Back

Privacy Policy

Effective Date: June 18, 2026 · Last updated: June 18, 2026

This Privacy Policy explains how Ricca ("we," "us," or "our") collects, uses, and protects your personal data when you use usericca.xyz (the "Service"). We are committed to handling your data with transparency and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the UK GDPR where applicable.

1. Data We Collect

We collect only what is necessary to provide the Service:

  • Account data — your name, email address, and password (hashed) when you register
  • Billing data — subscription plan, billing cycle, and payment status (we do not store raw card numbers; payment processing is handled by our payment processor)
  • Project data — engineering documents, tag lists, P&IDs, and other files you upload or create within the platform
  • Usage data — feature interactions, page views, and error logs used to improve platform reliability and performance
  • Communications — emails you send to us at team@usericca.xyz

We do not purchase data from third-party data brokers, track you across other websites, or build advertising profiles.

2. How We Use Your Data

We use your data to:

  • Provide, operate, and maintain the Service
  • Process payments and manage your subscription
  • Send transactional communications (account confirmations, invoices, security alerts)
  • Respond to your support requests
  • Improve platform reliability, performance, and features
  • Comply with legal obligations

We do not use your uploaded engineering data to train AI models. Files sent to AI services for processing are used solely to fulfil your specific request.

3. Legal Basis for Processing (GDPR)

Where GDPR applies, we process your personal data on the following legal bases:

  • Contract performance — to deliver the Service you have signed up for
  • Legal obligation — to comply with applicable laws (e.g., tax record-keeping)
  • Legitimate interests — to improve and secure the platform, and to prevent fraud
  • Consent — where we rely on consent (e.g., optional marketing communications), you may withdraw it at any time

4. Data Security

All data transmitted to and from the platform is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. We enforce row-level security policies so that your projects and data are strictly isolated from other users.

Access to production systems is restricted to authorised personnel on a need-to-know basis. We conduct periodic security reviews and apply security patches promptly. More detail is available on our Security page.

5. Third-Party Service Providers

We work with a limited number of third-party sub-processors to deliver the Service — covering infrastructure hosting, payment processing, AI document parsing, transactional email, and rate-limiting. All sub-processors are bound by data processing agreements and may only process your data on our documented instructions.

We do not sell your data to any third party. If you use the Portals feature to share data with a client, that sharing is entirely under your control.

To request the current list of sub-processors, email us at team@usericca.xyz.

6. International Data Transfers

Our infrastructure is hosted on cloud services with data centres primarily in your selected region. Where data is transferred outside the European Economic Area or United Kingdom, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms.

7. Data Retention

Your account data and project files are retained for as long as your account is active. If you delete your account, all personal data, project records, and uploaded files are permanently deleted within 30 days, except where we are required to retain certain records by law (for example, financial records may be retained for up to 7 years to meet statutory obligations).

Engineering compliance records (such as ISA 5.1 validation logs) may also be retained for up to 7 years to satisfy professional record-keeping obligations, unless you request earlier deletion and no legal retention obligation applies.

8. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data (also available via Account Settings → Delete Account)
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — ask us to limit how we process your data while a dispute is resolved
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, email team@usericca.xyz. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

We use strictly necessary cookies to maintain your session and authentication state. We do not use advertising cookies or third-party tracking cookies. You can configure your browser to block or delete cookies, but this may affect your ability to log in and use the Service.

10. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you by email or through a notice within the platform before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For privacy-related questions or to exercise your rights, contact us at team@usericca.xyz.