Legal Information

Privacy Policy

Last updated: 30 April 2026

Collaborate HQ Ltd (“we”, “us”, “our”), provider of the Blueprint HQ application and related services (“Blueprint HQ”, “BP”, the “Services”), takes privacy and the protection of personal data seriously. Blueprint HQ is provided so that subscribers (our paying or trial customers and their organisations) can operate job management and related workflows for their customers and third parties. Subscribers and their authorised users enter data into their own Blueprint HQ accounts. We do not determine the purposes or means of that subscriber-entered information: the subscriber does. We hold and process it only to host the platform, deliver the Services, keep them secure, and meet our legal obligations — not to run or “manage” jobs on our own behalf or use that content for our own business purposes.

This Privacy Policy explains our role in different situations, what personal data is involved, how it is used, who it may be shared with, retention, your rights, and how to reach us. It is intended to meet transparency requirements under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It should be read alongside our Terms & Conditions (including any data processing commitments within them). If anything in this policy conflicts with the Terms regarding processing of personal data, the Terms prevail only where the law allows.

The terms “you” and “your” refer to individuals who interact with us — notably authorised users and other representatives of subscribers, and visitors to our website. If you are an individual whose personal data appears in a subscriber’s Blueprint HQ environment (for example in connection with work or jobs they manage), the subscriber is usually the organisation you should contact first about that data; we explain when that applies below.

1. Who is responsible for personal data — controller and processor roles

Under UK data protection law, the controller decides why and how personal data is processed. The processor processes personal data on the controller’s instructions and on its behalf.

Collaborate HQ Ltd as controller. We act as data controller for personal data we collect and use for our own purposes in operating Blueprint HQ and this website, including: subscriber account and billing relationship information; identity and contact details of people who register, administer, or contact us about the Services; technical and usage data needed to run and secure our systems; marketing to our own contacts where permitted; and cookies on our sites as described below. For this processing, the controller is:

Collaborate HQ Ltd
23 London Road, Downham Market, Norfolk, PE38 9BJ, United Kingdom
Email: support@blueprinthq.com (including privacy enquiries)
Website: www.blueprinthq.com

Collaborate HQ Ltd as processor. For personal data that subscribers and their users enter, upload, or cause to be stored in Blueprint HQ in connection with job management and related operational workflows for the subscriber’s customers, we act as a processor on behalf of the relevant subscriber (who is the controller of that data). We process such data only to provide the hosted Service in accordance with the subscriber’s documented instructions (including as set out in the Terms & Conditions and any applicable data processing agreement), and as required by applicable law. We do not use subscriber job-record content for our own marketing or unrelated analytics.

We do not have a statutory requirement to appoint a Data Protection Officer. For privacy questions about data for which we are controller, contact us using the details above. Where we are processor, we will typically refer requests regarding subscriber-held job data to the relevant subscriber and assist them as required by law and contract.

2. What personal data is collected or held

“Personal data” means information that identifies a person or can be used with other information to do so. Depending on your relationship with us, different categories apply.

A. Data you (subscriber) place in Blueprint HQ — we hold this as processor. Subscribers and their authorised users enter job, scheduling, and related operational data into their own tenant or account. That can include names, contact details, identifiers, correspondence, documents, notes, workflow states, and other information about clients, contractors, suppliers, third parties, and others involved in the subscriber’s jobs and work processes. The sole objective for which we host and process this data in the platform is to enable the subscriber to store, organise, and use that information to deliver job-management services to its own clients in line with the subscriber’s professional and legal obligations — not for any separate purpose decided by us. We do not review job or operational content for our own commercial purposes, alter it on our own initiative, or use it to profile individuals for our marketing.

B. Data we collect or generate as controller (our relationship with the subscriber and operation of the service):

  • Subscriber relationship and account data: name, job title, organisation, email address, telephone number, postal address, and similar details provided when registering, subscribing, contacting us, or using support.
  • Account and billing metadata: username, account identifiers, subscription and billing references (not full payment card numbers — see section 6), preferences, and service configuration that identifies the subscriber account.
  • Technical and usage data: IP address, browser type and version, device identifiers, approximate location derived from IP, access times, audit and security logs, and similar information needed to operate, secure, and maintain the Services.
  • Marketing and communications data: preferences for receiving marketing, newsletter subscriptions, and records of communications with Collaborate HQ.
  • Cookies and similar technologies: as described in section 10.

We do not intend to collect special category (sensitive) personal data through our public marketing website. Subscribers may record special category or criminal offence data in job records where their own legal bases and duties require it; they are responsible for lawful grounds, transparency, and notices to data subjects for that processing, and for instructions to us as processor. We process such data only as needed to host the Service and as the law requires.

3. How personal data is used and legal bases

Subscriber-entered job and operational data (processor). We process this data only to provide the hosted Blueprint HQ environment: storage, retrieval, workflow features, backups, security monitoring, and technical support linked to service performance, in line with subscriber instructions and the Terms & Conditions. The lawful basis is determined by the subscriber as controller (for example performance of a contract with their client, legal obligation, or legitimate interests). Our processing is necessary to perform our contract with the subscriber to provide the platform and to comply with law.

Data for which we are controller. We process personal data only where UK GDPR allows. The main legal bases are:

  • Performance of a contract — to provide Blueprint HQ, manage the subscriber relationship, process subscriptions, give account-related support, and meet our obligations under the Terms & Conditions.
  • Legitimate interests — to secure our systems, ensure reliability, prevent abuse, improve the product in general terms, conduct anonymised or aggregated analytics about service use, and run our business, where those interests are not outweighed by individuals’ rights.
  • Legal obligation — to comply with applicable law, regulation, court orders, or competent authority requests.
  • Consent — where required (for example certain non-essential cookies or marketing), you may withdraw consent at any time without affecting processing before withdrawal.

In practice, this includes: authenticating users; account, billing, and service communications; backups and disaster recovery as described in our Terms; detecting and responding to security incidents; and, where you have opted in, product-related marketing from Collaborate HQ.

4. Categories of parties to whom personal data is disclosed

We do not sell personal data (see section 8). We may share or allow access as follows:

  • Subprocessors and service providers — organisations that provide hosting, networking, storage, email delivery, security tooling, payment facilitation, and similar functions, engaged under written terms that require confidentiality, security, and (where they process personal data on our behalf) terms consistent with Article 28 UK GDPR. Subscriber job data is disclosed to them only as needed to run the infrastructure, not for their independent use.
  • The subscriber’s own organisation — users and administrators the subscriber authorises can see and export data within the account. The subscriber controls those access rights.
  • Professional advisers — lawyers, accountants, or insurers where necessary.
  • Authorities — when required by law, or to protect rights, property, or safety, or to enforce our Terms, we may disclose information; where we hold subscriber job data as processor, we will inform the subscriber before disclosure unless the law forbids it.
  • Corporate transactions — in a merger, acquisition, or asset sale, information may be transferred subject to appropriate safeguards and notices where required.

Subscribers who require details of sub-processors engaged for hosting and related services may request information from us as set out in the Terms & Conditions or any data processing terms agreed with us.

5. International transfers

We primarily store and process data using infrastructure in the UK and/or the European Economic Area. If we transfer personal data outside the UK, we do so using mechanisms recognised under UK law (for example the UK International Data Transfer Agreement, UK Addendum, or adequacy regulations), or other approved safeguards, unless an exception applies.

6. Storage and security of personal data

We use third-party vendors and hosting partners for hardware, software, networking, storage, and related technology required to operate Blueprint HQ. We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction, including access controls, encryption where appropriate, and staff training.

Who “manages” the data. Subscribers manage the substantive job and operational information they enter (accuracy, relevance, legal basis, who may see it, and responses to data subjects). Blueprint HQ stores and processes that information in the platform so the subscriber can use it for job management; we do not carry out the subscriber’s work on their behalf, make operational decisions for them, or act as data steward for subscriber job content. We retain all rights to the Blueprint HQ software, databases, and application; subscribers retain their rights to the business data they enter, subject to this policy and our Terms. Subscribers and their users are responsible for credentials and internal access controls.

Payment information: we use trusted third-party payment providers to process payments. We do not store complete payment card numbers on our own systems, and our staff do not have access to your full card details.

7. Retention and deletion

We keep personal data only as long as necessary for the purposes described in this policy (and, for subscriber job data, the subscriber’s instructions and our agreement), including legal, accounting, or reporting requirements.

  • Subscriber job and operational data (processor): retained while the subscription (or trial) is active and as needed to provide the Service. After termination or non-payment, retention and deletion follow the Terms & Conditions (for example, deletion after a defined period such as approximately 90 days from cessation of paid service unless the subscriber requests earlier deletion where feasible). Subscribers should export data they need before closure.
  • Our account and billing records (controller): retained for the life of the relationship and as long as needed for tax, accounting, and legal compliance.
  • Backups: deleted data may persist in encrypted backups for a limited time before overwrite; system-wide backups may not support item-by-item restoration.
  • Disputes and legal claims: we may retain certain records where necessary to establish, exercise, or defend legal claims.

On request from a subscriber, and where they have met obligations under our Terms, we can provide an export of data held in their account in a format we reasonably determine. Individuals seeking access to data inside a subscriber’s job records should normally contact that subscriber; we will assist the subscriber as required by law and contract.

8. We do not sell personal data

Collaborate HQ Ltd does not sell personal data in the sense of disclosing it to third parties for monetary or other valuable consideration. That applies to account information and to subscriber-held job data alike. We do not monetise job-record content, sell it to data brokers, or use it for unrelated behavioural advertising.

9. Your rights in relation to personal data

UK data protection law gives individuals a range of rights, subject to conditions and exemptions. Who you contact depends on our role.

If your personal data is in a subscriber’s job or work records (for example you are a client, contractor, or other third party whose details they hold for their jobs), the subscriber organisation is usually the controller. Please contact them first to access, correct, erase, or object to processing of that data. We will support the subscriber to respond, including forwarding requests where appropriate and assisting with technical measures as required by law and our contract.

If you are a subscriber user or contact and the data relates to our relationship with you (account, billing, marketing from Collaborate HQ, website interactions), we are typically the controller and you may exercise the following rights with us:

  • Access — confirmation of whether we process your personal data and a copy.
  • Rectification — correction of inaccurate data.
  • Erasure — deletion in certain circumstances.
  • Restriction — limit processing in certain circumstances.
  • Data portability — where processing is based on contract or consent and automated, receive your data in a structured, commonly used format.
  • Object — to processing based on legitimate interests (including profiling) or to direct marketing at any time.
  • Withdraw consent — where we rely on consent.
  • Automated decision-making: we do not use solely automated decisions with legal or similarly significant effects on you in operating Blueprint HQ; if that changes, we will update this policy.

Contact support@blueprinthq.com for rights requests directed at us. We may need to verify your identity. You may complain to the ICO: ico.org.uk (helpline 0303 123 1113). We encourage you to contact us (or your subscriber, as appropriate) first.

10. Cookies and similar technologies

Cookies are small files stored on your device that help us recognise browsers and sessions. Our website and Services use cookies and similar technologies that are necessary for login, security, and core functionality, and where applicable for preferences and analytics.

You can control cookies through your browser settings. Blocking all cookies may reduce functionality of Blueprint HQ and our sites. Where we use non-essential cookies, we will rely on consent where required.

11. Monitoring and aggregated statistics

We monitor use of our applications and infrastructure for security, reliability, abuse prevention, and service quality. This is not used to drive subscriber job decisions or to mine job content for unrelated commercial use. We aim to minimise personal data in logs and to anonymise or pseudonymise technical data where appropriate.

We may publish or share aggregated, non-identifying statistics about use of the Services (for example trend reports). We do not identify individuals or disclose identifiable job details in such reports except as described in this policy.

12. Marketing communications

Where permitted, we may send emails or messages about new features, products, or services. Such messages will be proportionate and relevant. You may opt out at any time using the unsubscribe link in our emails or by replying “unsubscribe” to an SMS, or by contacting support@blueprinthq.com.

13. Children

Blueprint HQ is a business service and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe we have collected such data, please contact us and we will take steps to delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our Services or legal requirements. We will post the updated version on this page and revise the “Last updated” date. Where changes materially affect how we treat personal data, we will notify registered users by email or through the Service where practicable. Your continued use of the website or Services after notice constitutes acceptance of the updated policy where the law allows. The Terms & Conditions continue to govern your use of Blueprint HQ.

By using Collaborate HQ Ltd’s applications and services, you acknowledge this Privacy Policy. Subscribers remain responsible for lawful processing of data they enter for job management. Our Terms & Conditions govern your contractual relationship and take precedence over any conflicting provision in this policy where the law permits.