Privacy Policy

1. Introduction

This Privacy Policy explains how Projan AI Ltd (company number 17196385, registered in England & Wales) collects, uses, and protects your personal data when you use our AI-powered business planning service at projan.ai and associated applications.

This policy is effective from 7 May 2026. By using Projan, you acknowledge that you have read and understood this policy.

2. Information We Collect

Account Data

When you create an account, we collect your name and email address. If you sign up via AWS Cognito, we also store a unique authentication identifier linked to your account.

Team and Membership Data

If you create or join a team, we store your team membership, role (admin or member), and the date you joined. Team administrators can see this information for their team members.

Content Data

We store the conversations you have with our AI agents, generated documents, plan breakdowns, and any content you create within the service.

Integration Credentials

If you connect third-party services (Slack, Jira, Notion, Linear, Todoist, Google Tasks, Microsoft To Do, monday.com, ClickUp, GitHub, Motion, Confluence, Trello, Wrike, Productboard, Google Docs, Azure DevOps, Dropbox Paper, Smartsheet, HubSpot, Canny), we store encrypted OAuth tokens or API keys and related integration metadata (such as workspace or site identifiers). These are encrypted at rest using industry-standard authenticated encryption.

Usage Metadata

We record metadata about your use of the service, including AI model assignments, token usage per conversation, and account status changes. This data is used for billing, capacity planning, and service improvement.

Usage Analytics

We use Google Analytics 4 (GA4) on our marketing site to collect anonymised usage data such as page views, session duration, and traffic sources. This data is not linked to your identity and is only collected with your consent.

Payment Information

Payments are processed by Stripe. We do not store your card details. Stripe provides us with a customer ID, subscription status, and billing address for invoice purposes.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Projan service
• Process your conversations through AI models to generate documents and plans
• Send transactional emails (account activation, password resets, team invitations, billing notifications)
• Process payments and manage subscriptions
• Provide customer support
• Detect and prevent fraud or abuse

We do not use your content to train AI models. Your conversations and documents are processed solely for the purpose of delivering the service to you.

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract performance - Processing necessary to provide the service you have signed up for (account data, content data, payment processing).
• Legitimate interests - Analytics to improve the service, fraud prevention, and service security. We balance these interests against your rights and freedoms.
• Consent - Marketing communications (if you opt in). You can withdraw consent at any time.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data.

We share data only with sub-processors necessary to deliver the service. A full list of sub-processors is available at /security/sub-processors.

We may disclose your data if required by law, regulation, or legal process, or to protect the rights, property, or safety of Projan, our users, or the public.

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your data becomes subject to a different privacy policy.

6. International Data Transfers

Your data is primarily stored and processed in the United Kingdom (AWS eu-west-2, London region).

Some sub-processors are based in the United States:

• OpenRouter - AI model processing. Conversations are sent for processing and responses are returned; content is not retained by the provider.
• Stripe - Payment processing.
• Resend - Transactional email delivery.

Where data is transferred outside the UK, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) and adequacy decisions where available. Our sub-processors page identifies which safeguard mechanism applies to each provider.

7. Data Retention

For full details, see our Data Retention Policy.

In summary:

• Account data - Retained while your account is active, plus 30 days after deletion.
• Conversations and documents - Retained while your account is active. Deleted on request or 30 days after account deletion.
• Payment records - Retained for 7 years as required by UK tax law.
• Analytics data - Anonymised and retained for up to 14 months (GA4 default).

8. Your Rights (GDPR)

Under the UK GDPR, you have the right to:

• Access - Request a copy of your personal data.
• Rectification - Request correction of inaccurate data.
• Erasure - Request deletion of your data ("right to be forgotten").
• Portability - Receive your data in a structured, machine-readable format.
• Restriction - Request limited processing of your data.
• Objection - Object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@projan.ai. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies and Tracking

We use a minimal set of cookies. Analytics cookies (Google Analytics 4) are only set after you give explicit consent via our cookie banner.

For a full list of cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

We do not use advertising cookies, retargeting pixels, or social media tracking scripts.

10. Children's Privacy

Projan is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@projan.ai and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. For material changes, we will notify you by email at the address associated with your account at least 14 days before the changes take effect.

Non-material changes (clarifications, formatting) may be made without notice. The "Last updated" date at the top of this page will always reflect the most recent revision.

12. Contact

For privacy-related enquiries:

• Email: privacy@projan.ai
• Data Controller: Projan AI Ltd
• Company: Projan AI Ltd (registered in England & Wales)
• Registered Address: 54 Edwinstowe Drive, Nottingham, NG5 3EP