1. Who we are
AllForProjects is a software platform operated by AllForProjects Ltd (company number 17219055, registered in England & Wales, registered office: Unit 4 Winchester Works, Malt Mill Lane, Halesowen, West Midlands, B62 8JF) ("we", "us", "our"). The services covered by this policy are: the AllForProjects web application at my.afpro.app, the AFPro mobile application available on the Apple App Store and Google Play Store, the marketing website at allforprojects.com, and the public customer portal pages used to sign quotes and pay invoices.
For questions about this policy or to exercise your data-protection rights, contact us at privacy@allforprojects.com.
2. Roles — controller vs processor
AllForProjects is a multi-tenant business platform. When a UK trades business ("the Customer") signs up, that business decides what personal data to put into the platform — typically details of their own customers, sites, contacts, employees and the work they do.
- For data the Customer enters about their customers, sites and contacts, the Customer is the data controller and we are a data processor.
- For data we collect about Customer staff (login email, name, role, security audit log), we are a joint controller.
- For data about visitors to
allforprojects.com, we are the data controller.
3. Data we collect
3.1 Account data (you, the Customer's staff)
- Name, email address, phone number, role (owner / staff / engineer)
- Hashed password (we never see or store passwords in plain text)
- Login history and security-relevant audit events (sign-in, sign-out, role changes)
- Security group memberships and effective permissions
3.2 Operational data the Customer enters
- Customer, site and contact records (name, address, phone, email, notes)
- Quotes, jobs, invoices, certificates, projects, line items, prices
- Engineer assignments and job lifecycle history
- Per-customer pricing overrides and labour rates
- Inventory items and supplier records
- Receipts and expense allocations
3.3 Field data captured on the AFPro mobile app
- Photos taken at the job site (before/after work, board photos, snags). Stored against the job record.
- Customer signatures drawn on a signature pad at job completion or quote acceptance. Stored as PNG images attached to the job or quote record.
- Push notification tokens issued by Apple (APNs) or Google (FCM) for the engineer's device.
- Location is not tracked. The mobile app uses location only when the engineer taps a site address to open it in their device's maps app — at that moment your operating system may share your current location with the maps app. We never receive or store engineer location.
- Pre-job safety checklist acknowledgements (which items the engineer ticked, with timestamp).
- Offline transition queue contents (job state changes captured offline, sent to our server on reconnect).
3.4 Public portal data (the Customer's own customers)
When a Customer sends a quote or invoice to their customer via email, the recipient can review, sign or pay through a public-token portal page. We collect:
- Signer name and (optional) email when accepting a quote
- Signature image (PNG, drawn on canvas)
- IP address and user-agent string of the signing device, for audit purposes
- Stripe Checkout payment metadata when an invoice is paid online (we do not see or store card numbers — Stripe handles those directly)
3.5 Technical data
- IP address, browser type, language preference (server access logs, retained 30 days)
- Device type and OS version (mobile app — used to size the UI)
- Crash reports and error logs (no personal data is intentionally included)
4. How we use it (lawful basis)
We process the data above on the following UK GDPR lawful bases:
- Contract — to provide the platform to the Customer who signed up.
- Legitimate interests — to keep the platform secure (audit logs, abuse detection), to fix bugs (crash reports), and to develop the product.
- Legal obligation — to retain accounting records (invoices, receipts) for the period required by HMRC.
- Consent — only where explicitly asked, e.g. push notifications on the mobile app, or marketing emails (we do not currently send any).
5. Who we share it with
We use a small set of trusted third-party processors to operate the platform. We do not sell personal data to anyone, ever.
| Processor | Purpose | Region |
|---|---|---|
| Railway | Application + database hosting | EU (Frankfurt) |
| Cloudflare R2 | File storage (photos, signatures, PDFs) | EU |
| Cloudflare Pages | Marketing site hosting | Global edge |
| Resend | Transactional email delivery | EU / US (configurable) |
| Stripe | Online invoice payment processing | UK / EU / US |
| Apple (APNs) | iOS push notification delivery | Global |
| Google (FCM) | Android push notification delivery | Global |
| Anthropic | AI-powered observation suggestions on certificate photos (only when the engineer explicitly taps "AI Suggest"); photos are sent to Anthropic's API and not retained for training | EU / US |
| Expo | Push notification routing for the mobile app build pipeline | US |
Each processor is bound by a data processing agreement that requires UK-GDPR-equivalent protection. Where data is transferred outside the UK / EEA, we rely on the UK International Data Transfer Addendum or equivalent Standard Contractual Clauses.
6. How long we keep it
- Account data — for the life of the Customer's subscription, plus 90 days after closure (in case of restoration).
- Operational data (jobs, quotes, invoices, certificates, photos, signatures) — retained for 7 years after creation, in line with HMRC accounting record retention rules. The Customer can request earlier deletion of records they're permitted to delete under their own retention policy.
- Server access logs — 30 days.
- Stripe payment records — retained by Stripe under their own retention policy (typically 7 years for tax compliance).
- Push notification tokens — purged when the engineer signs out or uninstalls the app.
7. Your rights
Under the UK GDPR you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Have your data erased (subject to overriding legal retention obligations)
- Restrict or object to processing
- Data portability — receive your data in a common machine-readable format
- Withdraw consent where processing is based on consent
- Lodge a complaint with the Information Commissioner's Office (ico.org.uk)
To exercise any of these rights, email privacy@allforprojects.com. We respond within one calendar month.
Note: where AllForProjects is acting as a processor on behalf of a Customer (your trades business, gym, landlord etc), please direct your access / deletion request to that Customer in the first instance — they control what they store about you.
8. Security
- All web and API traffic is encrypted in transit (TLS 1.2+).
- Passwords are hashed with Argon2id; we never store or log plaintext passwords.
- Stored files (photos, signatures, PDFs) sit in encrypted-at-rest cloud storage.
- Per-tenant isolation is enforced at every database query — one Customer's data is never returned in another's response.
- Role-based access control (security groups) governs both the web app and the mobile app on a per-action basis.
- Every mutation is recorded in a per-tenant audit log retrievable by Owner-role users.
- Card numbers are handled exclusively by Stripe Checkout — they never touch our servers.
9. Cookies
The marketing site at allforprojects.com sets no cookies. The application at my.afpro.app sets a single first-party HTTP-only cookie (afp_session) to keep you signed in. We do not use third-party analytics, ad networks, or tracking pixels.
10. Children
AllForProjects is a B2B platform for trades businesses. It is not directed at children, and we do not knowingly collect personal data from anyone under 18.
11. Changes to this policy
We update this policy when our processing changes meaningfully. The "last updated" date at the top reflects the most recent revision. Material changes are emailed to account owners.