Privacy Policy

Last updated: April 21, 2026

Inspect360 Suite ("we", "us", "our") operates the inspect360suite.com website and the Inspect360 Suite application (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service.

Information We Collect

We collect information to provide and improve our Service. Types of data collected include:

• Account data: name, email address, organization affiliation, and profile information provided during sign-up or via Google Sign-In.
• Inspection data: facility details, photographs, findings, and reports you create or upload.
• Usage data: anonymous metrics about how you interact with the Service (pages visited, features used, errors encountered).

How We Use Your Information

• To provide and maintain the Service
• To authenticate you via Google Sign-In
• To generate inspection reports and deliver them to authorized users
• To communicate with you about service updates, security alerts, or support inquiries
• To monitor and improve the Service

Data Storage and Security

Your data is stored on Supabase infrastructure with industry-standard encryption in transit (TLS) and at rest. Access to your data is controlled by row-level security policies and is limited to authorized users within your organization.

Third-Party Services (Sub-processors)

We engage a limited number of sub-processors — including Supabase (hosting, KSA region), Google Sign-In, Google Gemini and Anthropic Claude (AI inference), Stripe (payments), and Resend (transactional email). A full, up-to-date register with processing purposes, data categories, and cross-border transfer safeguards is published at /subprocessors.html.

International Data Transfers

Inspect360 Suite is operated from the United Kingdom. Customer inspection data is currently hosted in Singapore (AWS ap-southeast-1) via Supabase. Singapore does not benefit from a UK or EU adequacy decision, so transfers of UK and EEA personal data into our platform are made on the basis of the EU Standard Contractual Clauses (Commission Decision 2021/914/EU, Module 2) supplemented by the UK International Data Transfer Addendum, each incorporated into our Data Processing Addendum. Onward transfers to AI inference providers, email delivery, and payment processing rely on the same SCCs and, where applicable, the EU–US Data Privacy Framework. A full sub-processor register with regions and safeguards is at /subprocessors.html. Enterprise customers may opt into regional hosting in Saudi Arabia (GCP me-central2, Dammam) for PDPL residency, or other Supabase-supported regions, as a dedicated tenant under a signed Enterprise agreement.

Automated Decision-Making & AI (GDPR Article 22)

The Service uses AI models to assist inspectors in identifying findings, drafting narrative sections, and suggesting severity scores. These outputs are advisory. Every report must be reviewed, edited, and signed off by a qualified human inspector before it is issued — no legally or significantly affecting decision is made by the Service without meaningful human involvement, within the meaning of GDPR Article 22(1).

You have the right to:

• Obtain meaningful information about the logic of AI-assisted analysis used on your data;
• Request human review of any AI-assisted finding that concerns you;
• Object to the use of AI on your data — administrators can disable AI features for an organisation from Admin Settings → AI Governance.

Customer data is not used to train the underlying AI models. See our sub-processor register for provider-specific safeguards.

Your Rights (GDPR Articles 15–22 & PDPL equivalents)

You have the right to:

• Access — receive a copy of your personal data (Account → "Data Export", JSON format)
• Rectification — correct inaccurate data (editable from your profile)
• Erasure — delete your account, with a 14-day grace period before hard deletion
• Portability — receive your data in a structured, machine-readable format (JSON)
• Restriction / Object — restrict or object to specific processing, including AI-assisted processing
• Withdraw consent — without affecting the lawfulness of prior processing
• Lodge a complaint — with your supervisory authority (e.g., SDAIA in KSA, or your EU member-state DPA)

To exercise any of these rights, contact our Data Protection Officer at dpo@inspect360suite.com. We respond within 30 days.

Data Retention

Inspection reports and related data are retained for 7 years from the date of issue, in accordance with ISO 17020:2012 records retention requirements. Account data is retained until you request deletion.

Children's Privacy (GDPR Article 8 & PDPL)

The Service is a professional tool intended exclusively for adults (18 and over). We require an explicit age confirmation at sign-up and do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact dpo@inspect360suite.com and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.

Contact Us

If you have questions about this Privacy Policy, contact us at:

support@inspect360suite.com