Privacy Policy

GRAFT (Guided Risk Assessment Field Tool) is built and operated by Appstorius. We take your privacy seriously and collect only what is necessary to provide the service.

• Account information — name, email address, and hashed password when you sign up.
• Company data — company name and account type (solo or team) chosen during registration.
• Assessment data — risk assessments, method statements, GRIP codes, hazard records, photos, and signatures you create in the app.
• Contact submissions — name, email, and message content when you use the contact form.
• Usage data — basic request logs handled by Cloudflare (IP address, user agent, timestamps). We do not use third-party analytics.

GRAFT uses a single authentication cookie (graft-auth) containing a signed JWT token. This cookie is:

• HttpOnly and Secure (cannot be read by JavaScript)
• SameSite=Lax
• Used solely for authentication — no tracking or advertising

We do not use any third-party cookies, analytics trackers, or advertising pixels.

All data is stored in Cloudflare D1 (SQLite) databases and Cloudflare R2 object storage. Infrastructure is hosted on Cloudflare Workers, which runs in data centres worldwide. Your data is processed at the edge location nearest to you.

• To provide and operate the GRAFT service
• To authenticate you and maintain your session
• To respond to contact form submissions
• To improve the service (aggregated, non-personal usage patterns only)

We do not sell, rent, or share your personal data with third parties.

Your account and assessment data is retained for as long as your account is active. Demo accounts are automatically deleted after 4 hours. You can request deletion of your account and all associated data at any time by contacting us.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your assessment data

For privacy-related enquiries, contact us at grafthi@appstorius.com or use our contact form.