Back to Granted

Privacy Policy

Last updated: 28 March 2026

Applies to users in Ireland and the European Union.

1. Who we are

Granted is an AI-powered planning assistance service for Ireland, operated as the data controller for the purposes of the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

Data controller contact: hello@granted.ie

2. What data we collect

We collect and process the following categories of personal data:

CategoryExamples
Account dataEmail address provided when you sign up or log in.
Planning dataPlanning reference numbers you submit for monitoring or analysis; project descriptions and queries you enter.
Usage dataFeatures accessed, queries submitted, documents uploaded, timestamps of activity, and feedback you provide.
Technical dataIP address, browser type, device type, and session identifiers. Collected automatically when you use the service.

We do not collect special category data (e.g. health, financial, or political data) and we do not sell your personal data to any third party.

3. Why we collect it

We collect and process your personal data solely to provide and improve the Granted service. Specifically:

  • To operate the service — authenticating your account, storing your planning reference numbers, and returning AI-assisted planning guidance.
  • To monitor planning applications — using planning reference numbers you submit to check application status on your behalf.
  • To send service communications — sign-in links, application status updates, and critical service notices via email.
  • To improve the service — analysing anonymised usage patterns to identify areas for improvement.
  • To ensure security — rate limiting, abuse prevention, and fraud detection.

4. Legal basis for processing

We rely on the following lawful bases under Article 6 GDPR:

Contract

Processing your email address and planning data is necessary to provide the service you signed up for (Art. 6(1)(b)).

Legitimate interest

Security monitoring, abuse prevention, and service improvement based on anonymised usage data (Art. 6(1)(f)). You may object to this processing at any time.

Consent

Analytics cookies, where you have opted in via the cookie banner (Art. 6(1)(a)). You may withdraw consent at any time without affecting lawfulness of prior processing.

5. Data retention

We retain personal data only as long as necessary for the purposes set out in this policy:

Data typeRetention period
Active account data (email, profile)Retained while account is active
Planning monitoring sign-upsDeleted 12 months after last activity on the associated account
User feedback and ratingsAnonymised after 6 months; anonymised data may be retained indefinitely for service improvement
Account data on deletionPurged within 30 days of account deletion request
Server/security logsUp to 90 days

6. Where your data is stored

All personal data processed by Granted is stored exclusively on servers located within the European Union:

Our primary database and authentication service (Supabase) operates in the EU West (Ireland) region. No personal data is transferred outside the EEA without appropriate safeguards.

Planning queries are processed by Anthropic's API (see Section 7). Anthropic operates under Standard Contractual Clauses for international transfers in compliance with GDPR Chapter V.

7. Third-party data processors

We share your data with the following processors solely to operate the service. Each is bound by a Data Processing Agreement:

Supabase

Authentication & database

Stores your account details, planning data, and session tokens. Data hosted in EU West (Ireland).

Anthropic

AI processing

Planning queries and uploaded documents are sent to Anthropic's Claude API for AI analysis. Anthropic does not use your data to train models under their API terms. See Anthropic's Privacy Policy for details.

Resend

Transactional email

Sends sign-in links and application status notifications to your email address.

8. Cookies

Cookies are small text files placed in your browser. We use them to keep the service working and, with your consent, to understand how Granted is used.

NameTypePurpose
sb-*NecessaryKeeps you signed in. Set by Supabase, our authentication provider.
planassist_cookie_consentNecessaryStores your cookie preference in localStorage so we do not ask again.
Analytics cookiesAnalyticsHelp us understand how the app is used so we can improve it. Only set if you choose “Accept all” in the cookie banner.

Managing your cookie preferences

On your first visit you will see a cookie banner where you can choose Accept all or Necessary only.

To change your preference at any time, clear this site's localStorage in your browser settings — the banner will reappear on your next visit.

9. Your rights under GDPR

As a data subject under the GDPR you have the following rights:

Right of access (Art. 15)

Obtain a copy of the personal data we hold about you.

Right to rectification (Art. 16)

Have inaccurate or incomplete data corrected.

Right to erasure (Art. 17)

Have your personal data deleted (“right to be forgotten”), subject to legal retention obligations.

Right to data portability (Art. 20)

Receive your data in a structured, machine-readable format (applies to data processed by automated means on the basis of consent or contract).

Right to restrict processing (Art. 18)

Ask us to pause processing your data in certain circumstances.

Right to object (Art. 21)

Object to processing based on legitimate interests at any time.

Right to withdraw consent

Withdraw consent for analytics cookies at any time without affecting prior lawful processing.

10. How to exercise your rights

To make a data subject request, email us at hello@granted.ie with the subject line “Data Request”. Please include your registered email address so we can verify your identity.

We will respond within 30 days as required by GDPR. Complex requests may be extended by a further two months, in which case we will notify you.

11. Request deletion of your data

Under GDPR Article 17 you have the right to request that we delete all personal data we hold about you. Use the form below to submit a deletion request. We will process it within 30 days and send you a confirmation email.

Deletion will remove your account, planning queries, monitoring sign-ups, and any other data associated with your email address. Data we are legally required to retain (e.g. for fraud prevention) will be anonymised rather than deleted.

Enter the email address associated with your Granted account. We will send a confirmation to this address.

Requests are processed within 30 days as required by GDPR Article 17. You can also email us directly at hello@granted.ie.

12. Complaints

If you are unhappy with how we handle your personal data, please contact us first and we will do our best to resolve the matter.

You also have the right to lodge a complaint with the supervisory authority in Ireland:

Data Protection Commission

21 Fitzwilliam Square South, Dublin 2, D02 RD28

www.dataprotection.ie

13. Changes to this policy

We may update this policy from time to time. Material changes will be communicated in-app or by email before they take effect. The date at the top of this page shows when it was last revised.

Terms of Service →