top of page
transparent regal logo.png
transparent regal logo.png

Client Portal -- Privacy Policy

Last updated: 22 May 2026

Placeholder content pending legal review by a UK solicitor.

Who we are

Regal Construction Services Ltd ("Regal", "we") is a renovation and construction company registered in England and Wales (company number 09677138). Our registered address is 106A North End Road, London W14 9PP.

This Privacy Policy explains how we collect, use, and protect personal data when you use the Regal Client Portal mobile application and admin console (collectively, "the Service").

The data we collect

  • Account data: email address, full name, optional phone number, optional avatar image.

  • Project data: the project(s) you are associated with, their address, stages, timelines, updates, photographs uploaded by your assigned Project Manager, reports, invoices, and messages.

  • Device data: Expo push notification token (so we can notify you of project updates), device platform (iOS / Android).

  • Authentication metadata: session tokens, last sign-in time, password reset tokens (handled by Supabase Auth).

How we use it

  • To provide you visibility of your renovation project and communicate with your assigned Project Manager.

  • To deliver push notifications relating to your project.

  • To authenticate you and protect your account.

  • To maintain an audit trail of project communications and invoices.

We do not sell your personal data, use it for advertising, or share it with third parties except as listed below.

 

Where your data is stored

All personal and project data is stored in our Supabase Postgres database located in the United Kingdom (London, eu-west-2). Photos and PDF documents are stored in Supabase Storage in the same region. Authentication is handled by Supabase Auth (UK region).

Push notification delivery uses Expo Push Service (a US service operated by 650 Industries, Inc.) which relays messages to Apple Push Notification service and Google Firebase Cloud Messaging. The push payload contains only a short title, body, and an internal record identifier — no project content or photos leave the EU via the push channel.

 

Third parties

Data processors we use:

  • Supabase (Supabase Inc.) — database, authentication, storage. UK/EU data residency.

  • Expo (650 Industries, Inc.) — push notification relay; mobile-app build infrastructure.

  • Apple, Google — app store distribution, push notification delivery.

  • Vercel — admin console hosting (UK/EU region).

How long we keep it

We keep your data for the duration of your project plus seven years for accounting and legal record purposes (consistent with UK statutory record-keeping requirements). On request, we can delete your personal data sooner subject to those legal obligations.

Your rights under UK GDPR

Access — you can request a copy of the personal data we hold about you.

Correction — you can ask us to correct any data that is inaccurate.

Deletion — you can ask us to delete your personal data, subject to our legal record-keeping obligations.

Portability — you can ask us to provide your data in a machine-readable format.

Objection — you can object to specific processing.

To exercise any of these rights, email info@rcs-ltd.com.

Children

The Service is not intended for use by anyone under 18. We do not knowingly collect data from minors.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect.

Contact

For privacy questions or data requests:

Email: info@rcs-ltd.com
Address: 106A North End Road, London W14 9PP
Phone: 020 7736 3916

If you are unhappy with our response, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

bottom of page