Privacy Policy

Archject is a practice management platform for architecture firms, operated by Archject Ltd, a company registered in England and Wales. Our registered office is in London, UK.

If you have any questions about this policy or how we handle your data, you can contact us at privacy@archject.co.uk.

We collect information in the following ways:

Information you provide directly When you sign up for Archject, book a demo, or contact us, we collect your name, email address, phone number, and details about your practice such as firm name and team size.

Information generated through using the platform When you use Archject, we collect and store data you enter into the platform. This includes project records, task and timesheet data, meeting notes, fee and budget information, and any documents or content you create or upload.

Usage data We collect information about how you use the platform, including log data, device information, browser type, pages visited, and actions taken within the product. This helps us understand how Archject is being used and where we can improve it.

Cookies We use cookies to keep you logged in, remember your preferences, and understand how visitors use our website. You can control cookies through your browser settings.

We use your data to:

• Provide and operate the Archject platform
• Set up your account and deliver onboarding and support
• Send you important notices about your account or the service
• Respond to your enquiries and support requests
• Improve and develop the platform based on how it is used
• Send product updates and relevant communications (you can opt out at any time)
• Meet our legal and regulatory obligations

We do not sell your personal data to third parties.

We process your personal data on the following legal grounds under UK GDPR:

Contractual necessity — processing required to deliver the service you have signed up for.

Legitimate interests — improving the platform, preventing fraud, and communicating with customers in ways they would reasonably expect.

Legal obligation — where we are required to process data to comply with applicable law.

Consent — for marketing communications, where we will always give you the option to opt out.

Your data is stored on secure servers located within the UK and European Economic Area. We use industry-standard security measures including encryption in transit and at rest, access controls, and regular security reviews.

We retain your data for as long as your account is active. If you close your account, we will delete or anonymise your personal data within 90 days, unless we are required to retain it for legal purposes.

No method of transmission over the internet is completely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security.

We share data with a small number of trusted third-party service providers who help us operate Archject. These include:

• Cloud infrastructure providers for hosting and data storage
• Email delivery services for transactional and product communications
• Analytics tools for understanding platform usage
• Payment processors for handling subscription billing

All third parties are contractually required to handle your data securely and only for the purposes we specify. We do not authorise them to use your data for their own purposes.

We may disclose data if required by law, court order, or regulatory authority.

Under UK GDPR, you have the following rights in relation to your personal data:

• Access — request a copy of the data we hold about you
• Rectification — ask us to correct inaccurate or incomplete data
• Erasure — request deletion of your data, subject to legal obligations
• Restriction — ask us to limit how we use your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@archject.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data correctly.

When you use Archject to manage your projects, you may enter information about your own clients, including names, contact details, and project information. In this context, you are the data controller for that information and Archject acts as a data processor on your behalf.

You are responsible for ensuring you have a lawful basis for entering your clients' data into the platform and for complying with your own obligations under data protection law.

We process that data only as instructed by you and in accordance with this policy and our Data Processing Agreement, which is available on request.

We may update this privacy policy from time to time. When we make significant changes, we will notify you by email or through the platform. The date at the top of this page reflects when the policy was last updated.

Continued use of Archject after changes are notified constitutes your acceptance of the updated policy.