Last updated: 1 April 2026
Projectoolbox is committed to complying with the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR). This page explains our key commitments and how to exercise your rights.
For full details on how we collect and use your personal data, please read our Privacy Policy.
PMGT Solutions Ltd is the data controller for personal data collected through the Projectoolbox platform. Where you upload project data, we act as a data processor on your behalf — you remain the controller of that content.
You have the following rights regarding your personal data:
Right of Access
Request a copy of all personal data we hold about you (Subject Access Request).
Right to Rectification
Ask us to correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten"). Some data may be retained for legal reasons.
Right to Restriction
Ask us to restrict processing of your data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format (JSON or CSV).
Right to Object
Object to processing based on our legitimate interests or for direct marketing.
Right to Withdraw Consent
Withdraw consent at any time where processing is based on consent.
Right Not to Be Subject to Automated Decisions
Request human review of any significant automated decisions.
To exercise any right, email privacy@projectoolbox.com. We will respond within 30 days (extendable to 90 days for complex requests, with notice).
We use sub-processors located outside the UK/EEA. Where personal data is transferred internationally, we ensure adequate protections through:
We use the following sub-processors to deliver the Service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, storage | US (AWS) |
| Anthropic | AI model processing | US |
| Stripe | Payment processing | US |
| Vercel | Hosting, CDN, edge functions | US / Global |
| Recall.ai | Meeting bot transcription | US |
| Google Analytics | Usage analytics | US |
We use the following categories of cookies:
Required for the platform to function. These include session tokens, CSRF protection, and authentication state. They cannot be disabled.
Examples: next-auth.session-token, __Host-next-auth.csrf-token
We use Google Analytics 4 to understand how the platform is used. These cookies collect anonymised data about page visits, feature usage, and navigation.
Examples: _ga, _ga_*
You can opt out of analytics cookies at any time via our cookie banner or by installing the Google Analytics Opt-out Browser Add-on.
Store your preferences such as theme (light/dark mode) and UI settings.
Examples: theme
If you are unhappy with how we handle your data, you have the right to lodge a complaint with:
We would appreciate the opportunity to address your concerns first — please contact us at privacy@projectoolbox.com before escalating to a supervisory authority.