Privacy Policy

This policy explains how off-on.site (the Onsite app and its supporting platform, "the service", "we") handles personal data. The service is a private tool used by authorised personnel to plan, carry out, and document field work. It is not a consumer service and is not open to public or customer sign-up.

Accounts are issued to authorised users by the operator of the service. The public cannot create an account.

• Account and device: your name, email address, and role; a device identifier; and, if you enable notifications, a push token. Sign-in tokens are stored securely on your device.
• Work data: planning, jobs, work orders, intake reports, inventory, and related notes entered by authorised users.
• Customer details within a job: names, addresses, and contact details, together with on-site details and photos of the location, used to prepare and document the work.
• Photos and drawings: photos you take or attach, on-site sketches and annotations, and signatures captured for a report.
• Messages: internal chat messages and any attachments you send.
• Technical data: basic logs such as access times and sync activity, used to keep the service secure and reliable.

The camera and photo library are used only when you take or attach a photo. Push notifications, if you enable them, are used only to alert you to new internal messages, and can be turned off at any time in your device settings.

The app does not collect location data. It contains no advertising, analytics, or third-party tracking. We do not profile you, and we do not sell personal data.

Data is shared only with the infrastructure providers needed to run the service, such as hosting and message delivery, and where required by law.

Data is sent over encrypted connections (HTTPS) and stored on managed cloud infrastructure. Access is restricted to authorised users, and sign-in tokens are kept in the device keychain. We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or misuse.

We keep personal data for as long as it is needed for the operational and legal purposes described above, after which it is removed or anonymised.

Your account and its data are managed by the operator that provided your access. To view, correct, or delete your data, or to close your account, contact the administrator within the organisation that gave you access.

We may update this policy from time to time. The date above indicates when it was last revised.