Skip to content

This notice covers what is specific to Terrain Apps, the bespoke internal tools provided by Terrain Systems Ltd, which each customer accesses at its own address on terrainapps.com (for example yourcompany.terrainapps.com). Read it together with our Privacy Policy, which explains our identity, lawful bases, your rights, international transfers and how to complain to the ICO.

1. Our role

Terrain Apps deployments are commissioned by business customers. For the data a customer and its users put into the application, the customer is the data controller and we are the data processor, acting on the customer's documented instructions under the Terrain Apps Data Processing Agreement and the data-processing terms in the signed agreement. If you use Terrain Apps through your employer or another organisation, that organisation's privacy notice applies first; direct rights requests to them and we will assist.

We are the controller for account administration, billing, support and our own business records, as described in the Privacy Policy.

2. Personal data processed in Terrain Apps

  • Account and identity data: name, work email address, job role, organisation, and authentication identifiers.
  • Audit and operational content: audit records, findings, observations, comments, scores, recommendations, building and asset records, contractor details, and any personal data the customer chooses to enter.
  • Photographs: images captured or uploaded during site inspections, which may incidentally include individuals.
  • Digital signatures: signatures applied to finalise reports.
  • Workflow and audit-trail data: records of who created, reviewed, approved and issued audits and reports.
  • Technical data: IP address, browser and device information generated by use of the application.

Terrain Apps is a web application. Photographs are taken or uploaded by users; the application does not track device location. We do not intend Terrain Apps to hold special category data; customers must not enter it without establishing a lawful basis and informing us in writing.

3. Hosting and isolation

Each customer's deployment runs on its own dedicated database, authentication application and file storage. Data is hosted with the providers on our subprocessor list, in UK and EU regions where possible, with transfers to any non-UK provider safeguarded as described in the Privacy Policy.

4. Retention and deletion

Customer data is retained for the duration of the customer's contract. On termination the customer may request an export within 30 days, after which we delete the deployment's data in accordance with the data-processing terms, subject to any legal retention requirement. Backups expire in the ordinary course of our backup cycle.

5. Your rights

If you are an end user of a customer's deployment, contact that organisation to exercise your rights; we support them in responding. For data where we are the controller, email terraincafm@gmail.com with the subject "Data rights request". Terrain Apps has built-in tooling to support controller-assisted access and erasure requests.