1. Introduction
AIOTEL ("we," “us,” “our”) strives to handle user data responsibly on our platforms and custom solutions. We are committed to protecting your personal information and your right to privacy. This policy explains how we collect, use, store, and protect personal data when you interact with our software platforms and services. We recognize the importance of aligning our practices with international privacy frameworks and are actively undertaking measures to enhance our data governance and compliance readiness.
2. Data We Collect
We collect various types of data including:
- Contact information: Name, email, phone, company, and role, typically through demo bookings, support requests, and platform registrations.
- Technical data: IP address, browser type, device details, operating system, and usage logs.
- Uploaded assets and inputs: 3D models, point cloud data, project statuses, and workflow details.
- Database Credentials: For analytical use cases, external Database credentials are collected and encrypted while in transit or at rest.
- Analytics data: Telemetry, session activities, feature usage, and interaction logs.
- Cookies and tracking technologies for improving platform experience and usage analytics.
We collect only such data as is necessary and proportionate to our legitimate business purposes. All data collection activities are subject to internal review to ensure alignment with the principles of data minimization and purpose limitation.
3. Purpose and Legal Basis of Processing
We collect and process your data to:
- Provide, customize, and improve our digital twin and related software services;
- Ensure platform security, integrity and performance;
- Communicate with users regarding support, updates and service improvements;
- Comply with applicable legal and regulatory obligations; and
- Pursue legitimate business interests such as analytics, product development, and service optimization, balanced against user privacy rights.
Where applicable law requires, we rely on user consent as a lawful basis for processing. Users may withdraw consent at any time without prejudice to prior lawful processing.
4. Cookies and Tracking
Our platform uses cookies or similar tracking to enhance your experience, session management, and enable certain features and functionality. Users may manage or disable cookies through browser settings. As required by applicable law and regulations, we will seek consent prior to placing non-essential cookies.
5. Data Sharing
We may share data with trusted service providers and subcontractors, such as cloud hosting, or support partners under written agreements which bind them with similar data privacy obligations as are adhered to by us and require them to process data solely on our instructions and with adequate technical and organizational safeguards.
We do not sell or rent any personal data to third parties. Data is only shared for platform operation and legal, contractual or regulatory compliance. All such third parties must adhere to privacy obligations in accordance with their written agreements.
Where personal data is transferred outside the UK or the European Economic Area (EEA), we ensure that such transfers occur under appropriate safeguards, including Standard Contractual Clauses or other approved mechanisms.
6. Data Subject Rights
Depending on your jurisdiction, you may have certain rights under data protection laws to:
- Access your data
- Rectify inaccurate data
- Request deletion
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
Requests to exercise these rights can be submitted to our Data Protection Contact listed below. We will respond in accordance with applicable legal timelines and standards.
7. Data Security
AIOTEL continually reviews and enhances our information security framework to align with recognized standards such as ISO/IEC 27001 and GDPR Article 32 requirements. We employs industry-standard technical and organizational measures—including encryption, access controls, and regular audits—to protect your data against unauthorized access and breaches.
8. Data Retention
Retention periods are defined according to the purpose of collection, contractual necessity, or statutory retention obligations and we only retain personal data as long as necessary for purposes listed, legal obligations, or to resolve disputes. Once data is no longer required, it is securely deleted or anonymized in accordance with our internal data retention policy.
9. Children's Privacy
Our services are not directed at children under 16 years old. We do not knowingly collect data from children. If we become aware that data from a child has been collected inadvertently, we will delete such information promptly on being made aware of such data collection.
10. Compliance
We are presently in the process of enhancing our privacy and data protection framework to align with internationally recognized standards, including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, ISO/IEC 27001, and SOC 2. Currently, global customers and other regulated regions may not have access to the full range of privacy rights required by local law, including rights to access, deletion, and objection.
While we are not yet fully certified or assessed as GDPR-compliant, we have initiated a structured compliance roadmap that includes:
- Implementation of a data inventory and mapping exercise;
- Appointment of a Data Protection Contact to oversee compliance readiness;
- Drafting and internal adoption of Data Processing Agreements (DPAs) with vendors;
- Technical and organizational security enhancements; and
- Development of employee training and awareness programs on data protection.
We are committed to maintaining transparency throughout this process and will update this policy as our compliance maturity evolves.
11. Changes to This Policy
We may update this policy to reflect changes in law or business practices. Changes will be communicated via the platform or by email, and updated on our website. Where material changes affect user rights or obligations, we will provide reasonable notice prior to implementation.
12. Data Protection Governance
We have established internal processes for monitoring compliance and handling data-related requests or incidents. All personnel with access to personal data are bound by confidentiality obligations and undergo regular data protection training.
13. International Transfers and Third-Party Processors
In cases where our vendors or affiliates are located outside the UK or EEA, we ensure that adequate transfer safeguards are implemented, including the use of Standard Contractual Clauses and regular due diligence reviews.
14. Contact
If you have any questions or concerns about this privacy and data policy or how your data is processed, then you can contact us at privacy@aiotel.com