Blueprint by Cyzag

Privacy Policy

Last updated: January 2025

Cyzag ("we", "us", or "our") operates the Blueprint by Cyzag application and website (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

1. Information We Collect

Account Information

When your organisation provisions an account for you, we collect:

  • Name and email address
  • Organisation/company affiliation
  • Role and permissions within the system

Operational Data

When you use Blueprint to perform operator rounds and capture readings, we collect:

  • Equipment readings and measurements (temperature, pressure, vibration, counters, etc.)
  • Photos and observations attached to readings
  • Timestamps of when readings were captured
  • Completion status of inspection rounds

Device and Usage Information

We automatically collect certain information when you use our mobile apps and website:

  • Device type, operating system, and version
  • App version
  • Crash reports and performance data
  • General usage patterns (features used, screens visited)

Location Information

If you grant permission, we may collect location data to verify you are at the correct asset location during rounds. Location data is only collected when actively using the app and is associated with specific readings for audit purposes.

2. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: Enable you to perform operator rounds, capture readings, and monitor asset conditions
  • Sync and Storage: Synchronise your data between mobile devices and our servers so supervisors can view conditions in real-time
  • Improve the Service: Analyse usage patterns to improve app performance and user experience
  • Troubleshoot Issues: Use crash reports and performance data to identify and fix technical problems
  • Security: Detect and prevent fraud, unauthorised access, and other security incidents
  • Compliance: Maintain audit trails as required by your organisation's policies and industry regulations

3. Data Storage and Security

Encryption

All data is encrypted both in transit (using TLS/HTTPS) and at rest. Mobile apps store data locally in encrypted databases when operating offline.

Data Location

Data is stored in secure cloud infrastructure. For enterprise customers, we offer data residency options to meet regional compliance requirements.

Multi-Tenant Isolation

Each organisation's data is logically isolated from other customers. Access controls ensure users can only view data within their organisation and according to their assigned permissions.

4. Third-Party Services

We use the following third-party services that may collect data:

  • Firebase Analytics (Google): Collects anonymous usage statistics to help us understand how the app is used. Firebase Privacy Policy
  • Firebase Crashlytics (Google): Collects crash reports including device information to help us fix bugs. Firebase Privacy Policy
  • Google Analytics: Used on our website to understand visitor behaviour. Google Privacy Policy

5. Data Sharing

We do not sell your personal information. We may share data in the following circumstances:

  • With Your Organisation: Data collected during your use of the Service is available to supervisors and administrators within your organisation according to their role permissions
  • Service Providers: We may share data with trusted service providers who assist us in operating the Service (hosting, analytics), subject to confidentiality obligations
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction

6. Data Retention

We retain operational data (readings, observations, photos) for as long as your organisation maintains an active subscription, plus a reasonable period for backup and recovery purposes. Account information is retained until the account is deleted or your organisation terminates their subscription.

Analytics and crash report data is retained for up to 24 months for trend analysis and product improvement purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data, subject to legal and contractual retention requirements
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to certain processing of your personal data
  • Withdraw Consent: Where processing is based on consent, withdraw that consent at any time

To exercise these rights, contact your organisation's administrator or email us at privacy@cyzag.com.

8. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide the Service as contracted with your organisation
  • Legitimate Interests: Processing for product improvement, security, and fraud prevention
  • Consent: Where required, such as for location tracking or marketing communications

9. CCPA Compliance (California Users)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising CCPA rights

10. Children's Privacy

Blueprint is designed for use by adult employees in industrial settings. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we may also notify you via email or in-app notification.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: