Create Next App

Terms Privacy DPA Cookies Acceptable Use Disclaimer

SQRD² O&M Builder — How we collect, use and protect your data

Last updated: May 2026 · Effective date: 1 June 2026

SQRD² is committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) as retained in Irish law, the Data Protection Act 2018, and all other applicable data protection legislation.

1. Who We Are 2. Data We Collect 3. How We Use Your Data 4. Lawful Basis for Processing 5. Data Subjects and Their Relationship to the Platform 6. Third Party Processors 7. AI Processing and Anthropic 8. Data Transfers Outside the EEA 9. Data Retention 10. Your Rights Under GDPR 11. Cookies 12. Children's Data 13. Security 14. Changes to This Policy 15. Contact and Complaints

01Who We Are

SQRD² operates the SQRD² O&M Builder platform at sqrd.ie. For the purposes of data protection law we are the data controller in respect of personal data processed through the Platform.

In respect of personal data contained in documents uploaded by Subscribers and processed through the Platform's features, Subscribers act as data controllers and SQRD² acts as data processor. This relationship is governed by our Data Processing Agreement.

Contact details for data protection enquiries:

Email: support@sqrd.ie
Website: sqrd.ie

02Data We Collect

Account and Registration Data

Full name
Company name and trading details
Email address
Password (stored in hashed form — we cannot access your plain text password)
Selected discipline (Electrical or Mechanical)
Selected Subscription plan
IP address at time of registration

Project Data

Project names, references and addresses
Client, consultant and contractor contact details entered into projects
Sub-contractor contact details entered into projects
Project dates and status information
Uploaded project files — drawings, certificates, technical literature
Context documents uploaded for AI processing
AI-generated manual content
Scope and system configuration settings

Billing Data

Payment card details — collected and stored by Stripe, not by us
Billing address
Transaction history
VAT number where provided

Usage Data

Features used and frequency of use
Project creation and generation activity
Hosted manual view counts and access times
Document request activity
Browser type and version
Device type
Session timestamps

Sub-contractor Data

When you use the document request feature, the following data is collected about sub-contractors:

Name and email address (provided by you)
Documents uploaded through the upload portal
Upload timestamps and IP addresses

Hosted Manual Visitor Data

When a Hosted Manual is accessed by a third party:

Access timestamp
IP address
Browser and device information
Pages and sections viewed

03How We Use Your Data

Purpose	Data Used	Lawful Basis
Providing the Platform service	Account, project, billing data	Contract performance
Processing payments	Billing data	Contract performance
Sending transactional emails	Email address	Contract performance
Sending document request emails	Sub-contractor email addresses	Legitimate interests
Processing AI content generation	Project data, context documents	Contract performance
Processing AI amendment requests	Manual content, request text	Contract performance
Platform security and fraud prevention	Usage data, IP addresses	Legitimate interests
Platform improvement and analytics	Anonymised usage data	Legitimate interests
Compliance with legal obligations	All relevant data	Legal obligation
Responding to support enquiries	Account, project data	Contract performance

We do not use your data for marketing profiling, sell your data to third parties or use your data to train AI models.

04Lawful Basis for Processing

We rely on the following lawful bases under Article 6 GDPR:

Contract performance (Article 6(1)(b)): Processing necessary to provide the Platform services you have subscribed to.
Legitimate interests (Article 6(1)(f)): Processing for platform security, fraud prevention, analytics and service improvement. We have conducted legitimate interests assessments for these purposes and are satisfied that our interests are not overridden by your rights.
Legal obligation (Article 6(1)(c)): Processing required to comply with applicable law including tax and financial regulations.
Consent (Article 6(1)(a)): Where we rely on consent we will ask for it separately and you may withdraw it at any time.

05Data Subjects and Their Relationship to the Platform

The Platform involves several categories of data subject with different relationships to us:

Subscribers

Contractors who hold a Subscription account. We are the data controller for their account and billing data. We are the data processor for project data they create and upload.

Sub-contractors

Third parties who receive document request emails and upload documents through the upload portal. The Subscriber is the data controller for sub-contractor data. We process it on the Subscriber's behalf as data processor. Sub-contractors may contact us at support@sqrd.ie to exercise their data rights.

Building Owners and Facilities Managers

Persons who access Hosted Manuals. We collect limited technical data when they access a Hosted Manual. The Subscriber is responsible for ensuring that the content of the Hosted Manual does not contain personal data that should not be publicly accessible.

Client and Consultant Contacts

Contact information entered into projects by Subscribers. The Subscriber is the data controller for this data. We process it on the Subscriber's behalf as data processor.

06Third Party Processors

We use the following sub-processors to provide the Platform:

Processor	Purpose	Location	Safeguards
Supabase	Database, authentication and file storage	EU (Ireland)	GDPR compliant, DPA in place
Stripe	Payment processing	EU/US	PCI-DSS compliant, SCCs in place
Anthropic	AI content generation	US	API terms, no training on inputs, SCCs in place
Resend	Transactional email delivery	US	SCCs in place, DPA available
Vercel	Platform hosting and deployment	EU	GDPR compliant, DPA in place

We maintain Data Processing Agreements with all sub-processors. We will update this list when sub-processors change and will notify Subscribers of material changes.

07AI Processing and Anthropic

When you use the AI Fill feature or when amendment requests are processed, the following data is sent to Anthropic's API: project information you have entered, system library content, and any context documents you have uploaded for AI processing.

This data is processed transiently by Anthropic solely to generate the requested content. Anthropic's API terms confirm that:

API inputs are not used to train Anthropic's models
Data is not retained by Anthropic beyond the immediate API request
Processing is subject to Anthropic's data processing agreement

You should not upload Context Documents containing highly sensitive personal data or confidential third-party information without appropriate authorisation. You are responsible for ensuring you have the right to share document content with a third-party AI processing service.

08Data Transfers Outside the EEA

Some of our sub-processors are located outside the European Economic Area. We ensure appropriate safeguards are in place for all international transfers:

Stripe: Standard Contractual Clauses (SCCs) under EU Commission Decision 2021/914
Anthropic: Standard Contractual Clauses under EU Commission Decision 2021/914
Resend: Standard Contractual Clauses under EU Commission Decision 2021/914

Copies of applicable SCCs are available on request by emailing support@sqrd.ie.

09Data Retention

Data Type	Retention Period	Reason
Account data	Duration of Subscription + 7 years	Legal and tax compliance
Billing records	7 years	Tax and financial regulations
Project structure and metadata	Permanently	Hosted manual continuity
Hosted manual content	Permanently	Client access commitment
Uploaded project files	90 days after cancellation	Service provision
Context documents	90 days after cancellation	Service provision
Sub-contractor upload data	90 days after project completion or cancellation	Service provision
Usage and analytics data	2 years (anonymised after 90 days)	Platform improvement
Email communication records	2 years	Support and compliance

On account deletion we will erase personal account data within 30 days subject to our legal obligation to retain certain records for tax and financial compliance purposes.

10Your Rights Under GDPR

Under the GDPR you have the following rights in respect of your personal data:

Right	Description
Right of access	You may request a copy of all personal data we hold about you.
Right to rectification	You may request correction of inaccurate or incomplete data.
Right to erasure	You may request deletion of your personal data subject to our legal retention obligations.
Right to restriction	You may request that we restrict processing of your data in certain circumstances.
Right to data portability	You may request your data in a structured, machine-readable format.
Right to object	You may object to processing based on legitimate interests.
Right to withdraw consent	Where processing is based on consent you may withdraw it at any time.
Rights re automated decisions	You have rights regarding decisions made solely by automated processing.

To exercise any of these rights please email support@sqrd.ie. We will respond within one month. We may need to verify your identity before processing your request.

Right to Complain

If you are not satisfied with how we handle your personal data you have the right to lodge a complaint with the Data Protection Commission of Ireland:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Phone: +353 (0)1 765 0100
Website: dataprotection.ie

11Cookies

The Platform uses cookies and similar technologies. Please see our Cookie Policy for full details of cookies used, their purposes and how to manage your preferences.

Essential cookies required for the Platform to function are placed without consent. Non-essential cookies are placed only with your consent.

12Children's Data

The Platform is intended for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child's data has been submitted through the Platform please contact us at support@sqrd.ie and we will delete it promptly.

13Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or alteration. These measures include:

Encryption in transit using TLS
Encryption at rest for stored data
Row-level security policies on the database ensuring each Subscriber can only access their own data
Access controls limiting staff access to personal data
Regular security reviews
Secure password hashing
Two-factor authentication available for accounts

In the event of a personal data breach we will notify the Data Protection Commission within 72 hours where required under GDPR Article 33. Where the breach is likely to result in a high risk to your rights we will also notify you directly without undue delay.

14Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material we will notify you by email at least 30 days before they take effect. The current version will always be available at sqrd.ie/legal/privacy.

15Contact and Complaints

For all data protection enquiries please contact us at:

SQRD² — Data Protection
Email: support@sqrd.ie
Website: sqrd.ie

Contents