AI RAMS

Privacy Statement

How we collect, use, and protect your personal information

Introduction

AiRAMS is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Statement explains how we collect, use, disclose, and safeguard your information when you use our AI-powered risk assessment and method statement generation service.

By using our service, you consent to the data practices described in this statement. If you do not agree with the practices described in this Privacy Statement, please do not use our service.

Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when you:

  • Create an account or register for our service
  • Use our AI-powered risk assessment tools
  • Generate method statements or risk assessments
  • Contact us for support or inquiries
  • Subscribe to our paid services
  • Participate in surveys or feedback requests

This information may include:

  • Name, email address, and contact information
  • Company name, industry, and workplace location
  • Job title and professional information
  • Workplace descriptions and project details
  • Risk assessment data and safety information
  • Payment information (processed securely through Stripe)
  • Communication preferences and feedback

Information Collected Automatically

When you access our service, we automatically collect certain information about your device and usage:

  • IP address and general location information
  • Browser type, version, and operating system
  • Device identifiers and characteristics
  • Pages visited and time spent on our service
  • Referring websites and search terms
  • Usage patterns and feature interactions

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, remember your preferences, and analyze usage patterns. You can control cookie settings through your browser, though some features may not function properly if cookies are disabled.

How We Use Your Information

We use the information we collect for the following purposes:

  • Provide, operate, and maintain our AI-powered risk assessment service
  • Generate personalized, HSE-compliant risk assessments and method statements
  • Process payments and manage subscription accounts
  • Communicate with you about your account, updates, and support
  • Improve our AI algorithms and service functionality
  • Analyze usage patterns to enhance user experience
  • Ensure security and prevent fraud or abuse
  • Comply with legal obligations and regulatory requirements
  • Send important notices, security alerts, and service updates
  • Respond to customer service requests and technical support

Legal Basis for Processing (UK GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our services and fulfill our obligations to you
  • Legitimate Interests: To improve our services, ensure security, and analyze usage
  • Legal Compliance: To comply with applicable laws and regulations
  • Consent: Where you have provided explicit consent for specific activities

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our service:

  • Supabase for secure data storage and user authentication
  • OpenAI for AI processing and content generation
  • Stripe for secure payment processing
  • Cloud hosting providers for service infrastructure
  • Email service providers for communications
  • Analytics providers for service improvement

Legal Requirements

We may disclose your information when required by law or when we believe disclosure is necessary to:

  • Comply with legal obligations, court orders, or regulatory requirements
  • Protect and defend our rights, property, or safety
  • Protect the rights, property, or safety of our users or others
  • Prevent or investigate fraud, security breaches, or illegal activities
  • Enforce our terms of service or other agreements

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

Data Security

We implement comprehensive security measures to protect your personal information:

  • Encryption of data in transit and at rest using industry-standard protocols
  • Secure authentication and access controls
  • Regular security assessments and vulnerability testing
  • Employee training on data protection and security practices
  • Incident response procedures for security breaches
  • Secure data centers with physical and digital safeguards
  • Regular backups and disaster recovery procedures

While we implement robust security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR), you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data and information about how we process it
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data under certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data for certain purposes
  • Rights Related to Automated Decision Making: Rights regarding automated processing and profiling
  • Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us at privacy@airams.uk. We will respond to your request within one month of receipt, though this may be extended by up to two months for complex requests.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data appropriately. You can contact the ICO at ico.org.uk or call their helpline.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Statement:

  • Account Information: Retained while your account is active and for a reasonable period after account closure
  • Risk Assessment Documents: Retained for up to 7 years to comply with UK health and safety record-keeping requirements
  • Payment Information: Retained as required by financial regulations and tax obligations
  • Communication Records: Retained for customer service and legal compliance purposes
  • Usage Data: Typically retained for 2 years for analytics and service improvement

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable legal requirements.

International Data Transfers

Your personal information may be transferred to and processed in countries outside the United Kingdom. When we transfer personal data internationally, we ensure appropriate safeguards are in place:

  • Adequacy decisions by the UK government
  • Standard contractual clauses approved by UK authorities
  • Binding corporate rules or certification schemes
  • Other approved transfer mechanisms under UK GDPR

We work only with service providers who demonstrate adequate data protection standards and commit to protecting your information in accordance with UK data protection laws.

Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us immediately.

Third-Party Services

Our service may contain links to third-party websites or integrate with third-party services. This Privacy Statement does not apply to these external sites or services. We encourage you to review the privacy policies of any third-party services you access through our platform.

We are not responsible for the privacy practices or content of third-party websites or services.

Changes to This Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated Privacy Statement on our website
  • Update the "last modified" date
  • Notify you by email or through our service for significant changes
  • Obtain your consent where required by law

We encourage you to review this Privacy Statement periodically to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Statement or our data practices, please contact us:

Email: privacy@airams.uk
Data Protection Officer: dpo@airams.uk
General Inquiries: support@airams.uk
Postal Address:
AiRAMS
United Kingdom

We are committed to resolving any privacy concerns promptly and transparently. When you contact us, please provide sufficient detail about your inquiry so we can assist you effectively.

Regulatory Compliance

AiRAMS is committed to compliance with applicable data protection laws, including:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)
  • Other applicable UK and international privacy laws

We regularly review our data protection practices to ensure ongoing compliance with evolving legal requirements and industry best practices.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, providing information about the nature of the breach and the measures we are taking to address it.