Privacy Policy

Variation Tracker is a web application built for UK contractors and small construction businesses to log variations, obtain client sign-off, and export invoices. We are the data controller for the personal data you provide when using this service. If you have any questions about how we handle your data, contact us at hello@variationtracker.co.uk.

We collect the following categories of personal data: • Account information — your name and email address, provided when you register or sign in. • Job and variation data — project names, client names, site addresses, variation descriptions, amounts, and any notes or attachments you upload. This is data you enter yourself. • Usage data — pages visited, actions taken within the app, and error logs. This is collected to help us fix bugs and improve the product. • Device and connection data — IP address, browser type, and operating system, collected automatically when you use the service. We do not collect payment card details. Any billing is handled by a third-party payment processor (Stripe) under their own privacy policy.

We use your data to: • Provide the Variation Tracker service — authenticating you, storing your jobs and variations, and generating exports. • Communicate with you — sending account-related emails (e.g. password reset, sign-off notifications). • Improve the product — analysing usage patterns to understand what works and what needs fixing. • Meet legal obligations — retaining records as required by UK law. We do not sell your data to third parties. We do not use your data for advertising.

Under the UK GDPR, we rely on the following lawful bases: • Contract performance — processing your account data is necessary to provide the service you signed up for. • Legitimate interests — analysing usage data to improve the product, where this does not override your rights. • Legal obligation — retaining certain records as required by law.

We share data only with the following trusted processors, all operating under appropriate data processing agreements: • Supabase — our database and authentication provider. Data is hosted on servers in the EU. • Vercel — our hosting provider. Handles request routing and edge functions. • Stripe — payment processing (if applicable to your plan). We do not share your data with your clients or any other third party without your explicit instruction.

We retain your account and project data for as long as your account is active. If you close your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (for example, financial records which may be kept for up to 6 years under UK tax law).

Under UK GDPR you have the right to: • Access — request a copy of the personal data we hold about you. • Rectification — ask us to correct inaccurate data. • Erasure — ask us to delete your data (subject to legal retention requirements). • Restriction — ask us to limit how we use your data in certain circumstances. • Portability — receive your data in a machine-readable format. • Object — object to processing based on legitimate interests. To exercise any of these rights, email us at hello@variationtracker.co.uk. We will respond within 30 days. If you are unhappy with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

We use a small number of cookies necessary for the service to function. See our Cookie Policy for details.

We may update this policy from time to time. We will notify you of significant changes by email or by displaying a notice in the app. The date at the top of this page shows when it was last updated.