How we collect, use, and protect your data.
Version 2.0 — Effective: March 2026
Site Gate Check ("the App") is a vehicle gate inspection and compliance management application developed by SiteLine Datum ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the App.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
The data controller responsible for your personal data is:
SiteLine Datum
Email: support@sitegatecheck.co.uk
ICO Registration Number: Pending
The App collects and processes the following categories of personal data in the course of conducting vehicle compliance gate inspections:
Driver information: Driver name, driving licence status and category, driver training status.
Vehicle information: Vehicle registration number (VRN), vehicle make, fuel type, CO₂ emissions, engine capacity, Euro class rating. Vehicle details are retrieved automatically from the DVLA Vehicle Enquiry Service based on the VRN entered by the inspector.
Operator information: Vehicle operator name, FORS accreditation details (ID number, status, expiry).
Compliance data: Vehicle safety compliance checks (mirrors, cameras, underrun guards, audible alerts, VRU signage).
Route data: Origin and destination postcodes, distance travelled, journey carbon emissions, route map images.
Photographs: Images taken during vehicle and driver compliance checks.
NCR details: Nonconformance descriptions, evidence photographs, resolution descriptions, and resolution evidence photographs.
Flagged vehicle data: Vehicle registration numbers flagged due to open nonconformances, flag dates, inspector names, resolution dates, and resolution details.
NCR email addresses: Email addresses configured by project administrators for receiving nonconformance report notifications.
Inspector name, assigned gate, project details (project name, number, postcode, gate locations), company name and logo (if configured).
When deliveries are booked through the Delivery Management System (available with the Pro plan), the following data is collected from the person making the booking:
The following data is generated and stored as part of delivery management operations:
We do not collect personal data about vehicle owners from the DVLA. We do not collect financial or payment information — all purchases are processed by Apple. We do not use analytics, advertising trackers, or third-party SDKs that collect user behaviour data.
We process personal data on the following lawful bases under Article 6 of the UK GDPR:
Legitimate interests (Article 6(1)(f)): Processing inspection data is necessary for the legitimate interests of construction site safety compliance, aligned with the CLOCS (Construction Logistics and Community Safety) standard, and for maintaining an auditable record of vehicle gate inspections as required by site safety management plans.
Legal obligation (Article 6(1)(c)): Certain inspection records may be required to demonstrate compliance with health and safety legislation, including the Health and Safety at Work Act 1974 and CDM Regulations 2015.
Consent (Article 6(1)(a)): Location data is collected only with the user's explicit consent via iOS system permissions.
Contract performance (Article 6(1)(b)): Delivery booking data is processed to fulfil the booking request made by the subcontractor or supplier through the booking portal.
We use the data collected for the following purposes:
The App includes a collaboration feature that allows project administrators to share inspection data with approved gatekeepers on other devices. This works as follows:
Invite-code access: Gatekeepers can only access shared project data after receiving an invite code from the project administrator and having their join request explicitly approved.
Apple CloudKit: Shared inspection data is transmitted and stored via Apple's CloudKit service, which provides encryption in transit and at rest. Data is stored on Apple's servers and is only accessible to authenticated iCloud users who have the App installed and have been approved for the relevant project.
Flagged vehicles: When a nonconformance is raised, the vehicle registration is flagged in CloudKit's public database to enable cross-device alerts within the project. Flag data and resolution records are accessible only to authenticated App users who are members of the relevant project.
No public access: Despite using CloudKit's public database for reliability, inspection records and flagged vehicle data are not publicly accessible via the internet, search engines, or any external API. Access is restricted to authenticated App users who are members of the relevant project.
Administrator control: Project administrators can remove participants from shared projects at any time, revoking their access to future inspection data.
The platform sends automated emails in two contexts: nonconformance (NCR) reporting and delivery management. All emails are sent via Brevo (formerly Sendinblue), a secure email delivery service, from noreply@sitegatecheck.co.uk.
NCR emails: When a nonconformance is raised on a project with a configured NCR email address, the inspection PDF is sent as an attachment to the specified recipients.
Delivery emails: When the Delivery Management System is enabled, automated emails are sent to subcontractors and suppliers for booking confirmations, approval decisions, amendment requests, cancellations, and reschedules. Daily delivery summary emails are sent to site team notification addresses configured by the project administrator.
Email delivery service: NCR emails are sent via Brevo (formerly Sendinblue), a secure email delivery service. Emails are sent from NCR@sitegatecheck.co.uk.
Data processed by Brevo: Recipient email addresses and email content (including the attached PDF inspection report containing inspection data, nonconformance details, and any photographs) are processed by Brevo for the sole purpose of email delivery.
Multiple recipients: Project administrators can configure multiple NCR email addresses (comma-separated). All configured addresses receive the NCR notification.
No marketing use: NCR email addresses are used exclusively for nonconformance report delivery. They are not used for marketing, newsletters, or any other purpose.
Brevo processes this data in accordance with their own privacy policy and GDPR obligations. Brevo Privacy Policy.
The App uses the following third-party services:
For data storage, synchronisation, and multi-device collaboration. Subject to Apple's Privacy Policy.
Vehicle registration numbers are sent to the DVLA API to retrieve vehicle technical data (make, fuel type, CO₂ emissions). No personal driver data is sent to or received from the DVLA. Subject to DVLA's Privacy Notice.
For route calculation and map generation. Postcode data is processed by Apple's mapping services. Subject to Apple's Privacy Policy.
All subscription purchases and payments are processed by Apple through the App Store. We do not receive or store any payment information. Subject to Apple's Privacy Policy.
Used to deliver NCR notification emails and delivery management notification emails. Brevo processes recipient email addresses and email content for the purpose of email delivery only. Subject to Brevo's Privacy Policy.
Delivery management data (bookings, project configuration, and delivery logs) is stored on a MySQL database hosted on Namecheap's shared hosting infrastructure located in the United States. Data is transmitted over HTTPS with TLS encryption. Subject to Namecheap's Privacy Policy.
The booking calendar fetches public bank holiday dates from the UK Government's open data API (gov.uk). No personal data is sent to this service.
We do not sell, rent, or trade personal data to any third parties. We do not use any advertising networks or analytics tracking services.
Local storage: Inspection data is stored locally on your device using Apple's SwiftData framework, protected by iOS device-level encryption.
iCloud Drive: PDF inspection reports are stored in your personal iCloud Drive account, accessible via the Files app. These files are encrypted by Apple in transit and at rest.
CloudKit: Shared inspection records, flagged vehicle data, and flag resolution records are stored in Apple's CloudKit infrastructure with encryption in transit (TLS) and at rest. Apple's data centres comply with ISO 27001 and SOC 2 standards.
NCR emails: NCR notification emails are transmitted via Brevo's secure infrastructure using TLS encryption. Email delivery logs are retained by Brevo in accordance with their data retention policies.
Data location: Data is stored on Apple's servers, which may include data centres within the European Economic Area and internationally, subject to Apple's data processing agreements and standard contractual clauses.
Server-side storage: Delivery management data is stored on a MySQL database hosted by Namecheap (shared hosting, US-based). This includes booking details, project delivery configuration, and booking audit logs. Data is transmitted over HTTPS and the database is password-protected with restricted access.
Inspection data: Inspection data is not stored on our servers. It is stored locally on your device and in your iCloud account via Apple CloudKit.
Inspection data is retained locally on your device for as long as the App is installed and you choose to keep the data.
PDF reports in iCloud Drive remain until you manually delete them.
Shared inspection records in CloudKit are retained for the duration of the project. When a project is deleted by the administrator, associated shared records are removed.
Flagged vehicle records and resolutions are retained in CloudKit for the duration of the project sharing.
NCR email delivery logs are retained by Brevo in accordance with their data retention policies.
Delivery booking data is retained on the server for the duration of the project. When a project is deactivated or deleted by the administrator, associated delivery data may be retained for up to 6 years for audit purposes before being permanently deleted.
Delivery notification email logs are retained by Brevo in accordance with their data retention policies.
We recommend retaining inspection records for a minimum of 6 years in line with standard construction industry audit requirements, unless a longer period is required by your specific contractual or regulatory obligations.
Under the UK GDPR, you have the following rights in relation to your personal data:
To exercise any of these rights, please contact us at support@sitegatecheck.co.uk. We will respond within one month of receiving your request.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
The App is designed for use by construction industry professionals and is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@sitegatecheck.co.uk and we will take steps to delete it.
We may update this Privacy Policy from time to time to reflect changes in the App's functionality or legal requirements. The updated policy will be made available within the App and on our website. We encourage you to review this policy periodically.
This Privacy Policy is governed by the laws of England and Wales. Any disputes will be subject to the exclusive jurisdiction of the courts of England and Wales.
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:
SiteLine Datum
Email: support@sitegatecheck.co.uk
Website: sitegatecheck.co.uk
Site Gate Check Privacy Policy — Version 2.0 — March 2026