Graicx
Sign inBook a demo

Privacy Policy

Last updated: 19 June 2026

This policy explains how Graicx collects, uses, stores and protects personal data, and the rights you have under UK GDPR. It applies to our website and platform.

1. Who we are

Graicx Ltd (“Graicx”, “we”, “us”) is the data controller for personal data processed through our website (www.graicx.com) and the Graicx facility-management platform.

Registered office: [registered address]. Company number: [company number]. ICO registration: [ICO registration number]. You can contact us about privacy at alexander@graicx.ai.

2. The data we collect

Depending on how you interact with us, we process:

  • Contact & enquiry data — when you submit the demo/contact form (work email and organisation type) or email us.
  • Account data — names, work email addresses and roles of users your organisation invites to the platform.
  • Customer content — the data your organisation puts into the platform (assets, work orders, service requests, photos, documents, notes). For this content your organisation is the controller and Graicx is the processor.
  • Usage & technical data — log data, device/browser information and IP address, used to operate and secure the service.

3. How we use it, and our lawful bases

We use personal data to provide, secure and improve the service, respond to enquiries, and meet legal obligations. Our lawful bases under UK GDPR are:

  • Contract — to provide the platform to your organisation and the users it authorises.
  • Legitimate interests — to run, secure, debug and improve the service, and to respond to sales enquiries you initiate.
  • Consent — for any optional marketing communications; you can withdraw consent at any time.
  • Legal obligation — where we must retain or disclose data to comply with the law.

4. Sub-processors and third parties

We use a small number of vetted providers to deliver the service. Each is bound by data-processing terms and processes data only on our instructions:

  • Supabase — application database, authentication and file storage (UK/EU regions).
  • Vercel — application and website hosting/delivery.
  • Anthropic — AI features (e.g. Milo triage, chat and document analysis). Content sent to the AI is used only to generate the response and is not used to train third-party models.
  • Resend — transactional email (notifications, invitations).
  • Mapbox — drive-time calculation for dispatch (location of sites/technicians only).

5. Where your data is stored

We host and store data in the United Kingdom and/or European Union. Where any processing involves a transfer outside the UK/EU, we rely on appropriate safeguards (such as the UK International Data Transfer Agreement or Standard Contractual Clauses).

6. AI features

Some features use AI to read, classify and summarise content (for example triage of service requests, the Milo assistant, and document analysis). AI output is assistive and may be inaccurate; it is provided for human review and does not replace professional judgement or your organisation’s legal duties. We do not use your content to train third-party AI models.

7. Retention

We keep personal data only as long as needed for the purposes above. Customer content is retained for the life of your organisation’s account and deleted or returned on request or after termination, subject to any legal retention requirements. Enquiry data is kept for a reasonable period to follow up and for our records.

8. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict or object to processing of your personal data, and to data portability. To exercise these rights, contact alexander@graicx.ai. If your data sits within an organisation’s account, we may direct your request to that organisation as controller.

  • You can withdraw consent to marketing at any time.
  • You have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

9. Cookies

We use strictly necessary cookies to run the website and keep you signed in to the platform. We do not use advertising cookies. Any optional analytics cookies are used only with your consent.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified through the service or by email. The “last updated” date above reflects the latest version.

11. Contact

Questions about this policy or your data? Email alexander@graicx.ai or write to us at [registered address].