The “Last updated” date at the top of this page always reflects the current version.
13. Contact
Questions, requests or complaints relating to this policy or your data:
- Email: support@dbrief.co.uk
- Post: Eurosat (Scotland) Limited, 30 Couper Street, Glasgow, G4 0DL