Security built for UK construction.

Project emails only. Read-only. UK-hosted. Revocable anytime.

1
What we read

ShadowQS only processes emails related to your construction projects. We identify project threads by sender domain, subject line, thread context, and content. Anything that doesn’t match — personal emails, bank statements, HR correspondence, family threads, supplier spam, marketing, finance — is filtered out before analysis. Email metadata is used to build context. Nothing outside project scope is read, stored or processed.

2
What we don’t read

WhatsApp, SMS, private messaging apps, calendar entries, contacts, and personal folders are never accessed. Voice messages, Teams chats, Slack — outside scope. If a conversation later appears in an email thread, that email becomes part of the project record. Nothing else does.

3
Read-only access

ShadowQS observes, analyses and reports. It never sends email on your behalf, never modifies or deletes messages, never impersonates users, and never posts on your behalf. You and your team stay fully in control.

4
Where your data lives

UK-hosted infrastructure. Encrypted in transit and at rest using industry-standard encryption. Each customer’s data is logically isolated. No third-party AI model is trained on your data — ever.

5
Retention and deletion

Your project data is retained for as long as your subscription is active. On cancellation, data is deleted within 30 days. You can request full export or deletion at any time.

6
Access and revocation

You connect your mailbox via OAuth. You can revoke ShadowQS access at any time from your email provider’s settings — scanning stops immediately. Admins can remove individual team members at any point.

7
Compliance

GDPR-aligned data handling. Clear data ownership and deletion policies. Product designed to support SOC 2 and ISO 27001 certifications as we scale.

Questions?

Email privacy@shadowqs.com
— we’ll answer any specific question about how your data is handled.