SiteChip is operated by Gridmark Ltd (Company No. 17087910), registered with the UK Information Commissioner's Office (Ref: ZC109151). Our infrastructure is hosted in the EU (London) on SOC 2 Type II certified platforms. All connections are encrypted with TLS 1.2+.
Gridmark Ltd is certified under the UK Government's Cyber Essentials scheme (Certificate: ffc8402c-96dd-4b89-895a-b46be21dfc3b, certified 25 March 2026).
Anti-Bribery & Corruption Policy
Gridmark Ltd · Company No. 17087910 · Registered in England and Wales · 71-75 Shelton Street, London WC2H 9JQ
Last updated: 22 March 2026
Gridmark Ltd ("we", "us", "our") operates the SiteChip platform at sitechip.co.uk. This privacy policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Gridmark Ltd is the data controller for personal data processed through SiteChip.
Gridmark Ltd
Company number: 17087910
ICO registration: ZC109151
71-75 Shelton Street
Covent Garden
London WC2H 9JQ
Email: [email protected]
Phone: +44 20 3488 2296
Website: sitechip.co.uk
Worker data: When a worker taps an NFC tag for the first time, we collect their first name (entered by the worker), a digital key created by their phone's built-in security (such as Face ID or fingerprint unlock — this works like unlocking your phone, the fingerprint or face scan is checked by the phone itself and never sent to us, we only receive a yes or no confirmation that the right person is using the device), a browser identifier (a randomly generated reference stored in the browser), check-out and return timestamps, and the site they are associated with. For compliance checks, we additionally collect photographs taken by the worker of the equipment being checked, compliance check results and notes, and a drawn signature confirming the check was conducted.
Manager data: Site name, dashboard access credentials, site configuration settings.
Lead data: When someone submits the contact form on our website, we collect their name, email address, company name, and any message they provide.
We do not collect: surnames, email addresses from workers, phone numbers from workers, location or GPS data, IP addresses, or biometric data (Face ID and fingerprint matching happens entirely on the worker's device — no biometric data is ever sent to or stored by Gridmark). Photographs are of equipment only, not of workers.
Equipment tracking (worker names, check-out events): Our legal basis is legitimate interest under Article 6(1)(f) UK GDPR. The legitimate interest is enabling workplaces to track shared equipment and know who has what. Workers are informed at the point of data collection and can request deletion at any time.
Compliance checking (photos, timestamps, worker identity, signatures): Our legal basis is legitimate interest under Article 6(1)(f) UK GDPR. The legitimate interest is enabling workplaces to maintain legally required compliance records for fire safety, first aid, cleaning, and emergency lighting inspections.
Lead form submissions: Our legal basis is consent under Article 6(1)(a) UK GDPR.
Supabase Inc: Our database and storage provider. Data is stored on Supabase infrastructure under a data processing agreement. Privacy policy: supabase.com/privacy
Cloudflare Inc: Our website hosting provider. Cloudflare serves web pages and may process IP addresses in transit. Privacy policy: cloudflare.com/privacypolicy
Stripe Payments Europe Ltd: Processes payment transactions including customer names, email addresses, and payment card details. Stripe is certified to PCI DSS Level 1. DPA in place. Card details are never stored on Gridmark servers. Privacy policy: stripe.com/privacy
We do not sell personal data. We do not share data for marketing purposes. We do not use data for automated decision-making or profiling.
Supabase Inc and Stripe Payments Europe Ltd are US-headquartered companies. Primary data processing is configured for EU (London) data centres. Where personal data is transferred to the United States for platform support or maintenance, transfers are protected by the UK International Data Transfer Agreement (UK IDTA) or the UK Addendum to EU Standard Contractual Clauses, as issued by the Information Commissioner's Office. You may request a copy of the relevant safeguards by contacting us at [email protected].
Worker data: Retained while the worker's account is active. When a worker is removed by a manager, their data is deleted. Workers can request deletion at any time by contacting their manager or emailing us.
Compliance data: Retained while the site subscription is active, plus a minimum of 6 years after cancellation in line with industry best practice for fire safety and workplace inspection records. Specific retention periods may vary by record type — consult your fire risk assessor or compliance adviser for guidance.
Lead data: Retained for 2 years after submission, then deleted unless the lead has become a customer.
All data is transmitted over HTTPS encryption. Database access is controlled by row-level security policies. Worker identity uses the WebAuthn standard — workers authenticate using their phone's built-in security (such as Face ID or fingerprint). This matching happens entirely on the device. No biometric data is ever sent to or stored on our servers. Only a cryptographic key is stored. Compliance photographs are stored in secure cloud storage with access controls.
Under UK GDPR, you have the right to:
To exercise any of these rights, contact us at [email protected]. We will respond within one month.
If you are not satisfied with our response, you can lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113
SiteChip does not use cookies for tracking or analytics. We use localStorage in the browser to store a worker identifier and session data. This storage is strictly necessary for the service to function — without it, workers would need to re-identify themselves on every interaction. This qualifies for the "strictly necessary" exemption under the Privacy and Electronic Communications Regulations 2003 (PECR), Regulation 6, and therefore does not require prior consent. No analytics, tracking, or non-essential data is stored. This data stays on the worker's device and is not transmitted except when interacting with the SiteChip service.
We may update this privacy policy from time to time. The date at the top of this page will be revised accordingly.
Gridmark Ltd
Company number: 17087910
71-75 Shelton Street
Covent Garden
London WC2H 9JQ
Email: [email protected]
Phone: +44 20 3488 2296
Website: sitechip.co.uk
Last updated: 20 March 2026
These terms of service ("Terms") govern your use of the SiteChip platform operated by Gridmark Ltd ("we", "us", "our"). By using SiteChip, you agree to these Terms.
Gridmark Ltd
Company number: 17087910
71-75 Shelton Street
Covent Garden
London WC2H 9JQ
"SiteChip" means the equipment tracking and compliance platform available at sitechip.co.uk, including the NFC tag tap pages, site view, dashboard, and all related services.
"Customer" means the organisation or individual who registers a site and manages equipment tracking or compliance through the SiteChip dashboard.
"Worker" means any individual who interacts with SiteChip by tapping an NFC tag, including checking out or returning equipment and submitting compliance checks.
"Tags" means the physical NFC tags supplied by Gridmark Ltd for use with SiteChip.
"Dashboard" means the web-based management interface accessible at sitechip.co.uk/dashboard.
SiteChip provides NFC-based equipment tracking and compliance checking for workplaces. Workers tap NFC tags attached to equipment using their phone. The system records who has what equipment and when. The compliance features allow workplaces to log safety checks with timestamped photographic evidence.
Customers access their dashboard using a site-specific PIN. Customers are responsible for keeping their PIN secure and for all activity on their dashboard. We recommend changing the default PIN on first use.
Workers are identified by passkeys (Face ID or fingerprint authentication). Workers do not create accounts — their identity is established on first use and persists through their device's passkey system.
The free equipment tracking dashboard is provided at no charge with no time limit. We reserve the right to modify or discontinue the free service with 30 days' notice.
Compliance features are provided as a paid subscription. Pricing is agreed between the Customer and Gridmark Ltd before activation. Subscriptions are billed monthly via Stripe Payments Europe Ltd. By subscribing, you agree to Stripe's terms of service (stripe.com/legal). Card details are processed directly by Stripe and are never stored on Gridmark servers. Customers may cancel at any time. Upon cancellation, compliance data remains accessible in read-only mode for 90 days, after which it is archived.
Tags are sold on a per-unit basis. Tags are warranted for the duration of your active SiteChip subscription — if a tag stops functioning under normal use during your subscription period, we will replace it free of charge. This warranty does not cover damage from misuse, vandalism, or environmental factors beyond normal indoor workplace conditions.
Tags remain the property of the Customer once purchased. Tags are encoded with URLs pointing to sitechip.co.uk. The data associated with each tag is hosted on our infrastructure and subject to these Terms.
Where Gridmark Ltd provides in-person installation services, these are subject to a separate installation fee agreed in advance. Installation includes tagging equipment, configuring the dashboard, and training on-site staff. Gridmark Ltd shall take all reasonable care during installation. Our liability for any damage to equipment or property caused by our negligence during installation shall be limited to the cost of repair or replacement of the damaged item, up to a maximum of £5,000 per incident. This does not apply to damage caused by pre-existing conditions or the Customer's failure to prepare the installation area as agreed.
Our collection and use of personal data is governed by our Privacy Policy. By using SiteChip, you confirm that you have read and understood our Privacy Policy.
Customers are responsible for informing their workers that SiteChip is in use and that their name and check-out activity will be recorded. We provide laminated instruction materials to assist with this.
SiteChip records compliance check data exactly as submitted by workers, including photographs, timestamps, and status. Gridmark Ltd does not verify the accuracy or completeness of compliance checks — the Customer is responsible for ensuring that workers carry out genuine inspections.
SiteChip is a recording tool, not a substitute for professional compliance advice. Customers should seek independent advice on their specific legal compliance obligations.
All intellectual property in the SiteChip platform, including the software, design, brand, and documentation, belongs to Gridmark Ltd. Customers are granted a non-exclusive, non-transferable licence to use SiteChip for their business operations for the duration of their subscription or use of the free tier.
To the fullest extent permitted by law:
Gridmark Ltd is not liable for any indirect, incidental, or consequential damages arising from the use of SiteChip, including but not limited to lost revenue, regulatory fines, or equipment loss.
Our total liability for any claim arising from these Terms or the use of SiteChip shall not exceed the total fees paid by the Customer in the 12 months preceding the claim.
Nothing in these Terms limits our liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be excluded by law.
We aim to provide SiteChip with high availability but do not guarantee uninterrupted service. We are not liable for service interruptions caused by factors outside our reasonable control, including internet outages, third-party service failures, or force majeure events.
Customers may stop using SiteChip at any time by removing NFC tags and ceasing to use the dashboard. To request deletion of all data associated with their site, Customers should contact [email protected].
We may suspend or terminate access to SiteChip if a Customer breaches these Terms, with reasonable notice where possible.
We may update these Terms from time to time. For minor administrative changes, we will update the "last updated" date. For material changes that affect your rights or obligations, we will notify you by email at least 30 days before the changes take effect. If you do not agree to the material changes, you may terminate your subscription before the changes take effect without penalty. Continued use of SiteChip after the 30-day notice period constitutes acceptance of the updated Terms.
These Terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.
Gridmark Ltd
Company number: 17087910
71-75 Shelton Street
Covent Garden
London WC2H 9JQ
Email: [email protected]
Phone: +44 20 3488 2296
Website: sitechip.co.uk
Last updated: 22 March 2026
Gridmark Ltd is committed to ensuring the health, safety, and welfare of all employees, contractors, clients, and members of the public who may be affected by our activities, in accordance with the Health and Safety at Work etc. Act 1974 and the Management of Health and Safety at Work Regulations 1999.
Gridmark Ltd accepts overall responsibility for health and safety. This includes ensuring that adequate resources are made available to implement this policy and that it is reviewed annually or following any significant change in our activities.
Gridmark Ltd develops and operates the SiteChip platform, a software-as-a-service product. Our physical activities are limited to the installation of adhesive NFC tags onto equipment at client sites, typically within supermarkets, retail stores, and commercial kitchens.
When carrying out on-site installation work, Gridmark Ltd will:
A risk assessment and method statement (RAMS) for NFC tag installation is maintained and reviewed annually. A copy is available on request for any client requiring one as part of their contractor approval process.
Any accident, near miss, or dangerous occurrence will be reported to the Director immediately. Where required, incidents will be reported under RIDDOR (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013).
This policy is reviewed annually by the Director, or sooner if there is a significant change in the nature of our work.
Last updated: 22 March 2026
Gridmark Ltd is committed to conducting business ethically and in compliance with the Bribery Act 2010. We maintain a zero-tolerance approach to bribery and corruption in all forms.
This policy applies to all employees, directors, contractors, agents, and any third party acting on behalf of Gridmark Ltd, in all jurisdictions in which we operate.
No person acting on behalf of Gridmark Ltd shall:
Any gift or hospitality offered or received with a value exceeding £50 must be recorded and approved by the Director before acceptance. A register of gifts and hospitality is maintained and available for inspection.
All business relationships are conducted transparently and on merit. Gridmark Ltd selects suppliers, partners, and clients based on quality, value, and suitability — never on the basis of improper inducements.
Gridmark Ltd maintains accurate and complete financial records. All transactions are recorded with sufficient detail to demonstrate that payments are legitimate and properly authorised.
Any person who suspects a breach of this policy should report their concerns immediately to [email protected]. Reports will be treated confidentially and investigated promptly. No person will be penalised for raising a genuine concern in good faith.
A breach of this policy by an employee may result in disciplinary action up to and including dismissal. A breach by a contractor or third party will result in termination of the business relationship. Gridmark Ltd will report suspected criminal conduct to the relevant authorities.
Last updated: 22 March 2026
This voluntary statement is made pursuant to Section 54 of the Modern Slavery Act 2015. Although Gridmark Ltd is not required by turnover threshold to publish a modern slavery statement, we choose to do so as a demonstration of our commitment to ethical business practices.
Gridmark Ltd operates the SiteChip platform, a software-as-a-service product for equipment tracking and compliance checking. We are a UK-registered company with a small team. Our operations are primarily digital.
Our supply chain consists of:
Gridmark Ltd conducts due diligence on new suppliers before entering into a business relationship. We assess whether suppliers have appropriate policies in place regarding labour practices and ethical conduct.
Gridmark Ltd will not knowingly engage any supplier or partner that uses forced labour, bonded labour, child labour, or any form of modern slavery. If we become aware of any such practices within our supply chain, we will take immediate steps to address the situation, including termination of the business relationship where necessary.
Any concerns regarding modern slavery in our business or supply chain should be reported to [email protected].
Last updated: 22 March 2026
SiteChip NFC tags are designed by Gridmark Ltd and manufactured to comply with applicable UK and EU product safety and environmental regulations.
SiteChip NFC tags are passive devices that operate at 13.56 MHz in accordance with ISO/IEC 14443A. As passive devices with no battery, transmitter, or intentional radio emission capability, they are exempt from the Radio Equipment Regulations 2017 (UK) and the Radio Equipment Directive 2014/53/EU.
The tags comply with the Restriction of Hazardous Substances (RoHS) requirements as retained in UK law and do not contain substances of very high concern (SVHC) above the threshold concentration specified under REACH.
Gridmark Ltd is registered as a producer under the Waste Electrical and Electronic Equipment (WEEE) Regulations 2013 and meets its obligations for the collection and recycling of electronic waste.
A Declaration of Conformity is available for download below. A product specification datasheet is available on request — contact [email protected].
Last updated: 22 March 2026
When processing personal data on behalf of our clients, Gridmark Ltd acts as a data processor under the UK General Data Protection Regulation (UK GDPR). Our clients (site managers and their organisations) are the data controllers.
Gridmark Ltd maintains data processing agreements (DPAs) with all infrastructure providers that process personal data on our behalf. We offer a standard DPA to all customers on request.
The following sub-processors are used in the delivery of the SiteChip service:
Gridmark Ltd does not sell personal data. We do not share personal data for marketing purposes. We do not use personal data for automated decision-making or profiling. Payment card details are processed exclusively by Stripe Payments Europe Ltd and are never stored on Gridmark infrastructure.
Cyber Essentials certified — UK Government-backed cybersecurity certification. Certificate: ffc8402c-96dd-4b89-895a-b46be21dfc3b. Scope: Whole organisation. Certified: 25 March 2026. Recertification due: 25 March 2027.
Gridmark Ltd maintains a standard Data Processing Agreement for all customers, compliant with UK GDPR Article 28.