Privacy Policy - Nous AI for Business

1. Data Controller and Data Processor Roles

When We Act as Data Controller

We act as the data controller when processing personal data for our own business purposes, including:

Account registration and user authentication data
Billing and payment information
Usage analytics and platform performance metrics
Customer support communications
Marketing communications

When We Act as Data Processor

We act as a data processor when processing personal data contained within any documents, files, or other content that you upload, input, or process through our Services. This includes:

Documents, files, and content uploaded to our platform
Text queries and search terms
Workflow data and instructions
Any personal data contained within your uploaded content

2. Legal Basis for Processing

When we act as Data Controller: We process your personal data under the following legal bases as defined by GDPR:

Contract Performance: Processing necessary to provide our services under our Terms of Service
Legitimate Interests: For service improvement, security, fraud prevention, and marketing to existing customers
Legal Obligation: To comply with accounting, tax, and regulatory requirements
Consent: For marketing communications to prospects and optional features

When we act as Data Processor: You remain the data controller. We process this data solely to provide the contracted services as agreed in your Subscription Agreement and in accordance with applicable data protection laws. The legal basis for processing is determined by you, and we process data only as necessary to provide our Services.

3. How We Use Personal Data

When we act as Data Controller, we use your personal data for:

Providing and maintaining access to our Services
Processing your account registration and managing your subscription
Handling billing and payment processing
Providing customer support and technical assistance
Improving our services through usage analytics and performance monitoring
Ensuring platform security and preventing fraud
Complying with legal and regulatory obligations
Sending service-related communications and updates
Marketing our services

When we act as Data Processor for client data:

Storing and retrieving your uploaded content securely
Processing documents and content through our algorithms to provide the contracted services
Maintaining system functionality and performance for your data

4. Data Sharing and Third Parties

We may share your personal data with third-party service providers, but only to carry out the specific services they are performing for us in order to provide our Services and under appropriate data protection agreements.

This may include service providers who provide email or electronic communication services, tax, legal and accounting services, payment processing, fraud prevention and detection, web hosting and cloud storage, and artificial intelligence services, which may process your data to help provide our Services.

Neither we nor any of our third-party service providers use your personal data to train artificial intelligence models.

We may transfer your data outside the UK/EEA only where adequate protections are in place, including Standard Contractual Clauses or adequacy decisions by the UK/EU authorities

We do not sell, rent, or trade your personal data to third parties.

5. Data Retention

Data where we act as Controller:

Account Data: Retained for the duration of your subscription plus 12 months after account closure
Billing and payment records: Retained for 7 years after final payment to comply with financial record-keeping requirements
Usage Data: Aggregated and anonymised after 24 months
Marketing Data: Retained until consent is withdrawn or account closure
Support Communications: Retained for 3 years to provide ongoing support

Client Data where we act as Processor:

During active subscription: Data is retained according to your requirements and usage of the platform
Upon subscription termination: Data will be deleted within 90 days unless you request earlier deletion or legal requirements mandate longer retention
Customer-requested deletion: Data can be deleted at any time upon your written request

Client data retention is controlled by you as the data controller. As data processor, we follow your instructions regarding retention periods and deletion of your content.

Deletion Process:

When retention periods expire or upon deletion requests, we securely delete personal data from all our systems, including backups, within a reasonable timeframe not exceeding 90 days, except where retention is required by law.

6. Data Security

We implement appropriate technical and organisational measures designed to protect your personal data against unauthorised access, disclosure, alteration, and destruction.

Our security framework includes encryption of data both in transit and at rest using industry-standard protocols. We maintain strong authentication practices and administrative access controls that limit system access to authorised personnel only. Our platform architecture incorporates data segregation techniques to ensure customer data remains isolated and separate from other tenants' information.

We also provide IP-based access restrictions upon customer request to allow organisations to limit platform access to specific network ranges.

7. Your Rights

For data where we act as Controller: You have the right to access, rectify, erase, restrict processing of, or receive a portable copy of your personal data. You may also object to processing based on legitimate interests or for marketing purposes, and you have rights regarding any automated decision-making or profiling.

For client data where we act as Processor: Since you are the data controller for your uploaded content, you should exercise data subject rights directly with us regarding your client data, or contact the relevant data subjects if they request access to data you've uploaded to our platform.

To exercise any rights regarding data where we act as controller, please contact us at privacy@nousai.com. We will respond within one month of receiving your request.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and services. You can manage your cookie preferences through your browser settings.

Essential Cookies: Required for basic website functionality
Analytics Cookies: Help us understand how you use our services
Marketing Cookies: Used for targeted advertising (with your consent)

9. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email. The updated policy will be effective from the date of publication.

11. Complaints and Regulatory Authority

If you have concerns about how we handle your personal data, please contact us first. If you remain unsatisfied, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Contact Information

If you have any questions about this Privacy Policy or our data processing practices, please contact us:

Nous AI Ltd
71-75 Shelton Street, Covent Garden
London, WC2H 9JQ
United Kingdom
Email: privacy@nousai.com
General Enquiries: info@nousai.com