craneIQ — Privacy Policy

Pointnode Ltd · Last updated April 2025

This Privacy Policy describes how Pointnode Ltd collects, uses and protects Your personal data when You use the craneIQ application and associated services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Interpretation and Definitions

Interpretation

Words with capitalised initial letters have the meanings defined below. These definitions apply whether the terms appear in singular or plural.

Definitions

Account means a unique account created for You to access the Service or parts of it.
Application refers to the craneIQ mobile application provided by Pointnode Ltd, distributed via the Apple App Store and Apple TestFlight.
Company (referred to as "the Company", "We", "Us" or "Our") refers to Pointnode Ltd, West Midlands, United Kingdom.
Country refers to the United Kingdom.
Device means any device used to access the Service, such as a smartphone or tablet.
NFC Tag means a factory-locked Near Field Communication tag installed on a crane or crane pendant as part of the craneIQ hardware installation, used to identify the crane and initiate the inspection workflow.
Personal Data means any information that relates to an identified or identifiable individual.
Platform means the craneIQ hardware nodes, mobile application, HiveMQ MQTT broker and cloud backend infrastructure collectively.
Service refers to the craneIQ Application and all associated products including craneIQ Guard, craneIQ Monitoring, craneIQ Core, craneIQ Cloud and all other craneIQ products provided by Pointnode Ltd.
Service Provider means any third party that processes data on behalf of the Company to support the Service.
Usage Data means data collected automatically through use of the Service, including operational and diagnostic data.
You means the individual accessing or using the Service, or the organisation on whose behalf that individual is acting.

Collecting and Using Your Personal Data

Account and Identity Data

When You register to use the Service, We may collect:

Full name and email address
Job role and employer organisation
Training certifications and their expiry dates (where applicable to Your role and product)
Operator assignments — which cranes or sites You are authorised to access

Inspection and Access Control Data

When You use craneIQ Guard or other inspection features, We collect:

Pre-use inspection records — individual checklist responses, timestamps and pass/fail outcomes
Photographs and voice notes attached to inspection items or defect reports
Crane access session records — unlock events, lock events, session durations and operator identity
Defect reports, including description, photographs, timestamps and resolution status
Engineer lockout and tagout records — who applied the lockout, who cleared it and the stated reason
NFC tag scan events — crane identifier, timestamp and operator identity

Crane Condition and Monitoring Data

Where craneIQ monitoring products are installed, We collect operational data transmitted from the crane hardware via the HiveMQ MQTT broker, including:

Load data — individual lift weights and load spectrum over time
Design Working Period (DWP) — hoist, brake and controls DWP tracked from 100% based on actual usage
Vibration data, motor temperatures and running hours
Starts, brakings, emergency stops and over-temperature events
Crane identifier, hardware node version and firmware details

Device and Usage Data

Usage Data is collected automatically when You use the Application and may include:

Device type, manufacturer and operating system version
Application version and build number
IP address and network connection type
Session timestamps, app launch events and feature usage logs
Crash reports and error logs

Location Data

The Application may record the location of Your Device at the time an inspection is submitted, where Your device permissions allow. Location data is associated with inspection records for audit trail purposes. You can manage location access at any time through Your Device settings. Disabling location access may reduce the completeness of the inspection audit trail.

Use of Your Personal Data

Purpose	Legal Basis
Creating and managing Your Account and providing access to the Service	Contractual obligation; legitimate interests
Verifying operator identity, training status and crane assignment before permitting access	Legitimate interests — operational safety; contractual obligation
Recording pre-use inspection outcomes to support LOLER and PUWER compliance	Legal obligation (LOLER 1998, PUWER 1998)
Maintaining a complete audit trail of crane access sessions, inspections, defects and lockouts	Legal obligation; legitimate interests
Monitoring crane condition — DWP, load spectrum, vibration and operational data	Contractual obligation; legitimate interests
Notifying supervisors and maintenance teams of failed inspections, defects or threshold breaches	Legitimate interests — operational safety
Providing remote diagnostics and support without requiring a site visit	Contractual obligation; legitimate interests
Improving the Platform — crash reports, usage patterns and diagnostic data	Legitimate interests; consent where applicable
Responding to support requests and technical queries	Contractual obligation; legitimate interests
Business transfers — evaluation of mergers, acquisitions or asset sales	Legitimate interests

Sharing Your Personal Data

Within Your Organisation

Inspection records, crane data, operator assignments and access logs are visible to authorised personnel within Your organisation — typically site managers, supervisors and engineering teams. The scope of access is configured by Your organisation's administrator within the craneIQ platform.

Pointnode Ltd

As operator of the craneIQ Platform, Pointnode Ltd may access Your data for the purposes of technical support, platform maintenance and investigating reported issues. We do not use Your data for our own commercial or marketing purposes.

Service Providers

We share data with the following third-party Service Providers as necessary to operate the Platform:

HiveMQ GmbH — provides the cloud MQTT broker used for real-time communication between craneIQ hardware nodes and the platform backend. Receives operational and monitoring data transmitted from crane hardware.
Supabase Inc. — provides backend database, authentication and storage services. Receives account data, inspection records, operational data and usage logs.
Apple Inc. — distributes the Application via the Apple App Store and Apple TestFlight. Processes app distribution and, where applicable, in-app purchase transactions in accordance with Apple's own privacy policy.

Each of these providers acts as a data processor under our instruction and is bound by appropriate data processing agreements. We do not sell personal data to third parties.

Legal Requirements

We may disclose personal data where required by law or in response to valid requests from public authorities — including in connection with regulatory inspections or investigations under LOLER, PUWER, the Health and Safety at Work Act 1974, or other applicable legislation.

Business Transfers

If the Company is involved in a merger, acquisition or asset sale, Your personal data may be transferred as part of that transaction. We will provide notice before Your data becomes subject to a different privacy policy.

Retention of Your Personal Data

Inspection records, audit logs and defect reports are retained for a minimum of two years, in line with LOLER record-keeping obligations. Your organisation's administrator may configure longer retention periods where required by internal policy or applicable law.

Account data is retained for as long as Your account remains active, and for a reasonable period following account closure to support compliance and legal obligations. Usage data and crash reports are generally retained for a shorter period unless required to support security or functionality improvements.

You may request deletion of Your personal data at any time by contacting Us. Please note that We may be unable to delete data that We are legally required to retain — for example, LOLER inspection records.

Transfer of Your Personal Data

Our primary infrastructure is located within the United Kingdom and/or the European Economic Area. Where data is transferred outside these regions — for example, through the services of third-party providers — We ensure appropriate safeguards are in place as required by UK GDPR, including standard contractual clauses where applicable.

Security of Your Personal Data

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure. These include:

Encrypted data transmission (TLS) between the Application, MQTT broker and backend services
Multi-tenant data isolation — Your organisation's data is kept logically separate from other organisations at database level
Role-based access controls — users access only data within their assigned scope
Append-only audit log — inspection and access records cannot be modified or deleted once written
Authenticated MQTT connections — only authorised hardware nodes can publish to the broker

No method of transmission over the internet is 100% secure. While We strive to protect Your data using commercially accepted means, We cannot guarantee absolute security. In the event of a data breach likely to result in risk to Your rights and freedoms, We will notify the relevant supervisory authority within 72 hours and affected individuals where required by law.

Children's Privacy

craneIQ products are intended for use by adults in industrial workplaces. The Service does not address anyone under the age of 18. We do not knowingly collect personal data from individuals under 18. If You believe that a person under 18 has provided Us with personal data, please contact Us and We will take steps to remove that information.

Tracking and Analytics

The craneIQ Application does not use advertising trackers or third-party analytics platforms. Diagnostic and usage data collected within the Application is used solely to support and improve the Service. The craneiq.co.uk website uses minimal analytics. No advertising cookies are used on any craneIQ property.

Your Rights Under UK GDPR

As a resident of the United Kingdom, You have the following rights in relation to Your personal data:

Right of access — to request a copy of the personal data We hold about You
Right to rectification — to ask Us to correct inaccurate or incomplete data
Right to erasure — to request deletion of Your data in certain circumstances
Right to restrict processing — to ask Us to limit how We process Your data
Right to data portability — to receive Your data in a structured, machine-readable format
Right to object — to object to processing based on legitimate interests
Right to withdraw consent — where processing is based on consent, to withdraw it at any time

To exercise any of these rights, contact Us at joe@pointnode.io. We will respond within 30 days. Note that some rights are limited where We have a legal obligation to retain data — for example, LOLER inspection records.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk · 0303 123 1113.

Links to Other Services

The Service may contain links to third-party websites or services not operated by Us. We have no control over and assume no responsibility for the content or privacy practices of any third-party sites. We encourage You to review the privacy policy of any third-party site You visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify You of material changes by posting the updated policy on this page and updating the "Last updated" date. Where the Service includes a notification mechanism, We will use it to inform administrators of material changes. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

Contact Us

For questions about this Privacy Policy, to exercise Your rights, or to raise a concern:

Pointnode Ltd
West Midlands, United Kingdom
joe@pointnode.io
craneiq.co.uk