Security & Data Privacy

Who this page is for

Asbestos contractors, supervisors, document teams and company owners who upload floor plans, site drawings, client names or enclosure layouts and need plain-English answers about how data is handled.

How project data is stored

Project drawings (walls, assets, routes, notes and title-block fields) are stored in a PostgreSQL database hosted by Supabase, scoped to your user account. On Team and Company plans, colleagues you invite can access workspace projects according to their role — nobody outside your workspace sees them.

Uploaded drawings, backdrops and exports

Floor-plan backdrops, company branding files and export record copies are stored in private Supabase Storage buckets — not on public URLs. Storage policies restrict each folder to the owning user (or your workspace rules on team plans). When the app shows a backdrop preview or export history thumbnail, it uses a short-lived signed link that expires automatically (typically one to eight hours depending on the feature).

Private account-based access

Database row-level security enforces owner-based access to projects, exports and billing rows. The application checks your signed-in session on protected routes. We do not operate a shared library of customer drawings.

Payment security

Subscriptions and one-off purchases are processed by Stripe. Card details are entered on Stripe’s hosted Checkout and Customer Portal pages. AsbestoPlan stores Stripe customer and subscription identifiers — not full card numbers.

AI and your files

Your project data, floor-plan uploads and exports are not used to train AI models. The product does not send your drawings to third-party generative AI services for model training. Operational error logs may contain technical metadata (URLs, error messages) but not your drawing content.

Export, deletion and data requests

Signed-in users can download a full copy of their account data or permanently delete their account from Dashboard → Account & privacy (UK GDPR export and erasure). For other data-protection questions contact hello@asbestoplan.co.uk — controller details are in our Privacy Policy.

Security FAQ

Who can see my projects?

Only your signed-in account (and, on Team/Company plans, colleagues you invite into your workspace with explicit roles). Database row-level security enforces owner-based access — other customers cannot browse your projects.

Are floor-plan uploads and exports stored securely?

Yes. Floor-plan backdrops, branding files and export record copies sit in private Supabase Storage buckets — not public URLs. Previews and downloads use short-lived signed links that expire automatically.

Does AsbestoPlan use my drawings to train AI models?

No. Your project data, uploads and exports are not fed into AI training models. The editor does not send your floor plans or enclosure layouts to third-party generative AI services for model training.

How are payments handled?

Card payments and subscriptions are processed by Stripe. Card details are entered on Stripe’s hosted checkout and billing portal — AsbestoPlan stores subscription identifiers, not full card numbers.

Can I export or delete my data?

Yes. Signed-in users can download a full copy of their account data or permanently delete their account from Dashboard → Account & privacy. You can also email hello@asbestoplan.co.uk for data-protection requests.

Where is data stored?

Application data is hosted on Supabase (PostgreSQL database and private object storage). Our infrastructure providers process data under contractual safeguards appropriate for UK GDPR.

Is AsbestoPlan compliance-approved?

No. It is a planning and communication tool for enclosure visuals — not legal advice, HSE approval or a substitute for competent professional judgement.