Back to home

Privacy & Cookie Policy

Last updated: 6 July 2026

This policy explains how Blue Shuck Consulting LTD ("Blue Shuck", "we", "us") collects, uses and protects personal data when you use our web-based takeoff, estimating and billing application (the "Service"). We are committed to handling your data in line with the UK GDPR and the Data Protection Act 2018.

1. Who we are (Data Controller)

Blue Shuck Consulting LTD, 29 Glanville Drive, Houghton Le Spring, DH4 6NZ. Companies House number: 17308746. For any privacy questions or to exercise your rights, contact us at support@blueshuckconsulting.com.

2. The data we collect

  • Account data: your name, email address, company name, and a securely hashed password (we never store your password in plain text).
  • Subscription data: your plan tier, subscription status, renewal dates, and Stripe customer/subscription identifiers. Card details are entered directly with Stripe — we never see or store them.
  • Project & content data: project names, client names and site addresses you enter, blueprint files (PDFs/images) you upload, scale calibrations, takeoff measurements and counts, estimate line items, and progress billing records and notes.
  • Client contact data you provide: email addresses you enter to send an Application for Payment to your own clients.
  • Technical data: log data such as timestamps and error records generated to operate and secure the Service.

3. How and why we use your data

  • To provide and operate the Service, including authenticating you and storing your projects — lawful basis: performance of a contract.
  • To process subscriptions and payments via Stripe — contract.
  • To send transactional emails (welcome, password reset, and the Applications for Payment you choose to send) via our email provider — contract / legitimate interests.
  • To keep the Service secure and prevent fraud or misuse — legitimate interests.
  • To comply with our legal and regulatory obligations — legal obligation.

4. Sharing & sub-processors

We do not sell your data. We share it only with trusted providers who process it on our behalf under appropriate data-processing terms:

  • Stripe — subscription billing and card payments.
  • Zoho — delivery of transactional emails.
  • Cloud hosting, database and object storage providers — to host the application and store your projects and uploaded files.

5. International transfers

Where any provider processes data outside the UK, we rely on appropriate safeguards such as UK adequacy regulations or Standard Contractual Clauses to protect your data.

6. Data retention

We keep your data for as long as your account is active. On termination or account closure you have a 30-day window to export your project histories and estimate/billing registers (CSV/PDF), after which we may permanently purge the records from our storage. Password reset tokens expire within 1 hour. Residual copies in routine backups are deleted on our normal backup cycle.

7. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict or object to processing of your personal data, to data portability, and to withdraw consent where processing relies on it. To exercise any right, email support@blueshuckconsulting.com. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We apply commercially reasonable technical and organisational safeguards, including encryption in transit (HTTPS), hashed passwords, access controls, and single-use, time-limited password reset links.

9. Cookies & tracking technologies

We keep this deliberately minimal. Blue Shuck does not use analytics, advertising, or third-party tracking cookies, and we do not profile you across other websites.

  • Strictly necessary browser storage: we store a secure sign-in token in your browser's local storage to keep you logged in, and a small preference recording that you've acknowledged this cookie notice. These are essential to the Service and cannot be switched off within the app.
  • Third-party checkout: when you pay, Stripe's hosted checkout pages may set their own strictly necessary cookies to process the payment securely. These are governed by Stripe's own privacy and cookie policies.

Because we only use strictly necessary storage, no consent is required for it under UK law — but we show a clear notice so you always know where you stand.

10. Children

The Service is intended for business use by professionals and is not directed at anyone under 18.

11. Changes to this policy

We may update this policy from time to time. Material changes will be reflected here with a revised "last updated" date.

Questions about this policy?

support@blueshuckconsulting.com

Made with Emergent