CURCLEBY HERRIDGE
Privacy Policy

How we handle personal data

How Curcle collects and uses personal data in connection with the Curcle web application and mobile app.

Version 1.1Last updated: 28 June 2026

This Privacy Policy explains how Curcle Ltd (company number 17260381), a company registered in England & Wales and a wholly-owned subsidiary of Herridge Ventures (“Curcle”, “we”, “us”), collects and uses personal data in connection with the Curcle field-service management platform, comprising the Curcle web application and the Curcle mobile app (the “Service”). For the personal data of our own account holders we act as a data controller under the UK GDPR and the Data Protection Act 2018. Where we process personal data within a customer’s business records on that customer’s behalf, we act as a processor, and that processing is governed by our Data Processing Agreement.

1. Who we are

Curcle Ltd, Crown Chambers, 7 Market Place, Melksham, SN12 6ES, United Kingdom. Email: support@curcle.co.uk. Telephone: +44 7860 503886.

2. Who the Service is for

The Service is a private business tool used by the staff, approved sub-contractors and customer-portal users of businesses that subscribe to Curcle. It is not intended for general public use and requires an account to access any functional area.

3. What we collect

  • Account information: name, email address, telephone number, role, employer, and profile photo (if uploaded).
  • Job & compliance data: jobs assigned to you, site addresses you attend, test results, certificates, timesheets, signatures, notes, photos and documents you capture.
  • Location: precise GPS coordinates only at the moments you check in to or out of a job, and during lone-worker shifts you have opted into. We do not background-track location.
  • Device & session information: IP address, browser / device type, session cookies, and last-active timestamp.
  • Audit logs: records of security-relevant actions (logins, permission changes, deletions) for compliance.

4. Why we process it (lawful basis)

  • Contract: to provide the Service to our subscribers, their staff, sub-contractors and customers.
  • Legitimate interests: securing the platform, preventing fraud, and producing management reports.
  • Legal obligation: retaining safety certificates and financial records for the periods required by UK law.
  • Consent: for optional features such as lone-worker check-ins, which you can withdraw at any time.

5. Who we share it with

We do not sell your data and we do not share it with third-party advertisers. We use a small number of trusted processors to run the Service:

  • Replit, Inc. — application hosting and managed database.
  • Google Cloud Storage (via Replit) — encrypted file storage.
  • Stripe — subscription payment processing.
  • Resend — outbound transactional email.
  • Google Maps — optional in-app map view.
  • Microsoft Clarity — optional, consent-based website analytics on our marketing site only.
  • AI service providers — used only to power optional AI-assisted features when you enable them. The current list of AI sub-processors is available on request.

Customer-facing certificates and invoices are shared with the customer they relate to. Where required, data may be shared with accountants, auditors or regulators. Some of these processors are located outside the UK; where data is transferred internationally we rely on appropriate safeguards such as the UK International Data Transfer Agreement or equivalent mechanisms.

6. AI-assisted features

Some parts of the Service offer optional AI-assisted features — for example to help draft summaries, quotes, observations and risk narratives, to extract information from documents or service sheets you upload, to suggest scheduling, or to help triage messages. These features are only active where they are enabled.

  • Where you use an AI-assisted feature, the relevant data may be sent to selected AI service providers acting as our sub-processors, only to the extent needed to provide that feature.
  • AI outputs are drafts and suggestions that require human review. Where you confirm or save an AI-generated output, it may be stored in the relevant record and in our audit logs.
  • We do not use your data to train third-party foundation models, unless this is explicitly stated and agreed with you.
  • You can contact us at support@curcle.co.uk for details of our AI processing and the AI sub-processors we use.

7. How long we keep it

  • Active account data — for the life of your account.
  • Job and certificate records — a minimum of 6 years where required by law.
  • Audit logs — configurable, with a default of 365 days.
  • Anonymised analytics — retained indefinitely as they no longer identify you.

8. Your rights

You have the right to access, correct, export or delete your personal data, to restrict or object to processing, and to lodge a complaint with the UK Information Commissioner’s Office (ICO). Logged-in users can export or request deletion of their data from the in-app Privacy & GDPR page. Otherwise, please email support@curcle.co.uk.

9. Security

All traffic is encrypted in transit over TLS. Passwords are hashed with bcrypt. Sessions expire after 30 minutes of inactivity. Role-based access controls limit who can see what, and all security-relevant actions are written to an audit log.

10. Children

The Service is not intended for, and is not knowingly used by, anyone under 16.

11. Changes to this policy

We will update this policy if the way we handle personal data changes. Material changes will be notified inside the app.

12. Contact

Questions about this policy or about your personal data should be directed to support@curcle.co.uk.

Related documents

Cookie PolicyTerms & ConditionsData Processing Agreement