Skip to main content
Field ForgeBack to website
Privacy PolicyTerms of ServiceCookie PolicyAcceptable Use PolicyData Processing AgreementSoftware Licence Agreement

Privacy Policy

Last updated: 31 March 2026

This Privacy Policy explains how Field Forge Limited ("we", "us", "our"), a company registered in Northern Ireland (company number NI715154) with its registered office at Office 1739, 92 Castle Street, Belfast, BT1 1HE, collects, uses, stores, and protects your personal data when you use the Field Forge platform and related services (the "Service").

We are the data controller for the personal data we collect about you. If you have questions about this policy or your personal data, please contact us at contact@fieldforge.io.

1. Information We Collect

1.1 Account Information

When you register for Field Forge, we collect:

  • Your name and email address
  • Company name
  • Password (stored securely via Firebase Authentication — we never have access to your plain-text password)
  • Google account data if you sign in with Google (name, email, profile photo)

1.2 Business Data You Provide

Through your use of the Service, you may input:

  • Client & contact data: names, email addresses, phone numbers, billing addresses, account references
  • Site data: addresses, GPS coordinates, access instructions
  • Staff data: names, email addresses, roles, trades, hourly cost rates
  • Supplier & subcontractor data: names, contact details, payment terms
  • Job & quote data: descriptions, scheduled dates, labour items, material items, costs, photos, notes, time entries
  • Financial data: invoices, payment records, VAT information
  • Contracts & forms: maintenance contracts, custom form submissions
  • Asset data: equipment details, inspection records, barcode/QR references

1.3 Data Processed by AI Features

When you use our AI-powered quoting feature, the job descriptions and related details you provide are sent to third-party AI services (Google Gemini and/or OpenAI) for processing. These services process your data solely to generate quote suggestions and do not use your data to train their models. See Section 5 for more details.

1.4 Payment Information

Subscription payments are processed by Stripe. We do not store your full credit/debit card details. Stripe collects and processes your payment information in accordance with their own privacy policy. We receive limited information from Stripe such as the last four digits of your card, card type, and billing address.

1.5 Technical & Device Data

We automatically collect:

  • IP address and approximate location
  • Browser type and version
  • Device type and operating system
  • Firebase App Check tokens (via reCAPTCHA v3) to protect against automated abuse
  • Usage data including pages visited and features used
  • Error logs and performance data

1.6 Activity & Audit Data

We maintain an audit trail of actions performed within your account, including timestamps, user identifiers, and the nature of each action (e.g., creating a job, updating an invoice, deleting a record).

2. How We Use Your Information

We use the information we collect for the following purposes:

PurposeLegal Basis (UK GDPR)
Providing and operating the ServicePerformance of contract (Article 6(1)(b))
Processing subscription paymentsPerformance of contract (Article 6(1)(b))
AI-powered quote generationPerformance of contract (Article 6(1)(b))
Sending service-related emails (e.g., invoice notifications, password resets)Performance of contract (Article 6(1)(b))
Maintaining security and preventing fraud (App Check, reCAPTCHA)Legitimate interest (Article 6(1)(f))
Maintaining audit trails and activity logsLegitimate interest (Article 6(1)(f))
Improving and developing the ServiceLegitimate interest (Article 6(1)(f))
Complying with legal obligations (e.g., tax records)Legal obligation (Article 6(1)(c))
Marketing communications (only with your explicit consent)Consent (Article 6(1)(a))

3. How We Share Your Information

We do not sell your personal data. We share data only with the following categories of recipients:

3.1 Service Providers (Sub-processors)

ProviderPurposeLocation
Google Cloud / FirebaseHosting, database, authentication, file storage, serverless functionsEU / US
StripePayment processing and subscription managementUS (with EU infrastructure)
Google (Gemini AI)AI-powered quote generationUS
OpenAIAI-powered quote generation (fallback)US

3.2 Customer Portal

If you use the Customer Portal feature, limited job, quote, and invoice information may be shared with your clients through the portal interface. You control what data is made available through the portal.

3.3 Legal Requirements

We may disclose your data if required by law, regulation, or legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

4. International Data Transfers

Some of our service providers are based in or operate from the United States. When your data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO)
  • The UK International Data Transfer Agreement (IDTA) where applicable
  • Adequacy decisions where available

Google, Stripe, and OpenAI each maintain data protection agreements that include these safeguards.

5. AI Data Processing

Our AI-powered quoting feature sends job descriptions and related details to Google Gemini and/or OpenAI for processing. Important points:

  • Data is sent only when you actively use the AI quoting feature
  • We send only the minimum data necessary to generate a quote (job descriptions, item details)
  • Neither Google Gemini nor OpenAI use your data to train their general models when accessed via their API services
  • AI-generated quotes are suggestions only — you retain full control to review, edit, and approve all output
  • We do not send personally identifiable information about your clients to AI services unless it is part of a job description you provide

6. Data Retention

We retain your data as follows:

  • Active account data: retained for the duration of your subscription
  • Soft-deleted records: retained in the recycle bin for 90 days before permanent deletion
  • Audit logs: retained for 2 years from creation
  • Financial records: retained for 7 years as required by HMRC
  • Account data after cancellation: retained for 30 days to allow reactivation, then permanently deleted within 90 days
  • Backup data: removed from backups within 90 days of deletion from production systems

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your personal data (subject to legal retention requirements)
  • Right to restrict processing: request that we limit how we use your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time
  • Rights related to automated decision-making: we do not make any solely automated decisions that have legal or similarly significant effects on you. AI-generated quotes are always subject to human review.

To exercise any of these rights, please contact us at contact@fieldforge.io. We will respond within one month.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest (AES-256 via Google Cloud)
  • Firebase Authentication with secure password hashing
  • Role-based access controls within the application
  • Firebase App Check with reCAPTCHA v3 to prevent automated abuse
  • Firestore Security Rules enforcing company-level data isolation
  • Regular security reviews and updates
  • Subscription-gated write access to prevent unauthorised data modification

9. Cookies

We use cookies and similar technologies to operate the Service. For full details, please see our Cookie Policy.

10. Children's Data

Field Forge is a business-to-business service designed for contractors and trade professionals. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice within the Service. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

12. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

13. Contact Us

For any questions about this Privacy Policy or your personal data:

  • Field Forge Limited
  • Office 1739, 92 Castle Street, Belfast, BT1 1HE, Northern Ireland
  • Company Number: NI715154
  • Email: contact@fieldforge.io

Cookie Preferences

We use essential cookies to make Field Forge work. With your consent we'll also load analytics cookies to understand how the product is used. You can reject analytics without losing any core functionality. For details see our Cookie Policy.