GraftMate ("we", "us", "our") is committed to protecting your personal data. This policy explains what information we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
GraftMate is operated by Andrew Miles, Leicester, UK. You can contact us at andrew@graftmate.co.uk or 07897 787904.
1. Information we collect
When you create an account
- Your name, email address, phone number and trade type
- Your business name, location and the services you offer
- A password (stored as a secure hash — we never see your actual password)
When you use the platform
- Enquiries submitted through your GraftMate website (leads)
- Photos and project information you upload
- Your website content, settings and preferences
- Activity logs (page visits, actions taken in your dashboard)
Automatically collected
- IP address and browser type when you access our platform
- Basic analytics on your website pages (page views, referrer)
2. How we use your information
- To provide and maintain your GraftMate website and dashboard
- To generate AI-powered content for your website using your business details
- To send you leads and enquiries submitted by your website visitors
- To communicate with you about your account, billing and platform updates
- To improve the platform based on usage patterns
- To comply with legal obligations
3. Legal basis for processing
We process your data on the following legal bases:
- Contract: Processing necessary to provide the service you have signed up for
- Legitimate interests: Improving the platform, preventing fraud, maintaining security
- Legal obligation: Compliance with applicable laws
- Consent: Where you have explicitly opted in (e.g. marketing communications)
4. AI content generation
GraftMate uses the Anthropic Claude API to generate website copy for your business. Your business name, trade type, location and services are sent to Anthropic's API to produce this content. Anthropic processes this data in accordance with their privacy policy. We do not send personal contact details (email, phone) to the AI.
5. Data sharing
We do not sell your personal data. We share data only with:
- Anthropic — for AI content generation (business details only)
- Stripe — for payment processing (billing details only)
- Krystal Hosting — our UK hosting provider where your data is stored
- Google — for Google Maps embed functionality on your website
All third-party processors are bound by data processing agreements and GDPR-compliant terms.
6. Data storage and security
Your data is stored on UK-based servers provided by Krystal Hosting. We use encrypted connections (HTTPS), hashed passwords, and access controls to protect your information. SQLite databases containing your data are stored outside the public web root and are not publicly accessible.
7. Data retention
- Account data is retained for as long as your account is active
- If you cancel, your data is retained for 90 days then permanently deleted
- Lead and enquiry data is retained for 24 months
- Billing records are retained for 7 years as required by law
8. Your rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction — ask us to limit how we use your data
- Objection — object to processing based on legitimate interests
To exercise any of these rights, contact us at andrew@graftmate.co.uk. We will respond within 30 days.
9. Cookies
GraftMate uses only essential session cookies required for login and security. We do not use advertising cookies or third-party tracking. No cookie consent banner is required as we use only strictly necessary cookies.
10. Your website visitors
When visitors submit enquiries through your GraftMate website, their name, phone number and message are stored in your leads dashboard. You are the data controller for these enquiries and are responsible for handling them in accordance with UK GDPR. GraftMate acts as a data processor on your behalf.
11. Complaints
If you have concerns about how we handle your data, please contact us first at andrew@graftmate.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113.
12. Changes to this policy
We may update this policy from time to time. We will notify registered users of material changes by email. The current version is always available at graftmate.co.uk/privacy.