1. Data Controller

Bloor Engineering Ltd ("we", "us", "our") is the data controller responsible for your personal data.

Registered Company:
Bloor Engineering Ltd
Company Registration: 14230472 | VAT: 420413746
Unit 10, Donk Hill Farm, Catton, Swadlincote, DE12 8LW, United Kingdom

Contact:
Email: privacy@bloorengineering.com
Phone: 01283 210987
Website: www.bloorengineering.com

2. Personal Data We Collect

2.1 Account Information

What: Email address, name, company name, country, role/job title
Why: To create and manage your account, provide technical support, send service updates
Legal Basis: Contract performance (GDPR Art. 6(1)(b)) and legitimate interests (GDPR Art. 6(1)(f))

2.2 Usage Data

What: Calculator runs, AI assistant queries, saved projects, tool usage patterns, login timestamps
Why: To enforce usage limits per tier, improve our services, provide customer support
Legal Basis: Contract performance (GDPR Art. 6(1)(b)) and legitimate interests (GDPR Art. 6(1)(f))

2.3 Payment Information

What: Stripe customer ID, subscription status, payment history
Why: To process payments and manage subscriptions
Legal Basis: Contract performance (GDPR Art. 6(1)(b))
Note: Credit card details are handled directly by Stripe and never stored on our servers

2.4 Technical Data

What: IP address (anonymized), browser type, device type, page views
Why: To analyze traffic, improve user experience, detect security threats
Legal Basis: Legitimate interests (GDPR Art. 6(1)(f))
Note: We use privacy-focused Plausible Analytics (no cookies, GDPR-compliant by design)

2.5 Communications

What: Contact form enquiries, support emails, newsletter signups
Why: To respond to your queries and send requested updates
Legal Basis: Consent (GDPR Art. 6(1)(a)) for marketing; legitimate interests for support

3. How We Use Your Personal Data

Provide access to engineering tools and reference data
Process payments and manage subscriptions (via Stripe)
Send service updates, security alerts, and account notifications
Provide customer support and respond to enquiries
Improve our platform based on usage patterns
Enforce usage limits (calculator runs, AI queries) per subscription tier
Detect and prevent fraud, abuse, and security threats
Comply with legal obligations (tax, accounting, law enforcement)

4. Who We Share Your Data With

4.1 Service Providers

Stripe (payments) - Stores payment information, processes subscriptions. See Stripe Privacy Policy
Render (hosting) - Cloud hosting provider. See Render Privacy Policy
Plausible Analytics (analytics) - EU-hosted, privacy-focused analytics. No cookies, GDPR-compliant. See Plausible Privacy

4.2 Legal Requirements

We may disclose your data if required by law, court order, or to protect our legal rights.

4.3 Business Transfers

If Bloor Engineering is acquired or merged, your data may be transferred to the new owner (you will be notified).

We do NOT:

Sell your personal data to third parties
Share your data with advertisers
Use your data for automated decision-making or profiling

5. How Long We Keep Your Data

Data Type	Retention Period
Account data	Until account deletion + 30 days backup retention
Usage logs	12 months (for tier enforcement and support)
Payment records	7 years (UK tax law requirement)
Analytics data	26 months (Plausible default)
Support emails	3 years (customer service records)
Marketing consent	Until withdrawn or 3 years of inactivity

6. Your Rights Under GDPR

If you are located in the EU/EEA/UK, you have the following rights:

6.1 Right of Access (Article 15)

Request a copy of all personal data we hold about you.

6.2 Right to Rectification (Article 16)

Correct inaccurate or incomplete data. You can update most data in your account settings.

6.3 Right to Erasure (Article 17)

Request deletion of your account and personal data. Available in account settings or by contacting us.

6.4 Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format (JSON export).

6.5 Right to Object (Article 21)

Object to processing based on legitimate interests (e.g., marketing emails).

6.6 Right to Restrict Processing (Article 18)

Request limitation of data processing in certain circumstances.

6.7 Right to Withdraw Consent (Article 7)

Withdraw consent for marketing communications at any time (unsubscribe link in emails).

To exercise your rights: Email privacy@bloorengineering.com with your request. We will respond within 30 days.

Right to Complain: You can lodge a complaint with the UK Information Commissioner's Office (ICO) or your local EU data protection authority.

7. Cookies and Tracking

We use minimal cookies to provide essential functionality:

7.1 Essential Cookies (No Consent Required)

Session cookie - Keeps you logged in (deleted when you close browser)
CSRF token - Security protection against cross-site attacks
bloor_lang - Remembers your language preference (EN/DE/FR/ES)
bloor_currency - Remembers your currency preference (GBP/EUR/USD)

7.2 Analytics (Plausible)

We use Plausible Analytics, a privacy-focused analytics tool that:

Does NOT use cookies
Does NOT track you across websites
Does NOT collect personal data
Is GDPR-compliant by design (no consent banner required)
Servers located in EU (data sovereignty)

See Plausible's Data Policy for details.

8. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit: All data transmitted using TLS/HTTPS
Encryption at rest: Database encryption on hosting provider
Password security: Passwords hashed using bcrypt (never stored in plain text)
Access controls: Admin access restricted to authorized Bloor Engineering staff
Regular backups: Automated daily backups with 30-day retention
Payment security: PCI-DSS compliant via Stripe (we never handle card details)

Data breach notification: In the unlikely event of a data breach affecting your personal data, we will notify you and the relevant authorities within 72 hours as required by GDPR Article 33.

9. International Data Transfers

Our hosting provider (Render) may process data in the United States. We ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Technical safeguards (encryption, access controls)

10. Children's Privacy

Our platform is intended for professional engineers and businesses. We do not knowingly collect data from individuals under 16 years old. If you believe a child has provided us with personal data, please contact us immediately.

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will:

Update the "Last updated" date at the top of this page
Notify you by email if changes are material
Provide 30 days notice before significant changes take effect

12. Contact Us

For any questions about this privacy policy or our data practices:

Data Protection Enquiries:
Email: privacy@bloorengineering.com
Subject line: "GDPR Data Request" or "Privacy Enquiry"

General Enquiries:
Email: info@bloorengineering.com
Website: Contact Form

Your privacy matters to us. We are committed to protecting your personal data and respecting your rights under GDPR. If you have any concerns, please don't hesitate to contact us.

Privacy Policy