Privacy Policy for AI-Certificates and AI Certify Field

1. Scope

This policy applies to AI-Certificates, AI Certify Field, and related services operated by Cain Enabled Engineering Ltd. It covers our website, admin tools, mobile applications, and any support channels that link to this policy.

2. Information we collect

Depending on how you use the service, we may collect the following categories of information:

• Account information such as your name, email address, organisation name, login credentials, and profile settings.
• Business and inspection content such as certificates, reports, forms, notes, observations, measurements, and uploaded files.
• Media such as photos or videos you capture or upload for inspections, evidence, or support requests.
• Device and usage data such as device type, operating system, browser type, app interactions, crash reports, and diagnostic logs.
• Location data when you grant permission for field work, site context, or other app features that require it.
• Billing and transaction data if you purchase a subscription or paid service through us or a payment processor.
• Communications such as support requests, feedback, and messages sent through our forms or email channels.

3. How we use information

We use information to run and improve the platform, including to:

• Create and manage user accounts and organisation workspaces.
• Store and display inspection records, certificates, and generated documents.
• Power AI-assisted workflows, OCR, template detection, and field mapping.
• Process subscriptions, payments, invoices, and refunds where applicable.
• Provide customer support, troubleshoot bugs, and maintain service security.
• Send service notifications, important updates, and account-related communications.
• Meet legal, tax, compliance, and audit obligations.

4. Legal bases and sharing

Where applicable, we rely on contract performance, legitimate interests, consent, and legal obligations to process personal data. We do not sell personal information.

We may share information with service providers that help us host, secure, analyse, process payments, send communications, or run AI and document-processing features. We may also share data with organisation administrators when the account is managed by a business customer, or if we are required to do so by law.

5. Data retention and deletion

We keep personal information only for as long as necessary to provide the service, meet legal and accounting obligations, resolve disputes, and enforce agreements. Some inspection records or audit data may need to be retained longer if they form part of a customer’s compliance history or if law requires it.

To request deletion of your account or personal data, visit our account deletion page or use our contact page.

6. Cookies, permissions, and device access

Our web app may use cookies or similar technologies for authentication, preferences, and session management. On mobile devices, the app may request access to the camera, photos, microphone, location, or notifications when those features are used. You can manage many permissions in your device settings.

7. Security

We use reasonable technical and organisational safeguards to protect information, including access controls, secure hosting, and monitoring for suspicious activity. No system is completely secure, so we cannot guarantee absolute security.

8. International transfers

If data is transferred outside your country, we take steps intended to protect it appropriately, including using trusted service providers and contractual safeguards where required.

9. Children’s privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

10. Changes to this policy

We may update this policy from time to time. When we do, we will revise the date at the top of this page and, where appropriate, notify users through the service or by email.