Privacy Policy

Last Updated: 12 June 2026 · Version 1.1

Overview

SAFETY IN PROCESS LIMITED (company number 15841152), trading as WeldLog("WeldLog", "we", "us", "our"), respects your privacy and is committed to protecting personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. This policy explains how we collect, use, store and protect your personal information when you use the WeldLog quality management platform.

Data Controller

SAFETY IN PROCESS LIMITED, Exchange Building, 66 Church Street, Hartlepool, United Kingdom, TS24 7DN.
Email: [email protected]
Website: https://weldlog.uk

Personal Data We Process

  • Account information: full name, email address, company affiliation and role, authentication credentials (hashed passwords, MFA tokens).
  • Usage data: project and document metadata, audit and activity logs (IP addresses, user agents, actions performed), session information.
  • Payment information: processed by Stripe. We do not store complete card numbers; we retain transaction IDs and payment status for billing.
  • Technical data: browser type and version, device information, connection timestamps, error and diagnostic logs.

How We Use Your Data

  • Service provision (contract performance): provide and maintain WeldLog, enable collaboration, manage authentication and access control, store and retrieve documents.
  • Communication (contract / legitimate interest): service updates, billing notifications, support responses, security alerts.
  • Compliance & security (legal obligation / legitimate interest): maintain audit trails, detect and prevent fraud and security threats, comply with legal obligations.
  • Service improvement (legitimate interest): analyse usage to improve functionality and reliability.

Data Storage & Location

All personal data is stored in Cloudflare's Western Europe (WEUR) region: the D1 database (accounts and metadata), R2 object storage (documents and backups) and KV storage (session data). Your data remains within the EU/EEA and is not transferred to third countries outside it. Daily automated backups are retained for 30 days and encrypted at rest.

Data Retention

  • User account data: duration of account plus 12 months after closure.
  • Audit logs: minimum 12 months (security / compliance requirement).
  • Payment transaction records: 24 months (financial compliance).
  • Document metadata: duration of account plus 12 months.
  • Session data: expires automatically.

Your Data Rights (UK GDPR)

You have the right to access, rectify, erase, restrict and port your data, and to object to processing based on legitimate interests. Where processing is based on consent, you may withdraw it at any time.

To exercise your rights, email [email protected]. We will respond within 30 calendar days. Identity verification may be required.

Data Sharing & Subprocessors

  • Cloudflare, Inc. — infrastructure and hosting (Western Europe). ISO 27001, SOC 2 Type II, GDPR compliant.
  • Stripe, Inc. — payment processing. PCI DSS Level 1, GDPR compliant.
  • Resend, Inc. — transactional email delivery. GDPR compliant.
  • ClamAV (Hetzner, Germany) — file upload virus scanning. EU data residency.

We do not sell, rent or share personal data with third parties for their marketing purposes.

Data Security

We encrypt data in transit (TLS 1.3) and at rest, hash passwords with scrypt, require multi-factor authentication for administrative accounts, and use HttpOnly, Secure, SameSite session cookies. We operate role-based access control, comprehensive audit logging (12+ months), real-time security monitoring and automated malware scanning of all uploads.

Data Breach Notification

In the unlikely event of a personal data breach, we will notify affected users and the relevant supervisory authority as required under UK GDPR Article 33, including the nature of the breach, likely consequences and remediation steps.

Cookies & Tracking

WeldLog uses essential cookies only (session authentication and security / CSRF protection). We do not use analytics, advertising or cross-site tracking cookies.

Children's Privacy

WeldLog is a business-to-business service not intended for individuals under 16. We do not knowingly collect personal data from children.

Supervisory Authority

If you believe we have not handled your personal data appropriately, you may lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk.

Contact Us

For privacy questions or data subject requests, email [email protected] with the subject line "Privacy Request". We aim to respond within 5 business days.

SAFETY IN PROCESS LIMITED, trading as WeldLog. Company number 15841152. Registered office: Exchange Building, 66 Church Street, Hartlepool, United Kingdom, TS24 7DN.