Privacy Policy

1. Who We Are

KOMPART LTD (Company No. 17122960) is the data controller for personal data processed through the KOMPART platform. Contact: KOMPARTapp@proton.me

2. What Data We Collect

3. Legal Basis for Processing

We process your data under the following legal bases:

• Contract performance — processing necessary to provide the platform services you have subscribed to
• Legitimate interests — security monitoring, fraud prevention, platform improvement
• Legal obligation — retaining records as required by applicable law
• Consent — where you have explicitly agreed, such as marketing communications

4. How We Use Your Data

• Verifying contractor identity and accreditations before account activation
• Providing compliance record storage and reporting tools
• Processing subscription payments via Stripe
• Sending transactional emails (account approval, inspection submissions, billing)
• Maintaining an immutable audit trail of all platform actions
• Detecting and preventing fraudulent or abusive use

5. Data Sharing

We do not sell your data. We share data only with:

• Supabase — database and authentication infrastructure (EU data residency)
• Stripe — payment processing (PCI DSS compliant)
• Resend — transactional email delivery
• Netlify / Vercel — platform hosting
• Law enforcement or regulators — where required by law

Management companies can view compliance status and inspection records for buildings they manage. Inspection data is not shared between unrelated organisations.

6. Inspection Records and the Building Safety Act

Inspection records captured through KOMPART may constitute part of the "Golden Thread" of building safety information as required under the Building Safety Act 2022. These records are stored with tamper-evident hashing and immutable audit logs. They may be disclosed to regulators, enforcement officers, or courts where required by law.

7. Data Retention

• Account data: retained for the duration of the subscription plus 7 years
• Inspection records: retained indefinitely as compliance evidence (Building Safety Act obligations)
• Payment records: retained for 7 years (legal obligation)
• Audit logs: retained for 10 years
• After account deletion: 30-day data export window, then active deletion

8. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (subject to legal retention obligations)
• Object to processing based on legitimate interests
• Data portability — receive your data in a machine-readable format
• Lodge a complaint with the ICO at ico.org.uk

To exercise your rights, contact KOMPARTapp@proton.me. We will respond within 30 days.

9. Security

All data is encrypted at rest and in transit. We implement row-level security, access controls, and audit logging. Contractor accounts are gated behind manual verification. We conduct regular security reviews. In the event of a data breach, we will notify affected users and the ICO as required by law.

10. Cookies

The KOMPART platform uses only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email with 14 days notice. The current version is always available at kompart.co.uk/privacy.html.

12. Contact

Data Controller: KOMPART LTD, Company No. 17122960
Email: KOMPARTapp@proton.me