We are committed to handling personal data responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We act as the data controller for personal data processed through DayBrain Volt.
If you have any questions about this policy please contact us at support@daybra.in.
Who This Policy Applies To
This policy applies to:
- Account holders — Admin and team users who register and use DayBrain Volt
- Engineers — individuals whose compliance data is entered into the Platform by a Company Admin or Compliance user
- Visitors — anyone who visits volt.daybra.in or submits a register interest form
- Assessors — third parties who access compliance data via an assessor link
Important for Admins: If you enter personal data about your engineers into DayBrain Volt, you are responsible for ensuring you have a lawful basis to do so and that your engineers are aware their data is being processed. We recommend informing engineers that their compliance data is managed using DayBrain Volt.
Data We Collect
We collect the following categories of personal data:
| Category | Data collected | Source |
|---|---|---|
| Account data | Name, email address, Google account ID | Provided at sign-up via Google Auth |
| Company data | Company name, scheme registrations, subscription tier | Entered by Admin during onboarding |
| Engineer data | Name, email, phone, ECS card details, qualifications, CPD records, calibration certificates, experience history | Entered by Admin or Compliance user |
| Uploaded documents | Certificate files, insurance documents, H&S policies (PDFs and images) | Uploaded by Users |
| Billing data | Subscription tier, billing events. Payment card details are never stored by us. | RevenueCat and Stripe |
| Usage data | Pages visited, features used, timestamps of actions | Automatically via Firebase Analytics |
| Assessor link logs | Access timestamps, files downloaded, IP address of assessor | Automatically when an assessor link is accessed |
| Register interest data | Name, email, company name, engineer count, scheme registration | Submitted via volt.daybra.in/eas form |
How We Use Your Data
We process personal data for the following purposes and under the following lawful bases:
| Purpose | Lawful basis |
|---|---|
| Providing the DayBrain Volt service | Contract performance |
| Processing subscription payments | Contract performance |
| Displaying compliance status and dashboards | Contract performance |
| Generating AI toolbox talks using engineer and job data | Contract performance |
| Sending product update and early access emails (with consent) | Consent |
| Improving the Platform through usage analytics | Legitimate interests |
| Logging assessor link access for audit purposes | Legitimate interests |
| Complying with legal obligations | Legal obligation |
AI Processing
DayBrain Volt uses Anthropic Claude AI to generate toolbox talks, RAM documents and quote content. When you use these features, relevant data (job details, site information, risk factors and where applicable engineer qualification context) is sent to Anthropic's API to generate the output.
Anthropic processes this data as a data processor acting on our instructions. Anthropic's privacy policy is available at anthropic.com/privacy. We do not send engineer personal identifiers (names, ECS card numbers) to the AI — only job and compliance category data relevant to the generation task.
AI-generated content is stored in Firestore under your Company account and is accessible only to your authorised Users.
Data Storage & Security
All DayBrain Volt data is stored in Google Firebase infrastructure, including:
- Firestore — structured data (engineer profiles, qualifications, company documents metadata)
- Firebase Storage — uploaded files (certificates, insurance documents, PDFs)
- Firebase Auth — authentication credentials
Firebase data is hosted in Google data centres subject to Google's security and compliance standards including ISO 27001 and SOC 2. Google's privacy policy applies to the underlying infrastructure.
Access to data within the Platform is controlled by role-based security rules — Engineers can only access their own records, Compliance users can access engineer and company data, and Admins have full access within their Company.
Uploaded files are stored in Firebase Storage with access controlled by Firebase security rules. Assessor link downloads use time-limited signed URLs that expire after one hour.
We never store payment card details. All payment processing is handled by Stripe (PCI DSS compliant) and managed via RevenueCat.
Data Sharing
We do not sell your personal data. We share data only with the following third parties as necessary to provide the service:
| Third party | Purpose | Location |
|---|---|---|
| Google Firebase | Data storage and authentication | EU / UK data centres |
| Anthropic | AI content generation | USA (Standard Contractual Clauses apply) |
| Stripe | Payment processing | EU / UK |
| RevenueCat | Subscription management | USA (Standard Contractual Clauses apply) |
| Assessors (via assessor links) | Compliance data shared at your explicit request | Determined by you |
Where data is transferred outside the UK we ensure appropriate safeguards are in place including Standard Contractual Clauses or equivalent mechanisms.
Assessor Links & Third Party Access
When you generate an assessor link you are choosing to share specific compliance data with a third party (such as a NAPIT or NICEIC assessor). You control:
- Which engineers are included in the link
- Whether company documents are included
- How long the link remains active (7, 14, 30 or 60 days)
We log access events and file downloads via assessor links for audit purposes. This log is accessible to Admin and Compliance users within your Company. We do not share assessor access logs with third parties.
You are responsible for deactivating assessor links once they are no longer required.
Data Retention
We retain your data for as long as your account is active. Specific retention periods:
- Account and company data — retained for the duration of the subscription plus 90 days after cancellation to allow for reactivation
- Engineer profiles and documents — retained for the duration of the subscription
- Billing records — retained for 7 years to comply with financial record-keeping requirements
- Assessor link access logs — retained for 2 years
- Register interest submissions — retained until you unsubscribe or request deletion
On account deletion all Company data including engineer profiles, uploaded documents and compliance records will be permanently deleted within 30 days. Billing records are retained as required by law.
Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data where there is no legitimate reason to retain it.
Right to Restriction
Request that we limit how we process your data in certain circumstances.
Right to Portability
Request your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests, including direct marketing.
Withdraw Consent
Withdraw consent for marketing communications at any time via unsubscribe links.
Right to Complain
Lodge a complaint with the ICO at ico.org.uk if you believe your data has been mishandled.
To exercise any of these rights email support@daybra.in. We will respond within 30 days.
Engineers: If your employer has entered your data into DayBrain Volt and you wish to exercise your rights, contact us directly at support@daybra.in with your name and employer's company name.
Cookies & Analytics
DayBrain Volt uses Google Analytics via Firebase to understand how the Platform is used. This collects anonymised usage data including pages visited, features used and session duration. No personally identifiable information is included in analytics data.
We do not use advertising cookies or third-party tracking cookies. Firebase may set functional cookies necessary for authentication and session management.
By using DayBrain Volt you consent to the use of these functional and analytics cookies.
Children's Data
DayBrain Volt is intended for use by businesses and is not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe a child's data has been submitted please contact us immediately at support@daybra.in.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to the Admin account at least 14 days before taking effect. The current version is always available at volt.daybra.in/privacy.
Contact & Data Controller
For any privacy-related questions, data subject requests or complaints:
Data Controller: Daybrain Digital
164a Southgate Street, Gloucester, GL1 2EX
George M Hancock T/A dayBrain
Email: support@daybra.in
Web: volt.daybra.in
If you are not satisfied with our response you have the right to complain to the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Web: ico.org.uk
Helpline: 0303 123 1113