Skip to content

Terrain CAFM is in pre-release. This notice describes the intended service and takes effect at general availability.

This notice covers what is specific to Terrain CAFM, the facility management service provided by Terrain Systems Ltd at app.terraincafm.com. Read it together with our Privacy Policy, which explains our identity, lawful bases, your rights, international transfers and how to complain to the ICO.

1. Our role

For the data a customer and its users put into Terrain CAFM, the customer is the data controller and we are the data processor, acting on documented instructions under the Terrain CAFM Data Processing Agreement. If you use Terrain CAFM through your employer or another organisation, that organisation's privacy notice applies first; direct rights requests to them and we will assist.

We are the controller for account administration, billing, support and our own business records, as described in the Privacy Policy.

2. Personal data processed in Terrain CAFM

  • Account and identity data: name, work email address, job role, organisation, and authentication identifiers, for staff and any invited external users.
  • Building, site and asset records: building information, asset registers and maintenance regimes, which may include names and contact details of site contacts, contractors and suppliers.
  • Maintenance and audit content: audit records, findings, risk observations, compliance checks, scores, recommendations, responsible parties and close-out actions.
  • Contractor and supplier details: contact information for external parties involved in maintenance, tendering or contract management.
  • Photographs and documents: images and files uploaded against buildings, assets and audits, which may incidentally include individuals.
  • Workflow and audit-trail data: records of who created, reviewed, approved and issued items in the platform.
  • Technical data: IP address, browser and device information generated by use of the service.

Terrain CAFM is a web application. Photographs are taken or uploaded by users; the service does not track device location. We do not intend Terrain CAFM to hold special category data; customers must not enter it without establishing a lawful basis and informing us in writing.

3. Hosting and separation

Terrain CAFM is a multi-tenant service: every customer's data is logically separated and access-controlled. Data is hosted with the providers on our subprocessor list, in UK and EU regions where possible, with transfers to any non-UK provider safeguarded as described in the Privacy Policy.

4. Retention and deletion

Customer data is retained for the duration of the subscription. On termination or expiry the customer may request an export within 30 days, after which we delete the customer's data in accordance with the Data Processing Agreement, subject to any legal retention requirement. Backups expire in the ordinary course of our backup cycle.

5. Your rights

If you are an end user of a customer's subscription, contact that organisation to exercise your rights; we support them in responding. For data where we are the controller, email terraincafm@gmail.com with the subject "Data rights request".