Privacy Policy


We or us refers to Carnstone. Web application or application refers to the code, resources and database providing the functionality of this web site at A visitor is someone who browses the publicly available area of the application. A registered user is someone who has a registered account with which to log in to the application.


This privacy policy explains what information we collect, how it is used, and for how long it is stored. It does not apply to pages hosted by other organisations linked to from this application.

Data Collection & Use

User Accounts

We need to collect and process certain elements of your personal data when you register as a user so that the services we provide can function.

The application stores a forename, surname and email address along with a password in order to identify registered users. It may also store the organisation a user is affiliated with and contact details such as job title and phone number. If you are a registered user, you can access and edit this information within the application. Some users from your organisation may have permission to create and edit accounts for you and other employees. In addition to logging in, email addresses are used for sending password resets, notifications that you request and correspondence related to the services we provide.

As part of the service we provide, the application may share your contact information with other registered users. Occasionally, some of your information may also be shared on publicly viewable pages of the application but we will advise you in advance of this happening.

User Logs

The application logs certain actions performed by registered users in their use of the application. This data is used as an audit trail, to improve security, to diagnose and fix bugs and to analyse trends amongst users.

Server Logs

The server software running the application logs requests from visitors when they view pages or download documents from the application. This information includes basic technical information such as your web browser, operating system and your IP address. It may also include referral information if you followed a link to get here. This information is used to improve the application, diagnose and fix bugs and analyse trends amongst visitors and registered users.

Use Of Cookies

A session cookie is created and used to keep registered users logged in and to remember some of the actions visitors perform for the duration of their visit. This cookie contains only an ID which is used to maintain a persistent session and it is necessary for the proper functioning of the application. The cookie expires after 60 minutes of inactivity.

Google Analytics

Google Analytics is used to collect information about non-logged-in visitors to specific, publicly available, areas of the application. Google collects your IP address but anonymises it at our request. We use this anonymised data to analyse traffic and trends amongst visitors and to market and improve the application. We do not combine the information collected using Google Analytics with personal information.

In collecting this information, Google creates and sets cookies to identify you and also uses specific identifiers to help collect information about your use of the application. You can find out more about how Google collects and processes your data. You can also prevent Google Analytics from using your information by opting out.

Sharing Information With Third Parties

We do not sell any personal information to third parties for marketing purposes.

Data Retention

Retention Period

We retain information that we collect from you only for as long as we need it for legal or business purposes. When your information is no longer needed, we will destroy, delete, or erase it.


Regular backups are created and transferred to secure off-site servers to allow recovery of accidentally deleted data through user actions or software or hardware failure and to aid application development. Backups are retained for up to 31 days. Deleted information may remain in these backups for this period.

Security Policy

This application is built using industry-standard security measures. All communication with the application requires HTTPS. Passwords are salted and hashed before storage. Our server software is regularly updated with the latest security patches. We and the third parties who provide services for us, also maintain technical and physical safeguards on the data we store. We restrict access to personal information to employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations.

If you are a registered user, we strongly urge you to protect your password, never share it, avoid reusing it for other services, and to log out of the application when you finish using it, especially if you are sharing or using a computer in a public place.

Changes To This Policy

We keep our privacy policy under regular review and make sure this document is up to date and accurate.