Privacy Policy
Ictus Flow Ltd
Last updated: December 2025
1. Who We Are
Ictus Flow Ltd ("we", "us", "our") is an AI consultancy helping construction companies work smarter through intelligent automation, bespoke apps, training and advice. We are committed to protecting your privacy and handling your personal data transparently.
Company Details:
- Company Name: Ictus Flow Ltd
- Email: privacy@ictusflow.com
- Website: ictusflow.com
- ICO Registration Number: 00012435532
This policy applies to our website, our applications (including the Ictus construction management app), and our consultancy services.
2. What Information We Collect
Website Visitors
When you visit our website, we may collect:
- Information you provide through contact forms (name, email, company, message)
- Technical information such as IP address, browser type, and pages visited (if analytics are enabled)
Clients & Prospects
When you enquire about or engage our consultancy services, we collect:
- Contact details (name, email, phone number, company name, job title)
- Business information relevant to the services you're interested in
- Correspondence between us
- Billing and payment information (for invoicing purposes)
App Users
If you use our applications (such as the Ictus blocker management app), we collect:
- Account information (name, email, phone number, company, job title)
- Content you create (blockers, comments, project information)
- Photos and documents you upload
- Location data (only if you explicitly enable this feature)
- Usage data (how you interact with the app, for improvement purposes)
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing our services | Account data, usage data | Contract |
| Responding to enquiries | Contact form data | Legitimate interest |
| Billing and invoicing | Billing information | Contract / Legal |
| Improving our services | Usage data, feedback | Legitimate interest |
| Location-based features | GPS coordinates | Consent |
| Marketing (if opted in) | Email address | Consent |
4. Who We Share Your Data With
We use trusted third-party services to help us deliver our services. These service providers ("processors") only process your data on our instructions and are bound by data protection agreements.
| Service | Purpose | Data Location |
|---|---|---|
| Supabase | Database & authentication | UK (London) |
| Vercel | Website & app hosting | UK (London) |
We may also share your data:
- With other users of our apps where necessary for the service (e.g., project team members can see project-related information)
- If required by law or to protect our legal rights
We never sell your personal data to third parties.
5. International Data Transfers
Your data is primarily stored in the United Kingdom. Where we use service providers based outside the UK (such as US-based cloud providers), we ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the UK ICO
- Data Processing Agreements with all processors
- UK/EU data region selection where available
6. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Client contracts & invoices | 7 years after completion (HMRC requirements) |
| App user accounts | Duration of account + 90 days after deletion |
| Contact form enquiries | 2 years or until no longer needed |
| Location data | 6 months |
| Construction evidence (claims) | 12 years (legal limitation period) |
7. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
Right to Access
You can request a copy of all personal data we hold about you. For app users, you can download your data directly from the app settings.
Right to Rectification
If any information we hold about you is inaccurate, you can ask us to correct it. App users can update their profile directly in the app.
Right to Erasure
You can ask us to delete your personal data. App users can delete their account from the app settings. Note: Some data may need to be retained for legal or contractual reasons.
Right to Restrict Processing
You can ask us to limit how we use your data in certain circumstances.
Right to Data Portability
You can request your data in a structured, machine-readable format. App users can export their data as JSON from the app.
Right to Object
You can object to processing based on legitimate interests. We will stop processing unless we have compelling grounds to continue.
Right to Withdraw Consent
Where we process data based on your consent (e.g., location data, marketing), you can withdraw consent at any time. This won't affect the lawfulness of processing before withdrawal.
To exercise any of these rights, contact us at: privacy@ictusflow.com
We will respond to your request within one month.
8. How We Keep Your Data Safe
We take the security of your data seriously and implement appropriate technical and organisational measures:
- Encryption at rest and in transit (TLS 1.2+, AES-256)
- Secure password hashing
- Role-based access controls
- Regular security reviews
- UK-based data storage where possible
9. Cookies
Our website uses essential cookies that are necessary for the website to function. These do not require consent. We also use analytics cookies to understand how visitors use our website. These are only set with your consent, which you can manage using our cookie banner.
10. Children's Privacy
Our services are designed for business use and are not intended for children under 18. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any significant changes by email or through our website. The "Last updated" date at the top of this policy indicates when it was last revised.
12. How to Complain
If you have any concerns about how we handle your personal data, please contact us first and we will do our best to resolve the issue.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator:
- Website: ico.org.uk
- Phone: 0303 123 1113