Back to home

Privacy Policy

Last updated: March 2026

1. Who we are

Musterly is a workplace presence and safety platform operated by Brix Systems Limited, trading as Musterly (registered in England and Wales, company number 17123063).

For questions about this policy, contact our data team at privacy@musterly.io.

2. Scope of this policy

This policy covers two distinct contexts:

  • This marketing website — where we act as a data controller for any personal data you submit (e.g. registering interest).
  • The Musterly application — where we act as a data processor on behalf of your organisation (the controller). Your organisation is responsible for its own compliance obligations regarding the employee data it processes through Musterly.

3. What data we collect

3a. Interest registration (this website)

When you submit the interest form, we collect:

  • Email address (required)
  • First name, company name, and company size (optional)

This data is used solely to follow up about Musterly when it launches.

3b. Musterly application

When your organisation uses the Musterly platform, the following data is stored on your behalf:

  • Account data: administrator and user names, email addresses, roles within the organisation.
  • Organisation data: organisation name, site names, floor plans, and configuration.
  • Presence data: real-time and historical records of which employees are on-site at each location, derived from access control events.
  • Access events: door/entry events received from connected access control systems (e.g. UniFi Access), including timestamps and entry points.
  • Roll call & muster records: responses to roll calls, including who responded, when, and their status.
  • Safety roles: assigned roles such as fire marshal or first aider, linked to individual user accounts.
  • Attendance analytics: aggregated and individual attendance patterns over time.
  • Integration credentials: API keys and configuration for connected access control systems, stored encrypted.

4. Lawful basis for processing

  • Interest registration: Consent — you voluntarily submit your details. You can withdraw consent and request deletion at any time.
  • Application — account data: Contract — necessary to provide the service your organisation has signed up for.
  • Application — presence & access data: Processed on behalf of your organisation under their chosen lawful basis (typically legitimate interests for workplace safety and operations, or contractual necessity). Your organisation is the controller for this data.

5. Where your data is stored

All application data is stored in the European Union. We use Neon (managed PostgreSQL) with data hosted in EU-based infrastructure. The marketing website is hosted on Vercel (edge infrastructure with EU routing).

Interest registration data is also stored by Resend (our email delivery provider). Resend stores contact data on servers in the United States. By submitting the interest form, you consent to this transfer. Resend is compliant with applicable data transfer frameworks. See Resend's privacy policy.

6. Sub-processors

We use the following third-party services to operate the platform:

ProviderPurposeLocation
NeonDatabase (PostgreSQL)EU
VercelHosting & edge deliveryEU / Global
ResendEmail delivery & mailing listUS

We do not sell, rent, or share your data with any third party for marketing purposes.

7. Data retention

  • Interest registration: Retained until you unsubscribe or request deletion.
  • Application data: Retained for the duration of your organisation's subscription, plus a 30-day grace period following cancellation to allow for data export. After that, all data is permanently deleted.
  • Access events & presence history: Configurable per organisation, subject to a platform maximum of 2 years.

8. Cookies

This marketing website does not use tracking cookies. It may use essential cookies for functionality only. The Musterly application uses session cookies strictly necessary for authentication. No third-party advertising cookies are used on any Musterly service.

9. Your rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request erasure of your data (“right to be forgotten”)
  • Object to or restrict processing
  • Receive your data in a portable format
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email privacy@musterly.io. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK, or the relevant supervisory authority in your EU member state.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email (where we hold your address) or by prominent notice on this website. Continued use of Musterly after changes constitutes acceptance.

11. Contact

Data protection enquiries: privacy@musterly.io
Brix Systems Limited, trading as Musterly
Registered in England and Wales · Company No. 17123063