For SurvSync Web, SurvSync Mobile, SurvSync Vault, and Datum Portal — Effective date: 26 April 2026 — Last updated: 26 April 2026
This Privacy Policy explains how SurvTech Ltd, trading as SurvSync, collects, uses, stores, shares, and protects personal data in connection with the SurvSync platform.
This Privacy Policy explains how SurvTech Ltd, trading as SurvSync ("SurvSync", "we", "us", or "our"), collects, uses, stores, shares, and protects personal data in connection with the SurvSync platform.
For the purposes of this Policy, the "Platform" includes SurvSync Web, SurvSync Mobile, SurvSync Vault, Datum Portal, and related support, storage, authentication, communication, and payment features.
This Policy applies to Surveyor users, administrators, staff users, clients accessing Datum Portal, and other individuals whose personal data is processed through or in relation to the Platform.
SurvSync is provided by SurvTech Ltd, trading as SurvSync.
Registered address: 60 Tottenham Court Road, Office 1149, Fitzrovia, London W1T 2EW
Email: admin@survsync.com
Company number: 10742890
SurvSync may act in different data protection roles depending on the relevant processing activity.
In relation to account data, authentication data, session data, support records, platform security, fraud-prevention, diagnostics, billing records, and operational audit records, SurvSync acts as a controller.
In relation to instruction-related client data, inspection data, report data, notes, images, voice notes, drawings, documents, and other business records that Surveyors enter into the Platform, SurvSync generally acts as a processor on behalf of the relevant Surveyor or surveying business, who remains the controller for that data. This processing is carried out under the terms of our Data Processing Agreement with the relevant Surveyor.
Surveyors and subscribing organisations are responsible for ensuring they have an appropriate lawful basis, privacy notice, and authority to input client and third-party information into the Platform.
We may collect and process the following categories of personal data:
We collect personal data directly from users, clients, and administrators when accounts are created, used, or managed through the Platform.
We collect data when inspection content, documents, media, notes, payment details, or archive records are uploaded, generated, synchronised, or accessed.
We collect technical and security information automatically through operation of the Platform, including through authentication, session management, payment integrations, and service logs.
We may receive information from Surveyor businesses, subscribing organisations, connected service providers, payment providers, hosting providers, storage providers, and support interactions.
We use personal data to provide, operate, secure, and improve the Platform. This includes user authentication, account management, note and media capture, inspection workflow, document handling, signature workflows, archive access through Vault, client-facing actions through Datum Portal, payment processing support, billing, fraud prevention, dispute handling, customer support, legal compliance, audit, and business administration.
We may also use personal data to investigate misuse, abuse, security incidents, service disruption, disputes, and chargebacks.
SurvSync Web may be used to manage instructions, records, documents, users, payment settings, and business workflows.
SurvSync Mobile may be used to create inspections, capture notes, add images, record voice notes, and create drawings or annotations. Mobile-generated data may be synchronised to other parts of the Platform.
SurvSync Vault is a read-only archive access service intended to support longer-term access to records and documents.
Datum Portal is a client-facing service used in connection with instructions created by Surveyors, including document access, signature requests, status updates, and payment requests.
The mobile application may request access to device features including the camera, microphone, photos or media library, local files, and local device storage. These permissions are used only to support inspection-related functions such as capturing images, recording voice notes, uploading files, and temporarily storing work in progress or service data needed for operation.
If permissions are denied, some app features may not work correctly.
The web application may use cookies and similar technologies needed for login, authentication, session continuity, security, and service operation.
The mobile application may use device- or app-based storage and access technologies needed for authentication, service continuity, offline or temporary storage, and related operational purposes.
Datum Portal uses essential session and security technologies required for login, authentication, and request protection.
Where payment services are provided through Stripe, payment pages may load Stripe services or JavaScript libraries. Stripe may collect personal data and use cookies or similar technologies in connection with payment processing, fraud prevention, authentication, and the operation of its services, subject to Stripe's own privacy and cookie practices.
Where payment functionality is enabled, SurvSync supports payment workflows using Stripe Connect or other supported payment services.
SurvSync does not generally receive or store full payment card details. Instead, payment processors provide transaction identifiers, status information, and related metadata needed for operation, billing, compliance, and dispute handling.
We process payment, refund, dispute, and chargeback information for transaction administration, accounting, fraud prevention, support, legal compliance, and recovery of sums owed under applicable terms.
Where a payment is disputed or charged back, SurvSync may process associated records, evidence, communications, and supporting documents in order to investigate the matter, comply with payment-provider requirements, and seek recovery where contractually authorised.
Depending on the circumstances, we rely on one or more of the following lawful bases under applicable data protection law: performance of a contract, legitimate interests, and legal obligation.
Our legitimate interests may include operating the Platform, protecting users and clients, securing systems, preventing fraud, administering payments, handling disputes, improving services, and maintaining appropriate business records.
We do not sell personal data.
We may share personal data with Surveyors, subscribing organisations, authorised users, and clients where necessary to provide the Platform and related services.
We may share personal data with trusted third-party providers who support hosting, cloud storage, authentication, payment processing, communications, PDF generation, archive access, infrastructure, and support.
We may disclose personal data to professional advisers, insurers, auditors, regulators, courts, law enforcement, or public authorities where required by law or where reasonably necessary to establish, exercise, or defend legal claims.
We may share personal data in connection with a merger, acquisition, financing, restructure, or sale of assets, subject to appropriate protections.
Some service providers used in connection with the Platform process personal data within the European Economic Area (EEA). Transfers to EEA-based processors (including our hosting and storage providers) are made in reliance on the UK's adequacy regulations covering EEA countries.
Our payment processing provider (Stripe) may process personal data in the United States. Stripe is certified under the UK Extension to the EU-US Data Privacy Framework, and transfers to Stripe in the US are made in reliance on the UK-US Data Bridge (the UK's adequacy regulations for that framework). Where required, transfers may additionally be made under a UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.
We use technical and organisational measures designed to protect personal data processed through the Platform. These measures may include authentication controls, session controls, access controls, encryption in transit, cloud security controls, logging, monitoring, rate limiting, audit records, and other operational safeguards appropriate to the nature of the service.
We record IP address, user agent, session activity, and related technical information for security, fraud prevention, authentication, abuse prevention, and audit purposes where appropriate.
No system can be guaranteed completely secure, and users remain responsible for protecting their credentials and using the Platform securely.
Authorised SurvSync personnel may access personal data where reasonably necessary for support, security, compliance, system administration, audit, dispute handling, fraud prevention, or legal purposes. Such access is restricted to appropriate personnel and may be logged or monitored in accordance with our internal security and governance practices.
We retain personal data only for as long as reasonably necessary for the purposes for which it was collected and processed, including to provide the Platform, maintain records, support archive access through Vault, comply with legal and accounting obligations, resolve disputes, enforce agreements, and protect the security and integrity of the Platform.
We may delete, anonymise, aggregate, or securely isolate data that is no longer required.
Depending on the circumstances, individuals may have rights to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent where consent applies. These rights may be subject to legal, contractual, evidential, security, or operational limitations.
If SurvSync acts as processor for the relevant data, we may direct the request to the relevant Surveyor or organisation or assist them in responding.
To exercise your rights, contact us at admin@survsync.com.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: ico.org.uk/make-a-complaint or by calling 0303 123 1113.
We may send service and administrative communications relating to account setup, login, password changes, security notifications, support matters, payment and dispute administration, platform availability, document actions, and important operational updates. These communications are part of providing the Platform and are not treated as marketing merely because they relate to service use.
We do not send marketing communications to Datum Portal clients without an appropriate basis to do so.
We may update this Privacy Policy from time to time to reflect changes in our services, technologies, business practices, or legal requirements. The latest version will be made available through the Platform or otherwise communicated where appropriate.
If you have questions about this Privacy Policy or wish to exercise your rights, please contact:
SurvTech Ltd (trading as SurvSync)
Registered address: 60 Tottenham Court Road, Office 1149, Fitzrovia, London W1T 2EW
Email: admin@survsync.com
Company number: 10742890
