1. Who We Are
SiteFlow is a schedule risk analysis tool operated by Polsia. We help construction professionals identify conflicts and sequencing issues in project schedules.
For data-related queries, contact us at: siteflow@polsia.app
2. What Personal Data We Collect
We collect personal data in two ways:
A. Via the Feedback Form
When you submit feedback through SiteFlow, we collect:
- Company name — to understand which organisations use SiteFlow
- Job role — to understand who our users are (e.g. site manager, QS, contractor)
- Email address — only if you choose to provide it; used to follow up on your feedback or respond to questions
- Free-text responses — your answers to feedback questions about SiteFlow's usefulness, pain points, and willingness to pay
B. Via Automatic Technical Logging
When you use SiteFlow, our servers automatically record:
- IP address — for security, bot filtering, and approximate location (country/region level)
- Browser and device information (user agent) — to understand which browsers our users use
- Pages visited and timestamps — to understand how users navigate the product
- Referrer URL — the page you came from, if any
- Schedule files you upload — CSV files processed by the risk engine; these are analysed in memory and not stored permanently (analysis results are saved, not the raw file)
3. How We Use Your Data
- Product development — feedback responses help us understand what features to build and which pain points to solve
- Follow-up communication — if you provide your email, we may contact you to discuss your feedback or share product updates
- Analytics — page view data helps us understand usage patterns, popular features, and where users drop off
- Security and reliability — IP addresses and user agents are used to detect and filter automated bot traffic
We do not use your data for advertising, sell it to third parties, or use it for any automated decision-making that affects you legally.
4. How We Store Your Data
All data is stored in a PostgreSQL database hosted on Neon and served via Render. Both providers are US-based services.
If you are in the UK or European Economic Area, this means your personal data may be transferred to and processed in the United States. We rely on Neon's and Render's standard data processing agreements for these transfers. Both providers are GDPR-compliant.
Data is protected using standard security practices: encrypted connections (TLS), access controls, and no public exposure of the raw database.
5. Data Retention
- Feedback submissions — retained until you request deletion, or until SiteFlow is discontinued
- Analytics events (page views, button clicks) — retained for up to 90 days, then automatically deleted
- Schedule analysis results — retained for up to 30 days to allow you to retrieve past analyses; raw uploaded files are not stored
- Visitor ID (polsia_vid in localStorage) — stored locally on your device; cleared when you clear browser storage
6. Cookies and Local Storage
SiteFlow does not set any HTTP cookies. We use browser localStorage for the following purposes:
| Name |
Type |
Purpose |
Duration |
Category |
siteflow_consent |
localStorage |
Stores your cookie consent preference (accepted or essential-only) |
Until cleared |
Essential |
polsia_vid |
localStorage |
A randomly generated visitor ID used to count unique visitors via the Polsia analytics beacon. Only set if you accept analytics cookies. |
Until cleared |
Analytics |
Analytics beacon: If you accept analytics, a request is sent to polsia.com with your visitor ID and the site slug (siteflow). This is used to count site visits. No other personal data is included in this request.
You can reject analytics cookies via our cookie banner. You can also clear localStorage at any time in your browser settings.
7. Third-Party Services
- Google Fonts — fonts are loaded from
fonts.googleapis.com. Google may log your IP when serving font files. See Google's Privacy Policy.
- Polsia Analytics — SiteFlow is built on the Polsia platform, which provides visitor analytics. See above (Section 6) for details of what is shared.
- Neon (database hosting) — your data is stored in a Neon PostgreSQL database. Neon Privacy Policy.
- Render (application hosting) — SiteFlow is hosted on Render. Render Privacy Policy.
8. Your Rights (UK GDPR)
Under the UK General Data Protection Regulation (UK GDPR), you have the following rights regarding your personal data:
- Right of access — you can request a copy of the personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate data
- Right to erasure — you can request deletion of your data ("right to be forgotten")
- Right to restrict processing — you can ask us to limit how we use your data
- Right to object — you can object to processing of your data for analytics purposes
- Right to data portability — you can request your data in a structured, machine-readable format
To exercise any of these rights, email us at siteflow@polsia.app. We will respond within 30 days.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
9. Legal Basis for Processing
We process your personal data on the following legal bases under UK GDPR:
- Legitimate interests — analytics, security monitoring, and bot filtering (Article 6(1)(f)). We have conducted a balancing test and concluded our interests do not override your rights.
- Consent — analytics cookies (polsia_vid) and the Polsia analytics beacon are only activated with your explicit consent.
- Consent — feedback form submissions are voluntary and based on your consent to provide information.
10. Changes to This Policy
We may update this policy as SiteFlow evolves. Material changes will be reflected in the "Last updated" date at the top of this page. Continued use of SiteFlow after changes constitutes acceptance of the revised policy.