Nous AI Ltd ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, platform, applications, APIs, and other services (collectively "Services").
1. Data Controller and Data Processor Roles
When We Act as Data Controller
We act as the data controller when processing personal data for our own business purposes, including:
- Account registration and user authentication data
- Billing and payment information
- Usage analytics and platform performance metrics
- Customer support communications
- Marketing communications
When We Act as Data Processor
We act as a data processor when processing personal data contained within any documents, files, or other content that you upload, input, or process through our Services. This includes:
- Documents, files, and content uploaded to our platform
- Text queries and search terms
- Workflow data and instructions
- Any personal data contained within your uploaded content
2. Legal Basis for Processing
When we act as Data Controller: We process your personal data under the following legal bases as defined by GDPR:
- Contract Performance: Processing necessary to provide our services under our Terms of Service
- Legitimate Interests: For service improvement, security, fraud prevention, and marketing to existing customers
- Legal Obligation: To comply with accounting, tax, and regulatory requirements
- Consent: For marketing communications to prospects and optional features
When we act as Data Processor: You remain the data controller. We process this data solely to provide the contracted services as agreed in your Subscription Agreement and in accordance with applicable data protection laws. The legal basis for processing is determined by you, and we process data only as necessary to provide our Services.
3. How We Use Personal Data
When we act as Data Controller, we use your personal data for:
- Providing and maintaining access to our Services
- Processing your account registration and managing your subscription
- Handling billing and payment processing
- Providing customer support and technical assistance
- Improving our services through usage analytics and performance monitoring
- Ensuring platform security and preventing fraud
- Complying with legal and regulatory obligations
- Sending service-related communications and updates
- Marketing our services
When we act as Data Processor for client data:
- Storing and retrieving your uploaded content securely
- Processing documents and content through our algorithms to provide the contracted services
- Maintaining system functionality and performance for your data
4. Data Sharing and Third Parties
We may share your personal data with third-party service providers, but only to carry out the specific services they are performing for us in order to provide our Services and under appropriate data protection agreements.
This may include service providers who provide email or electronic communication services, tax, legal and accounting services, payment processing, fraud prevention and detection, web hosting and cloud storage, and artificial intelligence services, which may process your data to help provide our Services.
Neither we nor any of our third-party service providers use your personal data to train artificial intelligence models.
We may transfer your data outside the UK/EEA only where adequate protections are in place, including Standard Contractual Clauses or adequacy decisions by the UK/EU authorities
We do not sell, rent, or trade your personal data to third parties.
5. Data Retention
Data where we act as Controller:
- Account Data: Retained for the duration of your subscription plus 12 months after account closure
- Billing and payment records: Retained for 7 years after final payment to comply with financial record-keeping requirements
- Usage Data: Aggregated and anonymised after 24 months
- Marketing Data: Retained until consent is withdrawn or account closure
- Support Communications: Retained for 3 years to provide ongoing support
Client Data where we act as Processor:
- During active subscription: Data is retained according to your requirements and usage of the platform
- Upon subscription termination: Data will be deleted within 90 days unless you request earlier deletion or legal requirements mandate longer retention
- Customer-requested deletion: Data can be deleted at any time upon your written request
Client data retention is controlled by you as the data controller. As data processor, we follow your instructions regarding retention periods and deletion of your content.
Deletion Process:
When retention periods expire or upon deletion requests, we securely delete personal data from all our systems, including backups, within a reasonable timeframe not exceeding 90 days, except where retention is required by law.
6. Data Security
We implement appropriate technical and organisational measures designed to protect your personal data against unauthorised access, disclosure, alteration, and destruction.
Our security framework includes encryption of data both in transit and at rest using industry-standard protocols.
We maintain strong authentication practices and administrative access controls that limit system access to authorised personnel only.
Our platform architecture incorporates data segregation techniques to ensure customer data remains isolated and separate from other tenants' information.
We also provide IP-based access restrictions upon customer request to allow organisations to limit platform access to specific network ranges.
7. Your Rights
For data where we act as Controller: You have the right to access, rectify, erase, restrict processing of, or receive a portable copy of your personal data. You may also object to processing based on legitimate interests or for marketing purposes, and you have rights regarding any automated decision-making or profiling.
For client data where we act as Processor: Since you are the data controller for your uploaded content, you should exercise data subject rights directly with us regarding your client data, or contact the relevant data subjects if they request access to data you've uploaded to our platform.
To exercise any rights regarding data where we act as controller, please contact us at privacy@nousai.com. We will respond within one month of receiving your request.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website and services. You can manage your cookie preferences through your browser settings.
Essential Cookies: Required for basic website functionality
Analytics Cookies: Help us understand how you use our services
Marketing Cookies: Used for targeted advertising (with your consent)
9. Children's Privacy
Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email. The updated policy will be effective from the date of publication.
11. Complaints and Regulatory Authority
If you have concerns about how we handle your personal data, please contact us first. If you remain unsatisfied, you have the right to lodge a complaint with the UK's supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
12. Contact Information
If you have any questions about this Privacy Policy or our data processing practices, please contact us:
Nous AI Ltd
71-75 Shelton Street, Covent Garden
London, WC2H 9JQ
United Kingdom
Email: privacy@nousai.com
General Enquiries: info@nousai.com