Privacy Policy

Last updated: May 2026

This Privacy Policy explains how ASC Portal collects, uses, stores, and protects information when ASC staff, contractors, and other authorised users access the portal. ASC Portal is an internal business system used for account access, task management, timesheets, logbook workflows, notifications, team support, reporting, and selected administrative functions.

1. Information We Collect

We collect account and access data needed to run the portal, such as your name, email address, password hash for local sign-in, role and permission assignments, team visibility, terms acceptance, email verification status, security preferences, and active session records.

If you use Google sign-in, we receive the basic Google account data required to authenticate you and match you to an ASC Portal user, such as your Google account email address, display name, and Google account identifier. We do not request access to Google Drive, Gmail content, Google Calendar, or other Google data through the sign-in flow.

While you use the portal, we may store profile and operational data that you create or update, including profile pictures, project and site details, assignments, timesheet entries, approvals, unlock requests, logbook records, support tickets, attachments, reports, and related audit or activity history.

2. How We Use Information

We use collected information to authenticate users, manage accounts, enforce role-based access, operate task-management and timesheet workflows, render reports and dashboards, maintain notifications, and support normal business administration and troubleshooting.

We also use account and security data to send verification emails, password-reset messages, email one-time passcodes when enabled, live notification updates, and session-activity information such as logged-in devices.

Google account data obtained through sign-in is used only for authentication, account linking, secure access control, and related account administration. It is not used for advertising or sold to third parties.

3. Third-Party Services and Data Sharing

We do not sell personal data or Google sign-in data. We may use third-party services where needed to operate ASC Portal, including:

  • Google for optional Google sign-in
  • SMTP or email delivery providers for verification, OTP, reset, and backup emails
  • OpenStreetMap, Nominatim, and Photon for site address lookup and map previews
  • Google Drive when authorised administrators configure backup delivery to Google Drive

Information is shared with those services only as needed to provide the relevant feature. We may also disclose information where required by law, to protect ASC Portal, or to investigate security or misuse issues.

4. Cookies, Sessions, and Security Controls

ASC Portal uses essential cookies and server-side session storage to keep users signed in, secure the authentication flow, and prevent misuse of the service. These cookies are required for the portal to function correctly and are not used as advertising trackers.

The application also uses security controls such as role-based permissions, CSRF protections, rate limits on sensitive auth flows, and security headers. Session activity may be shown to users so they can review and revoke active sessions.

5. Files, Backups, and Retention

Profile pictures, support-ticket attachments, and site attachments are stored on the server and served through authenticated routes. Direct public access to protected upload locations is blocked.

Authorised administrators may generate backup exports in SQL, CSV, or XLSX format and deliver them by download, email, or Google Drive depending on the configured backup workflow. Backup history and related administrative activity may also be retained.

Account, operational, audit, notification, and backup-related data may be retained for business, administrative, legal, and security reasons. Retention periods can vary depending on operational needs and administrator actions.

6. Your Choices

Users can review or update certain account details from the portal, including profile name, profile picture, password, email OTP preference, and active sessions. Some account data, such as email address, role assignments, or access scope, may only be changed by administrators or related security workflows.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected on this page.

8. Contact

If you have questions about this Privacy Policy or data handling in ASC Portal, please contact your system administrator.