What is an ITP in construction?

An Inspection and Test Plan (ITP) is a quality assurance document used in construction to define inspection activities, hold points, and witness points at key stages of work. It specifies what needs to be checked, by whom, and records the results for audit and compliance purposes.

How much does HoldPoint QA cost?

HoldPoint QA charges $45 AUD per active project per month for 1–5 projects, and $35 per project per month for 6 or more active projects. There are no per-seat fees or per-document charges. Projects start as draft (free) until the first document is added.

Can external clients sign ITPs without an account?

Yes. HoldPoint QA sends a secure sign-off link via email. External signatories — clients, principal's representatives, or engineers — can review the full ITP checklist and sign digitally without needing an account or app.

Does HoldPoint generate ITP PDFs automatically?

Yes. When an ITP is approved, HoldPoint automatically generates a branded PDF containing all checklist results, inspection notes, photos, and signatures. PDFs are regenerated if any information changes.

Legal

Privacy Policy

Version 1.0 · Effective 1 April 2026 · Complies with the Australian Privacy Act 1988 and Australian Privacy Principles (APPs)

HoldPoint QA Pty Ltd ("HoldPoint", "we", "us") is committed to protecting your privacy. This policy explains what personal information we collect, how we use it, and your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. What we collect

We collect the following types of information:

Account information: your name, work email address, and company name when you sign up.
Billing details: payment is processed by Stripe. We never see or store your full card number, CVV, or expiry date. We store only a Stripe customer ID and a reference to your payment method.
Project data: documents, ITP checklists, field values, photos, and attachments you upload to the platform.
Signatures: the name, email, role, and digital signature of anyone who signs a document through HoldPoint, including external third parties.
Usage data: pages visited, actions taken within the app, browser type, operating system, and IP address — collected via server logs and Supabase analytics.
Communications: if you contact us for support, we retain that correspondence.

2. How we use your information

To provide the service: storing and displaying your documents, processing sign-off requests, and generating PDFs.
To process billing: charging your subscription and sending payment receipts via Stripe.
To send transactional emails: account verification, sign-off request emails to signatories, payment failure notifications, and product updates you've opted into.
To improve HoldPoint: analysing usage patterns (in aggregate) to improve features and fix bugs.
To comply with legal obligations: retaining records as required by law.

We do not sell your data. We do not use your data for advertising.

3. AI processing

Your scope descriptions are processed by AI

When you use the AI ITP generation feature, the scope of work text you enter is sent to Anthropic's API to generate a template. Do not include personally identifiable information in AI generation prompts.

HoldPoint uses Anthropic's Claude AI to generate ITP templates. When you use this feature, your scope description is transmitted to Anthropic's servers for processing. By using AI features, you consent to this processing.

Anthropic's data handling is governed by their own privacy policy: anthropic.com/privacy. We recommend not including specific personal information (e.g. individual names or sensitive project identifiers) in AI prompts.

4. Third-party services

HoldPoint uses the following sub-processors to deliver the service. Each has its own privacy policy:

Provider	Purpose	Privacy policy
Supabase	Database, file storage, authentication	View policy
Stripe	Payment processing	View policy
Resend	Transactional email delivery	View policy
Vercel	Application hosting	View policy
Anthropic	AI ITP template generation	View policy

5. Data storage and location

Your data is stored on Supabase infrastructure. Supabase's primary data region is configurable; HoldPoint uses the AWS ap-southeast-2 (Sydney, Australia) region for primary database storage where available, keeping your data on Australian soil.

Some processing may occur on infrastructure located in the United States (Vercel edge network, Anthropic AI processing, Stripe payment processing). By using HoldPoint, you consent to this cross-border transfer of data.

6. Data retention

Active account: your data is retained for as long as your account is active.
Approved documents: approved ITPs, site instructions, and labour dockets are retained for a minimum of 7 years from approval date, in line with standard construction compliance requirements. This retention period may be required even after account closure.
Account closure: on account closure, non-approved data (drafts, templates, usage logs) is deleted within 90 days of your request. Approved compliance documents may be retained as described above.
Signatures: digital signature records are retained for the lifetime of the associated document.

7. Your rights (Australian Privacy Principles)

Under the APPs, you have the right to:

Access: request a copy of the personal information we hold about you.
Correction: ask us to correct inaccurate or incomplete information.
Deletion: request deletion of your personal information. We will comply unless retention is required by law or for legitimate compliance purposes (e.g. approved documents on active projects).
Opt out: unsubscribe from non-transactional emails at any time via the unsubscribe link or by emailing us.

To exercise any of these rights, email privacy@holdpoint.co. We will respond within 30 days.

Please note: deletion requests for approved compliance documents may be declined where retention is required for legal compliance. We will explain our reasons if we decline a request.

8. Cookies

HoldPoint uses essential session cookies only. These are required for the platform to function (authentication, maintaining your session).

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not participate in behavioural advertising networks.

9. Security

We take the security of your data seriously:

All data is encrypted in transit (TLS 1.2+) and at rest.
Access to production systems is restricted to authorised personnel only.
Row-level security policies ensure each company can only access their own data.
We conduct regular security reviews and apply security patches promptly.
Approved documents are locked and immutable — they cannot be modified after sign-off.

If you discover a security vulnerability, please disclose it responsibly to security@holdpoint.co.

10. Children's privacy

HoldPoint is a business-to-business platform intended for use by adults in a professional capacity. We do not knowingly collect personal information from anyone under 18 years of age.

11. Changes to this policy

We may update this privacy policy from time to time. We will notify you by email at least 14 days before material changes take effect. The current version and effective date are shown at the top of this page.

12. Contact and complaints

For privacy enquiries, contact our Privacy Officer at privacy@holdpoint.co.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).