InSite Privacy Policy

InSite processes different types of information in different roles.

For demo requests, website use, account administration, authentication, billing, invoicing, support, security, analytics, marketing choices, legal compliance, and our own business operations, GLORIAPR generally acts as a controller.

For customer-uploaded inspection data, business records, mission records, evidence files, annotations, findings, and reports that we process on behalf of a customer, GLORIAPR generally acts as a processor or service provider. In that case, the customer is responsible for determining the purpose and lawful basis for processing the data, and GLORIAPR processes it under the customer's instructions and applicable agreement.

Where appropriate, we may enter into a data processing agreement ("DPA") with a customer.

Although InSite primarily processes business and inspection data, some personal data may be collected or included in the Platform.

Demo, contact, and sales data

We may collect:

• full name;
• work email address;
• company name;
• role or job title;
• business use case, deployment region, inspection workflow, and demo request details;
• email, call, and support communications;
• information submitted during commercial discussions.

Account and authentication data

We may collect:

• user name and work email;
• tenant, workspace, role, and permission information;
• invitation and magic-link records;
• password authentication records, such as password hashes;
• login, session, device, browser, IP address, and security log information;
• user activity and audit records inside the Platform.

Customer business and inspection data

Customers and authorised users may submit business and operational data, including:

• customer organisation information;
• asset, tower, site, and location records;
• mission and inspection records;
• RGB images, thermal images, panorama files, orthophotos, point-cloud files, and related evidence;
• geospatial data, annotations, measurements, findings, severity labels, review decisions, and reports;
• configuration, taxonomy, workflow, and reporting preferences;
• user-generated comments, notes, and audit trails inside a private customer workspace.

InSite is not designed for uploading unrelated contracts, spreadsheets, or general business documents except where such material is part of an agreed inspection or documentation workflow. Uploading unsupported material may breach our Terms.

Inspection evidence may incidentally contain personal data, such as images of workers, license plates, property, site identifiers, or location information. Customers are responsible for ensuring they have the right to collect, upload, process, and share that data.

Usage, device, and analytics data

We may collect technical and usage data, including:

• IP address;
• device and browser type;
• pages visited;
• feature usage;
• timestamps;
• referral information;
• cookie and similar technology identifiers;
• performance and error information.

We may use Vercel Analytics and Google Analytics for analytics. Where required by law, optional analytics or marketing cookies will be used only with appropriate consent or opt-out controls.

Billing and payment data

Commercial terms are handled through discussion, invoice, wire transfer, or payment link. We may process billing contact details, invoice details, payment status, bank transfer records, tax information, and related communications.

If we send a Stripe payment link, Stripe processes payment information under its own terms and privacy notice. We do not intend to store full card numbers on the InSite Platform.

Support and security data

We may collect support requests, attachments, diagnostic information, audit logs, application logs, security events, access records, and information needed to detect, prevent, or investigate misuse, errors, fraud, or security incidents.

We collect data:

• directly from you when you submit forms, request demos, create or access an account, contact us, or use the Platform;
• from customer administrators who invite users and configure workspaces;
• from customers and authorised users who upload Customer Data;
• automatically through cookies, logs, analytics tools, and similar technologies;
• from service providers involved in hosting, security, payment, email, analytics, and support;
• from commercial discussions and written agreements.

We use personal data to:

• review demo requests and decide whether the current Platform is a fit;
• schedule and provide demos, pilots, onboarding, and support;
• create, authenticate, secure, and manage accounts;
• provide and operate the Platform;
• process Customer Data on customer instructions;
• deliver notifications and transactional emails;
• issue invoices, process payments, and manage commercial records;
• monitor performance, usage, and reliability;
• detect, prevent, and investigate security issues, misuse, fraud, and errors;
• improve the Platform, including through aggregated or de-identified usage metrics;
• send service updates and, where permitted, marketing communications;
• comply with legal, accounting, tax, regulatory, and contractual obligations;
• establish, exercise, or defend legal claims.

Where UK GDPR or EU GDPR applies, we rely on one or more of the following legal bases:

• Contract: to provide the Platform, demos, support, billing, and related services requested by you or your organisation.
• Legitimate interests: to operate, secure, improve, and promote our B2B services, manage customer relationships, prevent misuse, and maintain business records, where those interests are not overridden by your rights.
• Consent: for optional cookies, certain marketing communications, or other processing where consent is required.
• Legal obligation: to comply with tax, accounting, regulatory, sanctions, law enforcement, and other legal requirements.
• Customer instructions: where we process Customer Data as a processor or service provider on behalf of a customer.

InSite may include AI-assisted or automated features, such as defect candidate triage, overlays, measurements, classifications, summaries, or workflow suggestions. These features support human review and are not intended to be used as the sole basis for safety, engineering, compliance, or other high-impact decisions.

Unless a customer approves otherwise, we do not use Customer Data to train or improve generalised AI models or product features in a way that identifies the customer, its assets, sites, users, or individuals.

We may use aggregated or de-identified operational metrics to improve reliability, security, performance, usability, benchmarking, and product quality, provided the output does not identify a customer, asset, site, user, or individual. Customers may request limits on this use by written agreement or by contacting us.

We may share personal data with:

• customers and customer administrators, where needed to manage their workspace and users;
• authorised users within the same customer workspace, according to permissions;
• service providers and subprocessors that help us provide the Platform;
• professional advisers, auditors, insurers, accountants, and legal advisers;
• payment, banking, and invoicing providers;
• regulators, law enforcement, courts, or other authorities where required by law;
• parties involved in a merger, acquisition, financing, reorganisation, or sale of business assets;
• other parties with your consent or as instructed by the customer.

We do not sell personal data for money.

If we use optional marketing or advertising cookies in the future, certain sharing of online identifiers or internet activity data may be considered "sharing" for cross-context behavioral advertising under some US privacy laws. See our Cookie Policy and Do Not Sell or Share page for more information.

The Platform may use the following providers, depending on the feature used:

This list may change as the Platform develops. Customers may request more detailed subprocessor information where required by contract or DPA.

We primarily store customer files in Cloudflare R2 in Western Europe (WEUR) and other application data in Supabase in eu-west-1, based on our current configuration. Other providers may process data in locations needed to provide their services.

Personal data may be accessed or processed from the UK, EEA, US, or other countries where GLORIAPR, its personnel, contractors, or service providers operate.

Where required for transfers of personal data from the UK, EEA, or Switzerland to countries that do not provide an adequate level of protection, we use appropriate safeguards, which may include the EU Standard Contractual Clauses, the UK International Data Transfer Agreement or UK Addendum, adequacy decisions, or other lawful transfer mechanisms.

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required by law, contract, accounting, tax, security, dispute, or regulatory obligations.

Typical retention periods are:

We use technical and organisational measures designed to protect personal data and Customer Data. These may include HTTPS/TLS, tenant-aware access controls, row-level security, role-based permissions, audit logging, application logging, backup processes, restricted internal access, and security checks.

No system is completely secure. Customers are responsible for managing user permissions, using the Platform securely, and protecting exported reports, files, and evidence outside the Platform.

Depending on where you live and which law applies, you may have rights to:

• access your personal data;
• receive information about how we process it;
• correct inaccurate personal data;
• request deletion;
• restrict or object to processing;
• request data portability;
• withdraw consent where processing is based on consent;
• opt out of certain marketing or targeted advertising uses;
• lodge a complaint with a supervisory authority.

To exercise rights, contact team@in-site.io. Please use the subject line "Privacy Request" where possible.

If your personal data is contained in Customer Data that we process as a processor or service provider, we may refer your request to the relevant customer or ask you to contact that customer directly.

You may also have the right to complain to the UK Information Commissioner's Office (ICO) or another applicable data protection authority.

If you are a California resident or a resident of another US state with applicable privacy rights, you may have rights to know, access, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and not be discriminated against for exercising your rights.

We do not sell personal data for money. If optional marketing or advertising technologies are enabled, you may opt out of sharing for cross-context behavioral advertising through our cookie settings, by using a recognised opt-out preference signal where applicable, or by contacting team@in-site.io.

See our Do Not Sell or Share page for more information.

We may send business-to-business marketing or product communications where permitted by law. You can opt out of marketing emails by using the unsubscribe link, replying to the email, or contacting team@in-site.io.

We may still send service, security, billing, legal, and transactional communications.

We use cookies and similar technologies for authentication, security, preferences, analytics, and, where implemented, marketing. Optional cookies will be managed through a cookie banner or preference centre where required.

See our Cookie Policy for details.

InSite is not intended for children or anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact team@in-site.io.

We may update this Privacy Policy from time to time. The effective date above shows when it was last updated. If we make material changes, we will use reasonable efforts to notify affected users or customers through the Platform, email, or another appropriate channel.

For privacy questions or requests, contact:

• GLORIAPR Ltd
• 182-184 High Street North, London E6 2JA, United Kingdom
• Email: team@in-site.io
• Company No. 16313878
• ICO Reg No. ZB946447