Privacy Policy

Last updated: January 2026

1. Introduction

Buttress QMS ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we look after your personal data when you visit our website or use our service, and tells you about your privacy rights and how the law protects you.

2. Data we collect

We may collect, use, store and transfer different kinds of personal data about you, grouped as follows:

  • Identity data — first name, last name, username or similar identifier, job title.
  • Contact data — email address, telephone numbers, company name.
  • Technical data — IP address, browser type and version, time zone, OS, device.
  • Usage data — information about how you use our website and service.
  • Quality data — data you enter into Buttress QMS including supplier records, NCRs, inspection results, and other quality management data.

3. How we use your data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

4. Marketing website analytics

When you visit sterlingqms.co.uk (this marketing site), our web server records each request as a standard access log entry containing:

  • Your IP address (used to derive country, region, and city via a local IP-to-location database — we do not call any third-party API);
  • The page you requested and the page that referred you;
  • Your browser's user-agent string;
  • The HTTP status code and bytes sent;
  • The timestamp of the request.

We do not use cookies, browser fingerprinting, or any JavaScript trackers for analytics on this marketing site. The data is collected server-side from the connection itself.

Lawful basis: Article 6(1)(f) UK-GDPR — legitimate interest in understanding which pages attract visitors and detecting abuse (e.g. scraping, brute-force, security probes).

Retention: Raw rows including IP address are retained for 90 days and then automatically deleted. We do not sell, share, or transfer this data to any third party.

If you would like a copy of the rows tied to your IP address, or want them deleted before the 90-day window, contact [email protected].

5. Data storage & security

All data is stored on secure UK-based servers (AWS London region). We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way:

  • AES-256 encryption for data at rest and in transit.
  • Mandatory SSL/TLS for all connections.
  • Regular security audits and penetration testing.
  • Role-based access controls.
  • Daily automated backups with 30-day retention.

6. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. Quality management data is retained for the duration of your subscription plus 30 days. After cancellation, you can export all your data before it is securely deleted. Marketing-website access log data is retained for 90 days (see section 4).

7. Your legal rights

Under data protection laws, you have rights including:

  • The right to access your personal data.
  • The right to rectification of inaccurate data.
  • The right to erasure (right to be forgotten).
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to processing.

8. Contact us

If you have any questions about this privacy policy or our privacy practices, please contact us at [email protected].

Stop firefighting supplier quality.

Start your 60-day free trial. No card required. First NCR logged in under an hour.

Start free trial Book a demo