Graftly

Privacy Policy

Last updated: 12 June 2026

Graftly ("we", "us") is a UK-based platform for trades and service businesses. We take your privacy seriously and handle personal data in line with UK GDPR and the Data Protection Act 2018. This policy explains what we collect, why, and what your rights are.

1. Who we are

Graftly is the data controller for personal data processed via this website and the Graftly platform. Contact: info@graftly.co.uk.

2. What we collect

  • Account details — name, email, company, and information you choose to add to your profile.
  • Content you create — RAMS, risk assessments, toolbox talks and other site documentation you produce in the platform.
  • Usage data — basic information about how you interact with the Service (e.g. pages visited, features used), used to improve the product.
  • Communications — emails you send us and our responses.

3. How we use your data

  • To provide and operate the Graftly platform.
  • To support you and respond to your enquiries.
  • To improve the Service and develop new features.
  • To send essential service updates (e.g. security notices).
  • Where you've opted in, to send product updates or marketing.

4. Legal bases

We rely on the following lawful bases under UK GDPR: performance of a contract (to provide the Service you've signed up for), legitimate interests (to run and improve our business in a way that doesn't override your rights), consent (for optional cookies and marketing), and legal obligation (where we must keep records by law).

5. Cookies and analytics

We use a small number of essential cookies/storage so the site works. Non-essential cookies (analytics, marketing) are off by default and only set if you opt in via our cookie banner. We do not load Google Analytics, Meta Pixel, Hotjar, Microsoft Clarity or any similar tracking tools without your consent.

We may use analytics tools in future (such as a privacy-respecting analytics provider). If or when we do, this policy and our cookie policy will be updated and they will only run with your consent.

6. Third-party providers

We use a small set of trusted providers to deliver the Service. These may include:

  • Cloud hosting for the website and platform.
  • Stripe, if and when we process payments. Stripe acts as a processor for payment information.
  • Email tools, if and when used, for transactional and support emails.

We will only share personal data with these providers as needed to run the Service, and they are required to protect that data. We don't sell your personal data.

7. International transfers

Where data is transferred outside the UK, we rely on appropriate safeguards such as UK adequacy regulations or standard contractual clauses.

8. How long we keep your data

We keep your personal data only for as long as we need it to provide the Service or meet legal obligations. You can ask us to delete your account at any time.

9. Your rights

You have rights under UK GDPR including: access, rectification, erasure, restriction, objection, portability, and the right to withdraw consent. To exercise any of these, email info@graftly.co.uk. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

10. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls and least-privilege principles.

11. Changes

We may update this policy from time to time. If we make material changes we'll let you know via the Service or by email where appropriate.

12. Contact

Questions or privacy requests? Email info@graftly.co.uk.