Back
Think 360

Privacy Policy

Last updated: 28 March 2026

1. Introduction

Think360 Ltd ("we", "us", "our") is committed to protecting the privacy of users of the AI Crane Monitor platform. This Privacy Policy explains how we collect, use, store, and share your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Think360 Ltd is the data controller for information processed through this Service.
Contact: [email protected]

3. Data We Collect

Account Information

Name, email address, organisation name, role, and password (hashed). Collected at registration and account management.

IoT Device Data

Telemetry data transmitted from crane monitoring devices, including sensor readings, operational metrics, GPS coordinates, timestamps, MAC addresses, and equipment identifiers. This data is collected automatically when devices are connected.

Usage Data

IP addresses, browser type, pages visited, and feature usage for security and service improvement purposes.

Payment Data

Billing details are processed by Stripe and are not stored on our servers. We retain only a reference to your Stripe customer ID.

4. How We Use Your Data

  • Service Delivery: Processing IoT data, generating dashboards, alerts, analytics, and AI-powered insights.
  • Account Management: User authentication, role-based access control, and subscription management.
  • Communications: Service notifications, critical alerts, billing reminders, and important updates.
  • Safety & Compliance: Detecting equipment anomalies, overload events, and maintenance requirements.
  • Service Improvement: Anonymised and aggregated data analysis to improve platform performance and features.

5. Legal Basis for Processing

  • Contract: Processing necessary to provide the Service under your subscription agreement.
  • Legitimate Interest: Service security, fraud prevention, and platform improvement.
  • Legal Obligation: Compliance with applicable laws and regulations.
  • Consent: Where specifically requested (e.g., marketing communications).

6. Data Sharing

We do not sell your personal data. We may share data with:
  • Service Providers: Cloud hosting, payment processing (Stripe), and email delivery services, under data processing agreements.
  • Within Your Organisation: Administrators and managers within your organisation can access operational data and user accounts as permitted by their role.
  • Legal Requirements: Where required by law, regulation, or legal process.

7. Data Retention

  • Account data is retained for the duration of your subscription plus 30 days.
  • IoT telemetry and performance data may be retained for up to 24 months for historical analysis, after which it is automatically purged or anonymised.
  • Billing records are retained for 7 years in accordance with UK tax regulations.

8. Data Security

We implement appropriate technical and organisational measures including:
  • Encryption in transit (TLS) and at rest.
  • Hashed password storage (bcrypt).
  • Role-based access control and multi-tenant data isolation.
  • Rate limiting and API key authentication for device ingestion.
  • Regular security reviews and monitoring.

9. Your Rights

Under UK GDPR, you have the right to:
  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data (subject to legal obligations).
  • Data Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Restrict Processing: Request limitation of how we use your data.

To exercise these rights, contact [email protected]. We will respond within 30 days.

10. International Transfers

Your data may be processed on servers located outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office.

11. Cookies

We use essential cookies for authentication and session management. No third-party tracking cookies are used. By using the Service, you consent to the use of essential cookies necessary for its operation.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification at least 14 days before taking effect.

13. Contact & Complaints

Think360 Ltd
Email: [email protected]

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.