SmartBaise

Exordium Technologies Limited: SmartBaise Privacy Policy

Version 5.0 – Effective Date: 4th February 2026

1. CORPORATE IDENTITY AND DATA ROLES

SmartBaise is a software product and proprietary technological asset owned and operated exclusively by Exordium Technologies Limited ("the Company", "we", "us", or "our"). This Privacy Policy serves as the definitive disclosure regarding the processing of Personal Data and proprietary Business Data within the SmartBaise ecosystem.

For the purposes of applicable data protection legislation:

Data Controller: Exordium Technologies Limited acts as the "Data Controller" for account registration information, professional credentials, technical metadata, and the de-identified statistical outputs generated within our Data Refinery.

Data Processor: Exordium acts as a "Data Processor" when hosting the raw project files, drawings, and safety records you upload. For this proprietary data, the Customer (the construction firm) remains the "Data Controller" and maintains absolute legal responsibility for the data's accuracy and compliance.

2. THE DUAL-ARCHITECTURE SECURITY MODEL: VAULT vs. REFINERY

Exordium operates a unique dual-environment architecture designed to provide an exhaustive "full-proof" defense for your business-critical information.

2.1 The Secure Data Vault (Proprietary Isolation)

All raw project information, including bid documents, site drawings, material costs, and identifiable project communications ("Raw Customer Data"), is stored within the "Vault." This environment is subject to high-tier AES-256 encryption at rest and TLS 1.3 in transit. Exordium warrants that data within the Vault is strictly isolated. Identifiable Vault data is never released, shared, or accessible by third parties, subsidiary entities, or partner organizations in an identifiable format. Access within Exordium is restricted to specific engineering personnel for support purposes only, and all access is governed by tamper-proof audit logs.

2.2 The Data Refinery (Analytical Transformation)

The "Refinery" is a specialized processing layer where specific data points are extracted from the Vault and subjected to a permanent "De-identification" process. This process removes all direct identifiers (e.g., company names, project titles, site addresses). These aggregated snapshots are used to produce "Derived Data," such as industry-wide price indices and statistical reliability models. Once data enters the Refinery, it is no longer classified as "Personal Data" or "Identifiable Business Data" under UK law, as it cannot be reverse-engineered to identify a specific company or individual.

3. CATEGORIES OF DATA PROCESSED

We collect several tiers of data to provide a comprehensive management utility and to support industry benchmarking:

3.1 Account Identity Data: Full names, business titles, professional qualifications, and business contact details of Authorized Users.
3.2 Project Lifecycle Data (Phases 1–4): Proprietary information related to Phase 1 (Inception/Design), Phase 2 (Pre-construction), Phase 3 (Construction), and Phase 4 (Handover and Maintenance). This includes site progress photos, project schedules, and granular cost points.
3.3 Health and Safety (H&S) Metadata: Information regarding the existence, status, and completion dates of H&S documentation across all project phases.
3.4 Technical and Usage Data: IP addresses, device identifiers, and time-stamped logs of system activity to ensure network security and prevent unauthorized data extraction or "scraping."

4. PURPOSES AND LAWFUL BASES FOR PROCESSING

Under Article 6 of the UK GDPR and the Data (Use and Access) Act 2025, we process data under the following grounds:

4.1 Contractual Necessity: Processing required to deliver the SmartBaise software, manage Phase 1–4 project workflows, and fulfill the 12-month subscription commitment.
4.2 Recognised Legitimate Interests: Pursuant to the DUAA 2025, Exordium processes de-identified data for "recognised legitimate interests," including:
- Intra-group Administration: Internal coordination with Exordium-managed affiliates to optimize system reliability and financial modeling.
- Industry Benchmarking: The creation of statistical snapshots that enhance pricing transparency and coordination across the UK construction sector.
- Network Security: Detecting and preventing fraudulent data submissions or attempts to breach the Vault.
4.3 Legal Obligation: Retention of safety-critical data required for the "Golden Thread" of building information under the Building Safety Act 2022.

5. DATA UTILIZATION AND SUBSIDIARY COORDINATION

Exordium utilizes the Refinery process to support wider ecosystem utility. You acknowledge the following protocols:

5.1 Statistical Benchmarking: De-identified, aggregated statistical snapshots are shared with Exordium’s authorized subsidiaries and partner entities to power industry cost reports and financial reliability models.
5.2 Proprietary Firewall: No subsidiary or partner entity is ever granted access to your Raw Customer Data, drawings, or identifiable records stored in the Vault. These entities only receive de-identified, statistical outputs from the Refinery.
5.3 Ecosystem Purpose Limitation: Data processed within the Refinery is used solely to enhance industry transparency, improve project reliability, and assist with building safety coordination.

6. HEALTH & SAFETY (H&S) PHASE-BASED MANAGEMENT

SmartBaise provides the digital infrastructure for managing H&S documentation throughout the project lifecycle.

6.1 Phases 1–4 Support: The platform provides tools to facilitate H&S workflows across project Phase 1 (Design), Phase 2 (Pre-construction), Phase 3 (Construction), and Phase 4 (Handover).
6.2 User Regulatory Responsibility: The construction company (the Customer) is solely and exclusively responsible for ensuring that all mandatory H&S documents are created, reviewed for compliance, and validated for accuracy prior to submission or site implementation.
6.3 No Safety Validation: SmartBaise is a drafting aid, not a safety consultancy. Exordium does not audit, verify, or warrant the legal sufficiency of any safety files.
6.4 Statutory Duty Holders: All legal duties under the CDM Regulations 2015 remain with the Customer.

7. RETENTION AND "GOLDEN THREAD" COMPLIANCE

7.1 Subscription Retention: We retain Vault data for the duration of your 12-month commitment and any subsequent renewal periods.
7.2 Termination Window: Upon contract end, you have a 30-day window to export your Vault data. Following this, identifiable project data is securely purged.
7.3 Statutory Archiving: Under the Building Safety Act 2022, documents required for the "Golden Thread" may be maintained in a secure archive for the building's lifespan to assist the "Accountable Person."
7.4 Permanent Statistical Records: De-identified snapshots in the Refinery are permanent and cannot be deleted, as they no longer identify any company or individual.

8. YOUR DATA SUBJECT RIGHTS

Under the UK GDPR, you have the following rights:

Right of Access: Request a copy of the personal data Exordium holds about you.
Right to Rectification: Update inaccurate profile or safety metadata.
Right to Erasure: Request account deletion, subject to "Golden Thread" statutory retention overrides.
Right to Data Portability: Request a transfer of your Vault data in a machine-readable format.
Automated Decisions: Under the DUAA 2025, you have the right to challenge any "Significant Decision" made by an algorithm (e.g., a Reliability Score) and request human intervention.

9. GOVERNANCE AND CONTACT INFORMATION

For all inquiries regarding your data in the Vault or Refinery, please contact our Data Protection Officer (DPO):

Email: dpo@smartbaise.com

Address: Exordium Technologies Limited, [Insert UK Office Address]

You also have the right to lodge a formal complaint with the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk | Helpline: 0303 123 1113

Last Updated: 4th February 2026