Terms of Service

[Company Name] (“we”, “us”, “our”) operates SiteProof, a construction compliance management platform (the “Service”). These Terms of Service (“Terms”) govern your access to and use of the Service. By creating an account or using the Service, you agree to be bound by these Terms.

Our registered address is [Registered Address].

SiteProof is a software-as-a-service platform that helps UK construction companies organise, track, and evidence their health and safety obligations. The Service is intended for business customers only and is not offered to consumers.

SiteProof is a compliance management and assistance tool. It is designed to help you organise records, track obligations, and produce evidence documentation. It does not guarantee compliance with any regulation, legislation, or standard, including but not limited to:

• The Construction (Design and Management) Regulations 2015 (CDM 2015)
• The Health and Safety at Work etc. Act 1974
• The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR)
• Any HSE Approved Code of Practice or guidance document
• Insurance policy conditions or requirements

The audit score, compliance indicators, findings reports, and audit packs generated by the Service reflect data entered by you. They are not a legal or regulatory assessment of your actual compliance status. A high audit score, a positive findings report, or a generated audit pack does not mean your organisation is compliant with applicable law, or that you will pass an HSE inspection.

You remain solely responsible for ensuring your organisation meets all applicable legal, regulatory, and contractual obligations. Where in doubt, you should consult a competent health and safety advisor, legal counsel, or the relevant regulatory authority.

You must provide accurate and complete information when creating an account. You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account. You must notify us immediately at hello@siteproof.co.uk if you suspect any unauthorised access or security breach.

Subscriptions are billed monthly in advance. Prices are displayed excluding VAT; VAT is charged at the prevailing UK rate and will appear on your invoice. Payment is processed by Stripe, Inc. By subscribing, you authorise us to charge your payment method on a recurring monthly basis until you cancel.

If a payment fails, we will retry within three days. If payment remains outstanding after ten days, we may suspend access to the Service until the outstanding amount is settled.

We offer a 14-day free trial. No payment method is required during the trial period. At the end of the trial, you may subscribe or your account will be deactivated. Trial data is retained for 30 days after trial expiry, after which it will be deleted.

You may cancel your subscription at any time via Account Settings > Billing > Cancel Subscription. Cancellation takes effect at the end of the current billing period — you will retain access until then. We do not issue refunds for partial months.

You retain full ownership of all data, content, and files you upload or create within the Service (“Your Data”). You grant us a limited, non-exclusive licence to store, process, and display Your Data solely to provide the Service to you.

We retain ownership of the platform, software, user interface, and all intellectual property that constitutes the Service. You may not copy, modify, distribute, create derivative works from, or reverse-engineer any part of the Service.

You agree not to:

• Use the Service for any unlawful purpose or in violation of any applicable regulation
• Upload content that infringes third-party intellectual property rights
• Attempt to gain unauthorised access to any part of the Service or its infrastructure
• Use the Service to transmit malware, viruses, or any harmful code
• Resell, sublicense, or otherwise make the Service available to third parties without our written consent
• Use automated means to scrape or extract data from the Service

SiteProof includes a RIDDOR decision-making tool designed to help identify potentially reportable incidents. This tool applies rule-based criteria derived from HSE guidance. It is provided as guidance only and does not constitute legal or health and safety advice.

You must confirm all RIDDOR reportability determinations against current HSE guidance at hse.gov.uk/riddor or with a competent health and safety advisor. We accept no liability for RIDDOR under-reporting, misclassification, or missed reporting deadlines arising from reliance on the tool.

Nothing in these Terms limits or excludes your obligations under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 or any other applicable health and safety legislation.

This section sets out the data processing terms that apply when we process personal data on your behalf, as required by Article 28 of UK GDPR.

Roles

For personal data you upload or generate through the Service relating to your employees, workers, subcontractors, site visitors, and other third parties (“Customer Personal Data”), your organisation is the data controller and we are the data processor. You determine the purposes for which that data is collected; we process it only to provide the Service to you. For account registration and billing data, we act as data controller in our own right — our Privacy Policy sets out how we handle that data.

Processing instructions

We will only process Customer Personal Data: (a) as necessary to provide the Service under these Terms; (b) as required to comply with our legal obligations; or (c) as you otherwise instruct us in writing. We will inform you promptly if, in our opinion, any instruction infringes applicable data protection law.

Confidentiality

We will ensure that all personnel authorised to process Customer Personal Data are bound by appropriate confidentiality obligations.

Security

We will implement and maintain appropriate technical and organisational measures to protect Customer Personal Data, as described in our Privacy Policy.

Sub-processors

You grant us general authorisation to engage the sub-processors listed in our Privacy Policy. We will notify you at least 30 days before adding or replacing a sub-processor. You may object to a new sub-processor within 14 days of notification; if we cannot accommodate your objection without materially impacting the Service, you may terminate your subscription with a pro-rata refund for unused prepaid period.

Assistance with data subject rights

We will provide reasonable assistance to help you respond to rights requests made by your workers, employees, or subcontractors under UK GDPR (access, rectification, erasure, portability, restriction, objection).

Data breach notification

We will notify you without undue delay — and in any event within 72 hours of becoming aware — of any personal data breach affecting Customer Personal Data, and will provide you with the information reasonably necessary to fulfil your own reporting obligations to the ICO.

Deletion on termination

On termination of your subscription, we will delete Customer Personal Data within 30 days, unless legal obligations require us to retain specific data for longer. You may request an export of your data prior to deletion in accordance with clause 14.

Audit rights

You may, on reasonable prior written notice and at your own cost, request information demonstrating our compliance with this clause, or conduct an audit no more than once per year.

International transfers

Any transfer of Customer Personal Data outside the UK or EEA will be made in accordance with applicable data transfer mechanisms. See our Privacy Policy for details.

The Service relies on the following third-party providers to function:

• Supabase – database and file storage (data stored within the European Union)
• Stripe, Inc. – payment processing
• Vercel, Inc. – application hosting and content delivery
• Render, Inc. – compute infrastructure
• Resend, Inc. – transactional email delivery

We are not responsible for the availability or performance of these services. We select providers who maintain appropriate security and data protection standards.

To the fullest extent permitted by applicable law:

• We exclude all implied warranties, conditions, and representations in relation to the Service
• Our total aggregate liability to you in respect of any losses arising under or in connection with these Terms shall not exceed the total fees paid by you in the 12 months immediately preceding the claim
• We are not liable for any indirect, consequential, incidental, or special loss, loss of profit, loss of revenue, loss of data, or loss of goodwill

Nothing in these Terms excludes or limits liability for fraud or fraudulent misrepresentation, death or personal injury caused by negligence, or any other liability that cannot be excluded or limited by law.

We may update these Terms at any time. Where changes are material, we will notify you by email at least 14 days before they take effect. Continued use of the Service after the effective date of updated Terms constitutes your acceptance of them.

We may modify, suspend, or discontinue features of the Service at any time. We will provide reasonable advance notice before discontinuing any material functionality.

Either party may terminate the agreement by cancelling the subscription in accordance with clause 7. We may suspend or terminate your account immediately if you materially breach these Terms, engage in fraudulent activity, or if we are required to do so by law.

On termination, you may export your data for 30 days. After that period, your data will be permanently deleted from our systems, subject to any legal retention obligations.

These Terms are governed by and construed in accordance with the laws of England and Wales. Both parties submit to the exclusive jurisdiction of the courts of England and Wales to resolve any dispute arising from or in connection with these Terms.

For any questions about these Terms, contact us at hello@siteproof.co.uk.