Skip to content
Construction Metric

Security and GDPR

Plain English, no theatre

Construction Metric records what your teams say about your projects. That deserves straight answers about where the data lives, who can see it, and what we will never do with it.

Our commitments

Consented groups only

The listener only joins project groups you connect, with the knowledge of the group. It cannot see personal chats, other groups, or anything outside the projects you scope. Group members are told the record exists and why.

Data residency, stated plainly

Project records are stored on dedicated infrastructure in the European Economic Area (Helsinki, Finland), with encrypted backups. AI structuring runs transiently in the United States under UK transfer safeguards. Every sub-processor is named in our data processing agreement.

Your data, your controls

Retention periods are set per project to match your contractual and legal needs. When you ask us to delete a project or a person’s data, we delete it, and confirm it in writing.

No training on your content

Your message content, photos and transcripts are used to build your records. They are not used to train AI models, ours or anyone else’s.

Access is scoped and logged

Portal access is per organisation and per project: your admins see your portfolio, site users see their sites, clients see only what you grant. Access events are logged.

Encryption as standard

Data is encrypted in transit and at rest. Credentials and keys are managed through standard secret-management practice, not spreadsheets.

GDPR, practically

Roles

For project records, your business is the data controller and AI Metric Ltd is the data processor, acting on your documented instructions under a data processing agreement.

Lawful basis and transparency

Site communication records are processed for your legitimate business purposes: contract administration, record-keeping and dispute resolution. Group members are informed that the project group is recorded, which is both good practice and the basis of the record’s evidential value.

Data subject rights

Requests for access, rectification or erasure are supported. Because records serve contractual and legal purposes, erasure is balanced against your retention obligations, and we help you apply that correctly rather than guessing.

Breach handling

If an incident affecting your data ever occurs, we notify you without undue delay with what we know, what we have done and what happens next, so you can meet your own obligations.

Questions, DPAs, or a security review for your IT team: chris@ai-metric.com. We answer these directly, not through a portal.