KitBase Ltd is the data controller for personal data processed through the KitBase platform. Registered address: England and Wales. Contact: privacy@kitbase.co.uk
We collect: account information (name, email, role); asset data (equipment details, serial numbers, inspection records); usage data (scan events, timestamps, GPS coordinates where consented); uploaded documents (certificates, photographs, signatures); and technical data (IP addresses, device information for security purposes).
We process personal data under: legitimate interests (providing the compliance management service); contractual necessity (fulfilling service agreements); legal obligation (maintaining statutory examination records as required by UK law); and consent (GPS location data, email notifications).
All data is stored in the United Kingdom using Supabase infrastructure in the London (eu-west-2) AWS region. Data is encrypted at rest using AES-256 and in transit using TLS 1.3. Access is controlled via Row Level Security policies ensuring organisation-level data isolation.
Asset and compliance data is retained for the duration of the service agreement plus 7 years (in line with UK statutory record-keeping requirements). Account data is deleted within 30 days of account closure upon request.
Under UK GDPR you have the right to: access your personal data; rectify inaccurate data; erase data (subject to legal retention requirements); restrict processing; data portability; and object to processing. To exercise these rights contact privacy@kitbase.co.uk
We use: Supabase (database and storage hosting, UK region); Resend (transactional email delivery); Mapbox (map rendering, no personal data shared). We do not sell personal data to third parties.
We use essential cookies only for authentication session management. No tracking or advertising cookies are used.