← Back to Projectoolbox

Privacy Policy

Last updated: 1 April 2026

1. Who We Are

Projectoolbox is operated by PMGT Solutions Ltd, a company registered in England and Wales. We provide an AI-powered project management platform at www.projectoolbox.com.

For questions about this policy, contact us at privacy@projectoolbox.com.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, password (hashed), organisation name, industry, and role — provided when you register.
  • Usage data: Actions taken within the platform, feature usage, session metadata, and AI interaction logs.
  • Project data: Content you enter into the platform including project plans, risks, schedules, and documents. This is your data and we act as a data processor.
  • Billing data: Payment method details processed by our payment provider (Stripe). We do not store card numbers.
  • Technical data: IP address, browser type, operating system, device identifiers, and cookies.
  • Communications: Emails and support messages you send us.

3. How We Use Your Data

We use your personal data to:

  • Provide, maintain, and improve the Projectoolbox platform
  • Process payments and manage your subscription
  • Send transactional emails (account confirmation, password reset, billing notifications)
  • Send product updates and newsletters (you may opt out at any time)
  • Respond to support requests
  • Monitor and analyse usage to improve performance and security
  • Comply with legal obligations

4. Legal Basis for Processing (UK/EU)

Under UK GDPR and EU GDPR, we process your data on the following legal bases:

  • Contract: To fulfil our obligations under our Terms of Service.
  • Legitimate interests: To improve our product, prevent fraud, and ensure security.
  • Consent: For marketing emails and optional cookies. You may withdraw consent at any time.
  • Legal obligation: Where required by law.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase — database and authentication hosting
  • Anthropic — AI model provider. Queries are processed per Anthropic's data policies. Your data is not used to train their models under our enterprise agreement.
  • Stripe — payment processing
  • Vercel — hosting and CDN
  • Recall.ai — meeting bot functionality (Professional and Business plans only)
  • Law enforcement or regulatory bodies where required by law

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we delete personal data within 30 days, except where retention is required by law (e.g., billing records retained for 7 years under UK tax law).

Project data (content you have entered) is deleted within 30 days of account deletion.

7. Your Rights

Under UK GDPR and EU GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, email us at privacy@projectoolbox.com. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies for authentication and session management. We use analytics cookies (Google Analytics) to understand usage. You can opt out of analytics cookies via our cookie banner or by visiting Google Analytics Opt-out.

For full details see our Cookie & GDPR Policy.

9. International Transfers

Your data may be processed outside the UK/EEA (for example on Anthropic's US-based infrastructure). Where this occurs, we ensure appropriate safeguards are in place such as Standard Contractual Clauses (SCCs) or adequacy decisions.

10. Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, role-based access controls, and regular security reviews. However, no system is completely secure and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or by displaying a notice in the platform. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Terms of ServiceGDPR PolicySecurityContact Us