Privacy Policy
Effective date: 24 May 2026
This Privacy Policy explains how RS Buildcon (“we”, “us”, “our”) collects, uses, stores, and shares information when you use the RS Buildcon Site Inspection mobile application (the “App”) and the related backend services (collectively, the “Service”). The App is published on the Apple App Store and Google Play under the package identifier com.rsbuildcon.siteinspectionapp.
The App is provided primarily to employees, site engineers, managers, accountants, and authorised contractors of RS Buildcon and partner construction organisations who use the Service to manage construction site operations. By installing or using the App, you agree to the practices described below.
If you do not agree with this policy, please do not use the App.
1. Who we are and how to contact us
| Data Controller | RS Buildcon |
| Location | Gujarat, India |
| rsbuildcon7272@gmail.com · developer.nhjoshi@gmail.com |
For any question about this policy, to exercise your rights, or to request deletion of your data, write to either of our email addresses, rsbuildcon7272@gmail.com or developer.nhjoshi@gmail.com, with the subject line “Privacy Request”.
2. The information we collect
We only collect the information that is necessary to operate the App and run construction site workflows. We do not sell personal information and we do not show advertising in the App.
2.1 Information you provide directly
When an administrator registers you, or when you sign in for the first time, we collect:
- Identity information: your name, email address, mobile phone number, role (Admin, Manager, Site Engineer, Accountant, Member).
- Organisation membership: the organisation(s) and project(s) you are assigned to.
- Profile photo / avatar (optional, if you upload one).
- Authentication credentials: handled by Google Firebase Authentication. We never see or store your password.
When you use the App day-to-day, you may also submit:
- Material requests, receipts, vendor bills, payments, and other operational records.
- Daily site reports, manpower entries, attendance entries, hire and return entries, stock transfers, expense entries.
- Comments and notes you add to records or photos.
2.2 Information collected automatically when you use the App
- Location data (GPS coordinates and accuracy): captured only at the moment you tap Check In or Check Out for attendance, or when you record certain on-site actions. The App does not track your location continuously and does not run a background location service. If GPS accuracy is poor (worse than 100 metres), the App refuses the check-in.
- Selfie photo at check-in: captured by your device camera at the moment of check-in, as proof of presence.
- Photos you choose to upload: delivery challans, site progress photos, payment receipts, vendor invoices, attendance selfies, expense proofs, hire return documentation.
- Device information: device model, operating system version, app version, language, time zone. Collected by our crash-reporting and analytics provider to help us diagnose crashes and improve the App.
- Push notification token: issued by our push-notification provider so we can deliver notifications about request approvals, deliveries, payments, and other workflow events.
- Session and audit information: when you sign in, IP address, approximate device information, and timestamps; every create / update / delete action you perform is recorded in an immutable audit log together with your user ID and the time of the change.
- Product analytics events: anonymised or pseudonymised events about feature usage (for example, “material request approved”, “report published”) recorded by our product-analytics provider. We do not record the contents of your free-text fields.
2.3 Information we do not collect
- We do not collect your contacts, SMS, call logs, or browsing history.
- We do not access your photo library other than the images you explicitly pick when uploading.
- We do not track your location in the background or when the App is closed.
- We do not use third-party advertising SDKs.
- We do not profile users or apply automated decision-making that produces legal effects.
3. Why we use this information (purpose & legal basis)
We process the categories of data above only for the purposes below. The legal basis is performance of a contract with your employer (the organisation that gave you access) and our legitimate interest in running a secure, reliable construction-management service.
| Purpose | Data used |
|---|---|
| Authenticate you and let you sign in | Email / phone, Firebase Auth credentials, session metadata |
| Verify attendance at the correct site | GPS coordinates, selfie photo, project GPS reference |
| Record material, billing, payment, hire, and report workflows | Operational records you create and the photos you attach |
| Send push notifications about events that need your attention | FCM device token, role assignments, your notification preferences |
| Generate reports, exports, and dashboards for your organisation | Operational records, attendance, expense, billing data |
| Maintain an audit trail for compliance and dispute resolution | Audit log entries (who, when, what changed) |
| Diagnose crashes and improve product quality | Crashlytics reports, anonymised analytics events |
| Protect the Service from abuse | IP address, rate-limit and session data |
We will not use your personal data for any new purpose without first updating this policy and, where required by law, asking for your consent.
4. How information is stored and protected
We rely on a small number of established cloud service providers to run the Service. The relevant categories, and the providers’ own privacy policies, are:
- Application hosting, databases, and file storage are provided by Cloudflare. See the Cloudflare Privacy Policy.
- Authentication, push notifications, crash reports, and basic usage analytics are provided by Google Firebase. See Privacy and Security in Firebase and the Google Privacy Policy.
- Product analytics are provided by PostHog. See the PostHog Privacy Policy.
Other security measures:
- All traffic between the App and our backend uses HTTPS / TLS.
- Passwords are never stored by RS Buildcon, they are handled by our authentication provider.
- Each organisation’s data is logically isolated from every other organisation’s data.
- Role-based access control restricts who can view or change data inside an organisation. Site Engineers only see projects they are assigned to. Field staff cannot view financial data unless their role explicitly allows it.
- Write operations are recorded in an immutable audit log.
- Published daily reports and recorded vendor payments are locked from later edits.
No system is perfectly secure, but we follow industry-standard practices and continuously work to harden the Service.
5. Sharing of information
We share personal data only with the following categories of recipients:
- Other authorised users in your organisation: your name, role, photo, attendance entries, and the records you create are visible to colleagues in your organisation according to their role.
- Service providers that operate the platform on our behalf:
- Cloudflare, Inc.: application hosting, content delivery, and storage. Privacy Policy.
- Google LLC (Firebase): authentication, push notifications, crash reporting, and usage analytics. Privacy and Security in Firebase · Google Privacy Policy.
- PostHog Inc.: product analytics. Privacy Policy.
- Authorities, regulators, or courts: when we are required by applicable law, court order, or government regulation, or to protect our rights and the safety of users.
We do not sell or rent personal data. We do not share data with advertising networks or data brokers.
6. International data transfers
Our service providers are global companies and your data may be processed on servers located outside India, including in the United States and the European Union. Where data is transferred outside your country, we rely on the service providers’ own safeguards (standard contractual clauses, data processing addenda, and applicable certifications) to protect the data.
7. How long we keep your data
- Active operational data (projects, attendance, materials, bills, payments, reports, photos) is retained for as long as the organisation that owns it remains a customer.
- Audit log entries are retained for the lifetime of the organisation’s account so disputes can be traced.
- Authentication identifiers (Firebase UID, email, phone) are retained while you remain a registered user of any organisation.
- When an organisation stops using the Service, its data is retained for up to 90 days to allow recovery, after which it is deleted from our active systems. Backups may persist for a short additional period before being overwritten.
- When you personally are removed from all organisations and request account deletion, your profile is anonymised within 30 days of the verified request. Operational records you previously authored remain in the relevant organisation’s history with your name replaced by “Removed user”, so the organisation’s audit trail stays intact.
8. Your rights and choices
Depending on where you live, you may have the following rights:
- Access: request a copy of the personal data we hold about you.
- Correction: ask us to correct inaccurate or incomplete data.
- Deletion: ask us to delete your account and associated personal data. See the Data Deletion page for the self-serve process.
- Restriction or objection: ask us to restrict, or object to, certain processing.
- Portability: request your data in a structured, machine-readable format.
- Withdraw consent: where processing is based on consent, withdraw it at any time.
- Complain: lodge a complaint with the data protection authority in your country.
To exercise any of these rights, email rsbuildcon7272@gmail.com or developer.nhjoshi@gmail.com. We will verify your identity through your registered email or phone number and respond within 30 days.
Controlling specific permissions on your device
- Location: you can revoke location permission at any time in your device settings. Without location permission, attendance check-in / check-out will not work, but you can still use the rest of the App.
- Camera and Photos: you can revoke these permissions at any time. Without them, you will not be able to upload selfies, challan photos, or progress photos.
- Notifications: you can disable push notifications in your device settings or per-event-type inside the App’s notification preferences.
9. Children’s privacy
The App is intended for use by adult professionals working in the construction industry. It is not directed at children under the age of 18, and we do not knowingly collect personal information from children. If you believe a child has been registered on the App, contact us and we will remove the account.
10. Changes to this policy
We may update this Privacy Policy from time to time. The “Effective date” at the top reflects the latest revision. If we make material changes, we will notify you through the App, by email, or both, before the changes take effect. Continued use of the App after a change indicates acceptance of the updated policy.
11. Contact
If you have any question, concern, or request relating to this policy, please contact:
RS Buildcon, Privacy Office Email: rsbuildcon7272@gmail.com or developer.nhjoshi@gmail.com Address available on request at either email above.