Data Handling Commitments

Alloovium is built for construction professionals who trust us with sensitive project documents. We treat your data with the same care you would apply to a physical filing cabinet: we only touch what you give us access to, we use it only to provide the service you asked for, and we delete it when you ask us to.

Every integration you connect is scoped to read-only access. We never write, modify, or delete files in your connected systems.

When you connect an integration (SharePoint, Google Drive, Procore, etc.), Alloovium retrieves document content and stores it in your organisation's encrypted vault on our infrastructure. We store: the full text of documents (for AI querying), document metadata (file name, size, last modified date), and where available, the original file (for full-fidelity preview).

We also store the OAuth access tokens required to read your files. These tokens are encrypted at rest using AES-256 and are scoped to the minimum permissions required for each integration.

We do not use your documents to train AI models. We do not share your documents with other Alloovium customers. We do not sell or broker access to your data. We do not retain copies of your documents after you disconnect an integration beyond the deletion SLA described below.

When you disconnect an integration or delete a project, Alloovium begins purging the associated documents from its storage. Complete deletion from all systems (including backups) takes up to 30 days.

If you close your Alloovium account, all your data is deleted within 30 days of account closure. You can request an accelerated deletion by contacting support.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Infrastructure is hosted on AWS with SOC 2 Type II compliant controls. Access to production data is restricted to authorised Alloovium engineers on a need-to-know basis and is logged.

Alloovium is built to be compatible with the developer policies of every construction platform we integrate with. We do not bulk-export, mirror, or warehouse data from third-party platforms (Procore, Autodesk Construction Cloud, Aconex, SharePoint, etc.). We read documents on demand to answer a specific query, surface the result, and discard the raw retrieval. We do not train, fine-tune, or benchmark any AI model on data sourced from these platforms — including aggregate or de-identified data.

Large-language-model use is strictly inference-time, scoped to the question the user is asking in the moment — the same operational pattern as Procore Assist's own Azure OpenAI usage. This stance is contractually binding under our DPA with each customer and is designed to keep Alloovium on the right side of every integration partner's terms of service.

Questions about how your data is handled? Contact us at privacy@alloovium.com or through the in-app support chat.