LEGAL

Privacy Policy

Sandford Digital Limited
Last updated: 1 July 2026
Version: 1.0

This policy covers sandford.digital, portal.sandford.digital,
insights.sandford.digital, and the Sandford Site Scan mobile application.

01 // WHO WE ARE

Sandford Digital Limited ("Sandford Digital", "we", "us", "our") is a company registered in England and Wales. We are the controller of personal data processed through our websites and the Sandford Site Scan spatial triage SDK.

We can be contacted at:

SANDFORD DIGITAL LIMITED

Email: privacy@sandford.digital

Website: sandford.digital

02 // THE SHORT VERSION

Sandford Site Scan is designed to inspect assets, not people. Our system is built to process the condition of physical infrastructure — train carriages, fleet vehicles, facilities — not to identify, track, or profile individuals. Privacy protection is enforced in our capture pipeline before any image reaches an AI model. This is not a policy position. It is an architectural constraint.

  • People detected in captured frames are automatically filtered before AI processing
  • We do not store raw video or images beyond the active session window unless explicitly configured by the operator
  • We do not sell personal data to third parties under any circumstances
  • Aggregate trend intelligence is anonymised at regional level — operator identity is never included
  • You have the right to access, correct, and erase any personal data we hold about you

03 // WHAT DATA WE COLLECT AND WHY

A. SANDFORD SITE SCAN — MOBILE APPLICATION

The Sandford Site Scan app is an enterprise tool deployed by operators to their staff. When the app is in use, the following data is processed:

DATA TYPE PURPOSE LEGAL BASIS RETENTION
Camera frames (Base64) Asset condition assessment via AI vision Legitimate interests of the operator Transient — processed and discarded within session unless operator configures retention
Spatial anchor metadata Mapping frame to position on asset Legitimate interests Retained as part of session audit trail
Session ID and timestamp Audit trail and dispute resolution Legitimate interests / legal obligation 90 days by default. Configurable per operator.
AI assessment output Damage finding and severity scoring Legitimate interests 90 days by default. Configurable per operator.
License plate (Fleet regime) Vehicle identification at handover Legitimate interests of the operator As per session audit trail

Person filtering: Prior to any frame being submitted to the AI assessment pipeline, a pre-filter is applied to detect and exclude human subjects. Faces and identifiable personal characteristics are not processed by our AI models. No biometric data is collected, stored, or inferred.

B. CLIENT PORTAL — portal.sandford.digital

Operator and manager accounts on the client portal require the following personal data:

  • Name and email address — for account authentication and communications
  • Organisation name and role — for access control and audit purposes
  • Login timestamps and activity logs — for security and compliance

C. INSIGHTS DASHBOARD — insights.sandford.digital

The Insights platform presents anonymised regional aggregate data only. No personal data about individuals or identifiable operators is presented to third-party subscribers. Account data (name, email, organisation) is collected for authentication purposes only.

D. WEBSITE — sandford.digital

  • Contact form submissions — name, email, message — retained for 12 months
  • Demo request submissions — retained until the request is fulfilled or declined
  • Analytics data — anonymised page view data only. We do not use third-party tracking cookies.

04 // HOW WE USE AI VISION

Sandford Site Scan uses Claude, an AI model developed by Anthropic, to assess asset condition from camera frames. Frames are submitted to Anthropic's API over an encrypted connection. Anthropic's data processing terms apply to this transfer.

We instruct the AI model to:

  • Assess the physical condition of the asset surface visible in the frame
  • Identify damage, wear, or anomalies against a known baseline condition
  • Return a structured JSON assessment — severity, findings, confidence, recommendation
  • Ignore and not report on any human subjects, personal belongings, or non-asset objects

The AI model does not make autonomous decisions that have legal or significant effects on individuals. All assessments are reviewed by a human operator before any action is taken. Our use of AI is assistive, not determinative.

05 // OFFLINE PROCESSING

Sandford Site Scan is designed for deployment in signal-dead environments including rail depots and underground facilities. When network connectivity is unavailable:

  • Captured frames and metadata are stored locally on the device in an encrypted queue
  • No data is transmitted until a confirmed network connection is established
  • The local queue is automatically cleared once data has been confirmed as received by our backend
  • Locally stored data is protected by the device's native encryption and access controls

06 // WHO WE SHARE DATA WITH

RECIPIENT PURPOSE LOCATION
Anthropic, Inc. AI vision processing via Claude API USA — Standard Contractual Clauses apply
Operator clients Session results and audit trail for their own assets UK / EU
Cloud infrastructure provider Hosting and data storage UK / EU only
Third-party intelligence subscribers Anonymised regional aggregate data only — no personal data UK / EU

We do not sell, rent, or trade personal data. We do not share personal data with advertisers or data brokers.

07 // HOW LONG WE KEEP DATA

  • Session audit trails — 90 days by default, configurable per operator contract
  • AI assessment outputs — 90 days by default, configurable per operator contract
  • Raw frame data — transient, not retained beyond active processing unless explicitly configured
  • Portal account data — duration of contract plus 12 months
  • Contact and demo request data — 12 months
  • Anonymised aggregate data — indefinitely (no personal data present)

08 // YOUR RIGHTS

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Access — request a copy of personal data we hold about you
  • Rectification — request correction of inaccurate personal data
  • Erasure — request deletion of your personal data where there is no legitimate reason for continued processing
  • Restriction — request that we restrict processing of your personal data in certain circumstances
  • Portability — request transfer of your personal data to another controller in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Automated decisions — you have the right not to be subject to solely automated decisions that have legal or significant effects on you

To exercise any of these rights, contact us at privacy@sandford.digital. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

09 // SECURITY

  • All data in transit is encrypted using TLS 1.2 or higher
  • Local device storage is encrypted using native device encryption
  • API keys and credentials are never stored in client-side code or transmitted in plain text
  • Access to client data is restricted to authorised personnel only
  • We conduct regular security reviews of our infrastructure and codebase

10 // COOKIES

sandford.digital uses no third-party tracking cookies. We use a single session cookie for authentication on the client portal. This cookie is strictly necessary for the portal to function and does not require consent under PECR.

The Sandford Site Scan mobile application does not use cookies.

11 // CHANGES TO THIS POLICY

We will update this policy as our products and legal obligations evolve. Material changes will be communicated to active clients by email with 30 days notice before taking effect. The version number and last updated date at the top of this page will always reflect the current version.

12 // CONTACT US

DATA PROTECTION ENQUIRIES

Sandford Digital Limited

Email: privacy@sandford.digital

For general enquiries: hello@sandford.digital