Privacy Policy
Last updated: 29 May 2026
Who we are
Briefkit Ltd (company number 17208742) is a UK limited company with its registered office at 82A James Carter Road, Bury St Edmunds, IP28 7DE. We operate briefkit.co.uk, a service that generates Risk Assessment and Method Statement (RAMS) documents for UK construction contractors.
Briefkit Ltd is the data controller for personal data submitted through briefkit.co.uk. For any privacy question or data request, contact us at hello@briefkit.co.uk.
What we collect and why
When you submit a RAMS request, we collect:
- Your name and email address, so we can deliver the PDF and contact you about your order
- Your job description, including details of the work, location, equipment, personnel, and any other information you choose to share
- Basic technical data automatically captured by our hosting provider (IP address, browser type, request timestamps), used only for security and operating the service
We use Microsoft Clarity on our marketing pages (home, pricing, examples, the free-template pages, and the trade-page guides) to understand how visitors interact with the site — it records anonymous session activity and uses cookies for this. Clarity does not load on customer document pages (/rams/...) or our admin area, so anything you enter into your RAMS is not recorded by it.
We don’t use cookies for advertising, and we don’t sell or share your personal data with marketers.
Lawful basis
Our lawful basis for processing this data is contract performance under Article 6(1)(b) UK GDPR — we need this data to generate and deliver the RAMS you’ve requested.
Where your data goes
To deliver the service, your data is processed by these third-party providers:
| Provider | What they handle | Where |
|---|---|---|
| Anthropic (anthropic.com) | AI generation of the RAMS document | United States, with EU privacy safeguards |
| Vercel (vercel.com) | Website hosting and order processing | United States, with EU edge nodes |
| Neon (neon.tech) | Database storage of order records | EU (London region) |
| Cloudflare R2 (cloudflare.com) | Storage of generated PDF documents | EU (West region) |
| Resend (resend.com) | Email delivery | United States |
| Microsoft Clarity (clarity.microsoft.com) | Anonymous session recording and heatmaps on marketing pages | United States |
Each of these is a data processor acting on our instructions, bound by standard contractual clauses where data leaves the UK/EU.
How long we keep your data
- Order records (your name, email, job description, generated RAMS): retained for at least 24 months for legitimate business operation (refund handling, dispute resolution, service improvement)
- Generated PDFs in our storage: retained for at least 24 months
- You can request deletion at any time — email hello@briefkit.co.uk and we’ll permanently remove your data within 30 days
Your rights under UK GDPR
You have the right to:
- Access the personal data we hold about you
- Correct any inaccurate data
- Delete your data (“right to erasure”)
- Restrict or object to our processing
- Receive your data in a portable format
- Withdraw consent at any time (though our basis is contract, not consent)
- Lodge a complaint with the Information Commissioner’s Office at ico.org.uk
To exercise any of these rights, email hello@briefkit.co.uk with “Data request” in the subject line. We’ll respond within 30 days.
Changes to this policy
We’ll update this policy as needed. The “Last updated” date at the top reflects the most recent change. Material changes will be flagged on briefkit.co.uk.