Privacy Policy | Always On

1 About This Policy

This Privacy Policy explains how personal data is collected, stored and used within the Always On platform (alwayson.plangrowdo.com). It is intended for:

Sales representatives and managers who use Always On on behalf of their employer
Contacts and prospects whose data is entered into the platform

Always On is operated by Plan Grow Do, a trading name of Plan Grow Do Ltd ('PGD', 'we', 'us'). The platform is provided to business clients ('tenants') as a B2B sales management tool.

2 Data Controllers and Processors

Role	Party	Responsible for
Data Controller	The tenant (your employer / the business that subscribes to Always On)	All contact and prospect data entered into the platform; how that data is used for sales and qualification
Data Processor	Plan Grow Do	Operating the platform infrastructure; processing data strictly on the tenant's instruction

If you have a question about how your employer uses your contact data within Always On, you should contact them directly as the Data Controller. If your question is about how the platform itself works or how PGD handles data, contact info@plangrowdo.com.

3 Data the Platform Holds

3.1 User Account Data (Reps and Managers)

When you are invited to Always On as a team member, the following data is held:

Name, email address, job title
Profile picture (if uploaded)
LinkedIn URL, regions, specialities, sectors (if provided)
Connected email account information (Gmail or Outlook OAuth token — encrypted at rest)
Login timestamps and activity logs within the platform

Lawful basis: Contract performance — providing access to the platform under the tenant's subscription.

3.2 Contact and Prospect Data

The platform holds data about your company's contacts and prospects. Your employer (the tenant) is the Data Controller for this data. It includes:

Name, email address, phone number
Company name, job title, sector, region
Enquiry content and communication history
BANT qualification scores and notes
Pipeline stage, assigned rep, meeting notes
Resources and documents shared with the contact

If you are a contact whose data has been entered into Always On by a business, the lawful basis for that processing is determined by the tenant (Data Controller). To exercise your data rights, contact the business directly.

3.3 Communication Data

Where email sync is enabled by a rep, the platform captures:

Emails sent to and received from contacts whose records exist in the platform
WhatsApp conversations handled by the Sally AI agent (where enabled by the tenant)
Form submissions received through tenant-embedded web forms

3.4 AI-Processed Data

Always On uses AI agents (Sally, Dan, Caroline) powered by Google Gemini. When the AI processes a contact interaction:

Contact record data and communication history are sent to the Gemini API for analysis and response generation
The AI does not store data independently between sessions
Google does not use API data to train its models (API usage terms)
Data processed by the AI is subject to Google's Cloud API data handling policies

4 How We Use Platform Data

Purpose	Lawful basis
Provide and operate the Always On platform	Contract performance
Authenticate users and manage access	Contract performance / legitimate interest
Enable AI-assisted qualification and communication	Contract performance (on behalf of tenant)
Sync emails between rep mailboxes and contact records	Consent — rep explicitly authorises via OAuth
Send transactional emails (invites, notifications)	Contract performance
Security monitoring and fraud prevention	Legitimate interest
Platform analytics and improvement	Legitimate interest

5 Where Data Is Stored

Component	Provider	Location
Database	Supabase (PostgreSQL)	EU — Ireland (eu-west-1)
File storage	Supabase Storage	EU — Ireland (eu-west-1)
Email sending	Resend	EU region
Application hosting	Vercel	Edge — primarily EU
AI processing	Google Gemini API	Google Cloud
WhatsApp messages	Meta Cloud API	Meta infrastructure

All primary data storage is within the EU. Where data is processed outside the EU (Google, Meta), appropriate safeguards are in place under Standard Contractual Clauses.

6 Data Isolation and Security

Always On is a multi-tenant platform. Your employer's data is strictly isolated from all other tenants:

Every record is tagged with a tenant_id at the database level
Row Level Security (RLS) enforces that queries can only return data belonging to the authenticated user's tenant
No cross-tenant data access is possible at any level
All data is encrypted in transit (TLS/HTTPS) and at rest
OAuth tokens for email sync are encrypted separately with a dedicated encryption key
Platform access is invite-only — no self-registration

7 Email Sync

If you connect your Gmail or Outlook account to Always On:

You explicitly authorise access via OAuth — you can disconnect at any time from your profile settings
Only emails matching existing contact records in the platform are synced
OAuth tokens are encrypted at rest and are never visible to other users or PGD staff
Disconnecting your account immediately stops further sync

8 Data Retention

Data type	Retention	Deletion
Contact and prospect records	Until deleted by the tenant	Tenant manager can delete any record
Communication history	Tied to contact record	Deleted with the contact record
User accounts	Until removed by the tenant manager	Manager removes team members
Email sync history	Tied to contact record	Deleted with the contact record
Platform logs	30 days	Automatic
Bug reports	12 months	PGD admin managed

9 Your Rights

As a platform user (rep or manager)

Access, correct or request deletion of your account data — contact your manager or info@plangrowdo.com
Disconnect your email account at any time from your profile settings
Request deletion of your Always On account — contact your manager

As a contact whose data is in the platform

Your rights should be exercised with the business (tenant) that entered your data — they are the Data Controller
If you cannot reach them, contact rob@plangrowdo.com and we will direct your request appropriately

10 Complaints

If you have a concern about how data is handled within Always On, contact info@plangrowdo.com in the first instance.

You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

11 Changes to This Policy

We may update this policy as the platform evolves. The version date at the top indicates when it was last revised. Significant changes will be notified to tenant administrators.

Platform Privacy Policy

Contents

1 About This Policy

2 Data Controllers and Processors

3 Data the Platform Holds

3.1 User Account Data (Reps and Managers)

3.2 Contact and Prospect Data

3.3 Communication Data

3.4 AI-Processed Data

4 How We Use Platform Data

5 Where Data Is Stored

6 Data Isolation and Security

7 Email Sync

8 Data Retention

9 Your Rights

As a platform user (rep or manager)

As a contact whose data is in the platform

10 Complaints

11 Changes to This Policy