Privacy Policy
Last updated: 28 June 2026
This Privacy Policy explains what personal data Keystone HSE collects, why, how we use it and what rights you have. It applies to anyone using the service at app.keystonehse.com or visiting keystonehse.com.
1. Who is the data controller
The data controller for personal data processed in connection with the service is Tom Redman, trading as Keystone HSE, a sole trader registered in Jersey. Business address: 9 Grosvenor Terrace, St Helier, Jersey JE2 4QS.
For any privacy-related question or to exercise your rights, contact: privacy@keystonehse.com.
2. What we collect
Account data
When you sign up we collect: your name, work email address, password (stored hashed, not in plain text), the company name you sign up under, and an optional trade descriptor.
Billing data
Payments are processed by Paddle.com Market Limited as Merchant of Record. We do not see or store your card details. We do store a Paddle customer ID, subscription ID, plan, status and billing period dates so that we can manage your subscription. See Paddle’s privacy policy at paddle.com/legal/privacy.
Customer Data (content you upload or generate)
To provide the service we store the content you create or upload, including risk assessments, safe working practices, COSHH data, MSDS files, lifting plans, certificates, project information, and any operative or plant data you choose to enter. This may include personal data about your employees and operatives such as names, certifications, and qualification records.
If you upload personal data about your employees or operatives, you are the controller for that data and we act as your processor. You are responsible for having a lawful basis to collect and share that data with us, and for informing those individuals as required by UK GDPR.
Usage data
We log application events to operate and improve the service: timestamps of RAMS generations, AI feature usage (token counts and feature name — not the prompt content shared externally), IP address of HTTP requests for security and rate-limiting, browser user-agent strings, and standard webserver logs.
3. Why we use it (lawful bases)
- To provide the service — lawful basis: performance of a contract (Article 6(1)(b) UK GDPR).
- To take payment and prevent fraud — lawful basis: performance of a contract and our legitimate interests.
- To send transactional emails (welcome, password reset, trial expiry, billing receipts) — lawful basis: performance of a contract.
- To secure the service (rate-limiting, audit logs, abuse prevention) — lawful basis: our legitimate interests in operating a secure platform.
- To improve the service (aggregate usage metrics) — lawful basis: our legitimate interests. We do not use your Customer Data to train AI models.
- To comply with legal obligations — lawful basis: legal obligation.
4. Who we share data with (sub-processors)
We share data only with the following sub-processors, each of which is contractually bound to protect it:
- Hetzner Online GmbH — hosting infrastructure (servers and database). EU-based (Germany / Finland).
- Paddle.com Market Limited — payment processing as Merchant of Record. UK-based.
- Anthropic PBC — large-language-model API for AI generation, polish, suggest and analyse features. Content sent to Anthropic is processed under their commercial terms and is not used to train their models. US-based.
- Resend, Inc. — transactional email delivery (welcome, password reset, billing receipts). US-based.
- Namecheap Private Email — inbound email for our mail accounts. US/EU-based.
We do not sell personal data and we do not share it with advertising or marketing networks.
5. International transfers
Some sub-processors (Anthropic, Resend) are based in the United States. Where data is transferred outside the UK or EEA, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or other appropriate safeguards as required by UK GDPR.
6. How long we keep data
Active accounts: we keep your account data and Customer Data for as long as your account is active.
Cancelled accounts: after cancellation we retain your data for 90 days so you can re-activate without loss. After 90 days, account data and Customer Data are permanently deleted from our systems and backups.
Billing records: we retain billing records (invoices, payment IDs) for 7 years to comply with statutory accounting requirements. Card numbers are never stored by us — only by Paddle.
Application logs: retained for 30 days, then automatically purged.
You can request earlier deletion (see your rights, below). Some records we are legally required to keep until the statutory retention period has elapsed.
7. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your personal data, subject to retention obligations above;
- Restrict processing while a dispute is being resolved;
- Portability — receive a copy of your Customer Data in a structured, machine-readable format;
- Object to processing based on legitimate interests;
- Withdraw consent where processing is based on consent (e.g. marketing emails — we do not send any without explicit opt-in).
To exercise any of these rights email privacy@keystonehse.com. We will respond within 30 days. If you are not satisfied with our response you have the right to complain to the Jersey Office of the Information Commissioner or, if you are in the UK, the Information Commissioner’s Office (ICO).
8. Cookies and tracking
The marketing site at keystonehse.com uses only strictly necessary cookies (none, currently). The application at app.keystonehse.com uses localStorage to store your authentication token so you stay logged in. We do not use third-party analytics, advertising, or social-media tracking cookies.
9. Security
We protect your data with industry-standard measures: TLS encryption for all traffic, bcrypt-hashed passwords, encrypted-at-rest API keys, per-company database isolation, restricted server access via SSH key only, automatic security updates, rate-limiting on login and AI endpoints, audit logging of administrative actions. No system is perfectly secure; if you become aware of any vulnerability please email privacy@keystonehse.com.
10. Children
The service is for business use only and not intended for users under 18. We do not knowingly collect data from children.
11. Changes to this policy
We will update this policy when our practices change. Material changes will be announced by email or in-app at least 14 days before they take effect.
12. Contact
Email: privacy@keystonehse.com
Postal: Tom Redman, 9 Grosvenor Terrace, St Helier, Jersey JE2 4QS