Privacy Policy

1. Introduction

PM Assist ("we", "us", "our") is an AI-powered O&M document assistant for building and facilities management teams. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service (the "Service").

By creating an account or using the Service, you acknowledge that you have read and understood this policy. If you have questions, please contact us at [email protected].

2. Information we collect

Account information

When you create an account, we collect:

• Email address
• Password (stored securely using bcrypt hashing — we cannot see your password)

We do not ask for your name or organisation name during signup. A display name is derived from your email address and can be changed later in your profile. An organisation name is auto-generated from your email domain for internal labelling.

Building documents

You may upload O&M manuals, drawings, certificates, and other building documentation. These files are stored securely and processed to enable AI-powered search and response generation.

Usage and query data

We collect information about how you use the Service, including:

• Questions asked and AI responses generated
• Documents accessed and search activity
• Feature usage patterns and session data
• Feedback you provide through the application

Free tool usage

We offer free tools (such as BMS screenshot analysis, HVAC fault diagnosis, O&M manual search demo, checklist generation, and document summarisation) that do not require an account. When you use these tools, we process the content you submit (images, documents, or text) through our AI provider (OpenAI) to generate a response. Submitted content is processed in memory and is not stored on our servers after the response is returned. Your IP address is used for rate limiting only and is not retained.

Technical data

We automatically collect technical information for security and service improvement, including IP addresses, browser type, device information, and referral sources. We also operate a lightweight server-side page view counter on key pages (home, signup, pricing, login, contact) that records a hashed IP identifier (rotated daily), browser type, and referrer. This operates without cookies and does not identify individual users across sessions.

Payment information

If you subscribe to a paid plan, payment details are collected and processed by Stripe. We do not store your full card details on our servers.

3. How we use your information

We use your information to:

• Provide, maintain, and improve the Service
• Process your questions using AI and return source-cited answers
• Manage your account, subscription, and billing
• Send important service notifications (not marketing emails)
• Monitor security, detect abuse, and prevent unauthorised access
• Analyse usage patterns to improve product quality
• Comply with legal obligations

4. Lawful basis for processing

We process personal data on the following lawful bases, as applicable under UK GDPR and equivalent data protection legislation:

• Performance of a contract: Processing necessary to provide the Service you have signed up for, including account management, document storage, and AI-powered search.
• Legitimate interests: Processing for purposes such as service improvement, security monitoring, fraud prevention, and analytics — where these interests are not overridden by your data protection rights.
• Legal obligations: Processing required to comply with applicable laws, regulations, or legal proceedings.
• Consent: Where we rely on consent (for example, for optional communications), you may withdraw it at any time by contacting us.

5. AI processing

When you ask a question, PM Assist retrieves relevant excerpts from your building documents and sends them, along with your query, to our AI provider (currently OpenAI) to generate a response.

• Only relevant document excerpts are sent — not entire files
• Under OpenAI's standard API data usage policy, API inputs and outputs are not used to train their models. We do not currently have a separate Zero Data Retention (ZDR) agreement; our controls rely on OpenAI's default API terms
• AI responses include source citations so you can verify against originals
• AI-generated content may contain errors and should always be verified

Our free tools (available without an account) also use OpenAI to process the content you submit. Submitted content is processed in memory for the duration of the request and is not stored on our servers after the response is returned.

6. Data isolation

PM Assist is designed with per-building data separation between buildings and tenants. Documents and queries are segmented by tenant and building context through application and data-layer controls. Each tenant's data is logically separated at the database level.

7. Third-party services and subprocessors

We use the following third-party services to provide the Service:

• OpenAI — AI-powered response generation (document excerpts and queries are sent)
• Amazon Web Services (S3) — Secure document file storage
• PostgreSQL (managed) — Application data persistence
• Vercel — Application hosting and deployment
• Stripe — Payment processing and subscription management
• Sentry — Error monitoring and application reliability
• Resend / SMTP — Transactional email delivery (verification, notifications, invitations)
• Google Analytics 4 — Product analytics (consent-gated via Consent Mode v2; PII is stripped before events are sent)
• Google Ads — Conversion measurement only (cookieless via Consent Mode v2; no advertising cookies are set, no remarketing or interest-based targeting is used)

These providers process data in accordance with their own privacy policies and our agreements with them. For a current subprocessor list or data processing agreement, please contact us.

8. Data retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account data: Retained until you delete your account via self-service (see below) or request deletion by email
• Documents: Retained until deleted by you or on account closure
• Query and chat logs: Automatically purged after 90 days
• Audit logs: For routine events, IP addresses and email are removed after 14 days. For security-critical events (e.g., login failures, password resets), raw IP and email snapshots are retained for up to 90 days to support incident investigation. All remaining PII (user agent, question/answer content) is scrubbed after 90 days; structural audit records (action type, timestamp, user ID) are retained for up to 180 days, then permanently deleted
• IP addresses: Routine event IPs are anonymized after 14 days; security event IPs are scrubbed after 90 days. Only hashed IP identifiers are retained beyond 14 days for correlation
• Authentication tokens: Expired tokens purged daily; used tokens purged after 30 days
• Deleted accounts: Soft-deleted immediately on request; personal data (name, email, chat history, generated documents, uploaded images) is removed at deletion time; tombstone records are hard-deleted after 30 days
• Payment records: Retained as required by financial regulations (managed by Stripe)

Our automated daily cleanup process enforces these retention periods. No manual request is needed for time-based retention.

9. Data security

We implement security measures including:

• Encryption of data in transit (HTTPS/TLS)
• Server-side encryption of stored documents (S3)
• Secure password hashing (bcrypt)
• Role-based access controls and authentication
• Server-side security headers (CSP, X-Frame-Options, etc.)
• Tenant-level data isolation at the database layer

We conduct regular security reviews and monitor for vulnerabilities. If you discover a security issue, please report it to [email protected].

10. Your rights and self-service controls

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your personal data
• Export your data in a portable format (JSON)
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent

Self-service privacy controls

The following actions are available directly from your profile page without needing to contact us:

• Export my data: Download a complete copy of your personal data in JSON format, including your profile, query history, audit logs, generated documents, and uploaded image metadata
• Delete my account: Permanently delete your account with password confirmation. This immediately soft-deletes your account, removes all personal query history, generated documents, uploaded images, and tokens, scrubs PII from audit logs, and signs you out. Tombstone records are hard-deleted after 30 days
• Edit profile: Update your name or change your password at any time

For other requests (e.g., objection to processing, consent withdrawal), contact us at [email protected]. We will respond within 30 days.

11. Cookies and analytics

Essential cookies

We use essential cookies for authentication, session management, CSRF protection, and theme preferences. These cookies are strictly necessary for the Service to function and cannot be disabled.

Analytics cookies (optional)

With your consent, we use Google Analytics 4 (GA4) to understand how the Service is used and to improve the product. GA4 collects usage data such as pages visited and feature interactions. We strip personal information (email addresses, document names, queries, tokens, and file contents) from analytics events before they are sent to Google.

We use Google's Consent Mode v2. The GA4 script loads on every page but defaults to analytics_storage: denied, meaning GA4 does not set cookies or collect identifiable analytics data until you consent. When you choose "Accept" on the cookie banner, analytics storage is upgraded to granted and GA4 operates normally (including setting its own cookies). If you decline, GA4 may still send cookieless measurement pings to Google for aggregate modelling, in line with Consent Mode v2 behaviour.

Your consent preference is stored in your browser's local storage (pm-cookie-consent).

Google Ads conversion measurement

We use Google Ads for conversion measurement only (e.g. to know whether an ad click led to a signup). Ad storage, ad user data, and ad personalisation are permanently set to denied in our Consent Mode v2 configuration. This means Google Ads operates in cookieless mode and does not set advertising cookies or build interest-based profiles. We do not use remarketing, display advertising, or interest-based targeting.

Server-side analytics

We operate a lightweight server-side page view counter on a small number of key pages (home, signup, pricing, login, contact) to measure basic funnel activity independently of cookie consent. This records a daily-rotated hashed IP identifier, browser type, and referrer. It does not use cookies, does not identify individual users across sessions, and does not send data to any third party.

Managing your preferences

You can change your analytics cookie preference at any time using the "Manage cookies" link in the site footer. You can also clear local storage for this site or install the Google Analytics Opt-out Browser Add-on.

12. International data transfers

Your data may be processed in countries outside your jurisdiction, including the United States (where our AI and infrastructure providers operate). We rely on the data protection measures described in this policy and our agreements with subprocessors to safeguard your information.

Where our subprocessors offer Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms, we rely on those. Customers requiring specific transfer safeguards should contact us to discuss their requirements.

13. Children's privacy

The Service is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or in-app notification. The "last updated" date at the top of this page indicates when this policy was last revised.

15. Operator identity

The Service is operated by:

• Trading name: PM Assist
• Registered address: Available on request via [email protected]
• Jurisdiction: England and Wales
• Privacy contact: [email protected]
• General contact: [email protected]

16. Contact

For privacy-related questions, data requests, or concerns, contact us at: [email protected]