Privacy

Data handling, UK GDPR compliance, AI data use — your data remains yours.

2.1 UK GDPR Compliance

PlanOps is fully compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a construction technology platform handling personal data about project team members, subcontractors, and consultants, we take our data protection responsibilities seriously.

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract performance: Processing necessary to deliver our platform services to you
  • Legitimate interests: Platform improvement, security monitoring, and fraud prevention
  • Legal obligation: Compliance with applicable laws and regulations
  • Consent: Marketing communications and optional features (easily withdrawn at any time)

Your Data Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to data portability: Receive your data in a commonly used, machine-readable format (CSV, JSON)
  • Right to object: Object to processing based on legitimate interests or direct marketing
  • Right to restrict processing: Request limitation of processing in certain circumstances

To exercise any of these rights, contact our Data Protection team at privacy@planops.ai. We respond to all data subject requests within 30 days.

2.2 Data Processing for Construction Projects

Construction projects involve handling data about many individuals. PlanOps helps you maintain compliance through:

  • Data minimisation: We collect only the personal data necessary to deliver platform functionality
  • Purpose limitation: Data is used only for stated purposes — project management, document generation, and AI-powered insights
  • Storage limitation: Configurable data retention periods with automated deletion routines
  • Processing records: Complete audit trail supporting your Records of Processing Activities (ROPA)

Principal Contractor Responsibilities

When using PlanOps, your organisation typically acts as the data controller for project personnel data. PlanOps acts as your data processor. We provide:

  • Data Processing Agreement (DPA): Standard contractual clauses compliant with UK GDPR Article 28
  • Sub-processor list: Transparent disclosure of all third-party processors with advance notice of changes
  • Privacy notice templates: Guidance for updating your privacy notices to reflect PlanOps usage

2.3 AI Data Use Policy

We do not use your project data to train our AI models.

This is a fundamental principle of PlanOps. Your construction project data — including drawings, documents, reports, and communications — is never used to train, fine-tune, or improve our underlying AI models. Here's what this means in practice:

  • No model training: Your data is not used as training data for machine learning models
  • No cross-customer learning: AI insights generated from your projects are not shared with or informed by other customers' data
  • Confidential processing: When our AI agents analyse your documents, the processing is isolated to your organisation
  • Transparent AI providers: We use enterprise-grade AI services with equivalent data protection commitments

How AI Processing Works

When you use PlanOps AI features (document analysis, report generation, risk assessment), your data is:

  • Processed in real-time to generate insights and outputs
  • Not stored by AI providers beyond the immediate processing session
  • Not used to improve AI models (we have enterprise agreements that explicitly prohibit this)
  • Logged for audit purposes within PlanOps only

AI-Generated Content Accuracy

AI-generated content, including maps, routes, reports, analyses, and other outputs, is provided to support you — not to replace professional judgement. AI outputs may contain errors, inaccuracies, or omissions. You are responsible for independently verifying all AI-generated content before use in any construction activities, design work, or project management decisions.

For full details about AI limitations and your responsibilities regarding AI-generated content, please see our Terms of Service (Section 8: Disclaimers).

2.4 Cookie Policy

Your cookie preferences are always respected.

We use cookies to improve your experience on our website. When you first visit, you'll see a cookie consent banner that lets you choose which cookies to accept.

  • Essential cookies: Required for the website to function properly — these cannot be disabled
  • Analytics cookies: Help us understand how visitors use our website so we can improve it — only set with your consent
  • No fingerprinting: We don't use device fingerprinting or any other cross-site tracking techniques
  • Privacy-first analytics: We use Zoho PageSense, a privacy-respecting and fully GDPR compliant analytics service

You can change your cookie preferences at any time by clicking the cookie settings link in our website footer.

2.5 Data Breach Response

In the unlikely event of a personal data breach, PlanOps follows a documented incident response procedure:

  • Detection & containment: Immediate action to identify, isolate, and contain any breach
  • Assessment: Evaluation of the breach's nature, scope, and potential impact
  • ICO notification: Reportable breaches notified to the Information Commissioner's Office within 72 hours as required by UK GDPR
  • Customer notification: Affected customers notified without undue delay with clear information about the breach and remedial actions
  • Documentation: Complete documentation of the breach, impact assessment, and remediation steps

Questions about your data?

Contact our Data Protection team for any privacy-related enquiries.

Contact Privacy TeamView Procurement Info