Privacy Policy

How we collect, use, and protect your data.

Last updated: February 2026

1. Who we are

BlockGuardian is operated by DisciplineLabs Ltd ("we", "us", "our"). We are the data controller for the personal data processed through the BlockGuardian platform at blockguardian.co.uk.

Contact: support@blockguardian.co.uk

2. What data we collect

We collect the following categories of personal data:

  • Account information: Name, email address, password (hashed), role within your organization
  • Property information: Building addresses, unit numbers, residency assignments
  • Usage data: Actions taken within the platform (audit log), page visits, feature usage
  • Communication data: Messages, noticeboard posts, case comments, poll votes
  • Documents: Files uploaded to the platform (certificates, reports, images)
  • Payment information: Processed by Stripe; we do not store full card details
  • Technical data: IP address, browser type, device information

3. How we use your data

We process your data for the following purposes:

  • Providing and maintaining the BlockGuardian service
  • Authenticating your identity and managing account access
  • Sending notifications (in-app and email) about activity relevant to you
  • Processing payments and managing subscriptions
  • Maintaining compliance records and audit trails
  • Responding to support requests
  • Improving the service based on usage patterns

4. Legal basis for processing

  • Contract: Processing necessary to provide the service you have signed up for
  • Legitimate interests: Service improvement, security, fraud prevention
  • Legal obligation: Compliance with UK regulations, tax and accounting requirements
  • Consent: Marketing communications (where applicable)

5. Data sharing

We share your data with:

  • Your account administrators: Managers and admins within your BlockGuardian account can see your profile and activity
  • Microsoft Azure: Our cloud infrastructure provider (UK data centres)
  • Stripe: Payment processing
  • Azure Communication Services: Email delivery
  • Vercel Inc.: Website hosting and anonymous analytics (see section 10)

We do not sell your personal data to third parties.

6. Data retention

  • Account data: Retained while your account is active, deleted upon request
  • Audit log entries: Retained for the lifetime of the account (immutable by design)
  • Deleted documents: Retained in soft-delete state for 365 days, then permanently removed
  • Messages and communications: Retained while the account is active

7. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict processing
  • Data portability (export your data)
  • Object to processing

BlockGuardian provides a built-in data export feature for GDPR Article 20 compliance. To exercise any of these rights, contact us at support@blockguardian.co.uk.

8. Data security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, secure password hashing, and role-based access controls. All data is stored in Microsoft Azure data centres located in the United Kingdom.

9. Analytics

We use Vercel Web Analytics to understand how visitors use our website. This service does not use cookies and does not collect personal data. Visitors are identified by an anonymised hash derived from the incoming request, which is automatically discarded after 24 hours. No data is shared across websites or used to identify individual users. Analytics data is processed by Vercel Inc. For more information, see Vercel's Analytics Privacy Policy.

10. Changes to this policy

We may update this privacy policy from time to time. We will notify registered users of significant changes via email or in-app notification.