Privacy Policy

1. Introduction

Algorise Ltd (company number 16172498), registered at 20 Wenlock Road, London, England, N1 7GU ("Algorise", "we", "us", or "our"), operates the Algorise platform at try.algorise.ai. We are the data controller for personal data collected through our website and platform, and act as a data processor when handling customer-uploaded content on behalf of our customers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

2. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person, as defined under UK GDPR.
• "Customer Data" means documents, files, and content you upload to the platform for processing and knowledge management.
• "Service Data" means data generated through your use of the platform, including usage logs, conversation history, and analytics.
• "Processing" means any operation performed on Personal Data, including collection, storage, retrieval, use, and deletion.
• "Sub-Processor" means a third-party service provider engaged by Algorise that processes Personal Data on our behalf.
• "Output" means AI-generated responses, analysis, reports, and other content produced by the Service based on your inputs.

3. Information We Collect

We may collect the following types of information:

• Account Information: Name, email address, and organizational details provided during registration.
• Usage Data: Information about how you interact with our platform, including queries, conversations, and feature usage.
• Documents and Data: Files, documents, and data you upload to the platform for processing and knowledge management.
• Payment and Billing Data: Payment method details, billing address, and transaction history processed through our payment providers. We do not store full payment card numbers on our servers.
• Third-Party Integration Data: When you connect third-party services (such as Google Workspace, Slack, or other integrations), we access only the data necessary to provide the requested functionality.
• Technical Data: Browser type, IP address, device information, and cookies for platform functionality and analytics.

4. Legal Basis for Processing

Under UK GDPR Article 6, we process your Personal Data on the following legal bases:

• Contract Performance (Art. 6(1)(b)): To provide the Service, manage your account, process your queries, and deliver AI-generated outputs as part of your subscription.
• Legitimate Interests (Art. 6(1)(f)): To improve and optimize our platform, ensure security, prevent fraud, and communicate platform updates. We balance these interests against your rights and freedoms.
• Consent (Art. 6(1)(a)): For optional analytics cookies and marketing communications where applicable. You may withdraw consent at any time.
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws, regulations, and legal processes, including tax, accounting, and regulatory requirements.

5. How We Use Your Information

• To provide, operate, and maintain our AI-powered platform services.
• To process your queries and deliver AI-generated responses and analysis.
• To manage document storage, indexing, and knowledge retrieval.
• To facilitate third-party integrations you authorize.
• To improve and optimize our platform and services.
• To communicate with you about your account and platform updates.
• To process payments and manage your subscription.
• To ensure security and prevent fraud or abuse.

6. Our Role as Controller and Processor

As Data Controller: We act as the data controller for Personal Data we collect directly, including account information, technical data, usage data, and payment data. We determine the purposes and means of processing this data.

As Data Processor: When you upload Customer Data (documents, files, and content) to the platform, we act as a data processor on your behalf. We process this data solely under your instructions and for the purpose of delivering the Service. You remain the data controller for any Personal Data contained within your Customer Data and are responsible for ensuring you have the appropriate legal basis to share it with us.

7. Third-Party Integrations & Google API

Our platform allows you to connect third-party services such as Google Workspace (Gmail, Google Drive, Google Calendar, Google Sheets), Slack, and other tools. When you authorize these integrations:

• We only access the data necessary for the specific integration functionality.
• Your credentials are securely managed through our integration partners.
• You can revoke access to any integration at any time.
• We do not sell or share your third-party data with unrelated parties.

Google API Services: Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: data obtained through Google APIs is used only to provide and improve user-facing features of the Service; we do not use Google API data for advertising, training AI models, or any purpose unrelated to the functionality you authorized; and we do not allow humans to read Google API data except with your affirmative consent, for security purposes, to comply with applicable law, or where the data is aggregated and anonymized for internal operations.

8. AI and Machine Learning

Our Service uses third-party AI model providers to process your queries and generate outputs. The following applies to AI processing:

• No training on your data: We do not use your Customer Data, conversations, or documents to train, fine-tune, or improve any AI models.
• Third-party AI providers: We use Anthropic, OpenAI, and Google as AI inference providers. Your data is sent to these providers only as necessary to deliver the Service functionality you request. Each provider operates under their own data processing terms and privacy policies.
• Data minimization: We send only the minimum data necessary to generate the requested output. Conversation context and document excerpts are transmitted securely and are not retained by AI providers beyond the processing request, subject to their respective data processing agreements.

9. Sub-Processors

We use the following sub-processors to deliver the Service. Each sub-processor processes data only as necessary for its stated purpose:

We will endeavour to provide reasonable advance notice before adding or replacing a sub-processor that materially changes how your data is processed.

10. International Data Transfers

Algorise is a UK-registered company. Several of our sub-processors are based in the United States and other countries outside the United Kingdom. When we transfer Personal Data outside the UK, we ensure appropriate safeguards are in place, including: the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) with the UK Addendum, as applicable; ensuring the recipient provides adequate technical and organizational security measures; and conducting transfer impact assessments where required. You may request a copy of the relevant safeguards by contacting us at support@algorise.ai.

11. Data Storage and Security

We implement industry-standard security measures to protect your data, including:

• Encryption at rest: All stored data is encrypted using AES-256 encryption.
• Encryption in transit: All data transmitted between your device and our servers is protected using TLS 1.2 or higher.
• Access controls: We use role-based access controls (RBAC) to restrict data access to authorized personnel only.
• Multi-tenant isolation: Customer data is logically separated across organizations, ensuring your data remains private and inaccessible to other tenants on the platform.
• Security practices: We apply security patches and updates in a timely manner and periodically review our security posture.

12. Data Retention

We retain your data according to the following schedule:

• Account data: Retained while your account is active and for up to 90 days following account termination to allow for reactivation or data export.
• Conversations and AI outputs: Retained while your account is active. Deleted within 90 days of account termination.
• Uploaded documents: Retained while stored in your account. Deleted from our systems and vector stores within a reasonable timeframe following removal by you or account termination.
• Technical and usage logs: Retained for up to 12 months for security monitoring and platform improvement, then deleted or anonymized.
• Payment records: Retained as required by applicable tax and accounting regulations (typically 6 years in the UK).

You may request earlier deletion of your data at any time by contacting us. Deletion requests are subject to legal retention requirements.

13. Data Sharing

We do not sell your personal information. We may share data with:

• Sub-processors listed in Section 9, solely for the purpose of delivering the Service.
• Third-party integrations you explicitly authorize.
• Legal authorities when required by law, regulation, or legal process, or to protect our rights, property, or safety, or that of our users or the public.
• Professional advisors (lawyers, auditors, insurers) as necessary for our business operations, subject to confidentiality obligations.
• A successor entity in the event of a merger, acquisition, or sale of assets, in which case we will notify affected users and ensure the successor is bound by equivalent data protection obligations.

14. Your Rights (UK GDPR)

Under UK GDPR, you have the following rights in relation to your Personal Data:

• Right of access: Request a copy of the Personal Data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your data where there is no compelling reason for continued processing.
• Right to restrict processing: Request that we limit how we use your data in certain circumstances.
• Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at support@algorise.ai. We will respond to your request within a reasonable timeframe and in accordance with applicable data protection law. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• No sale of personal information: We do not sell your personal information to third parties, and we have not done so in the preceding 12 months.
• Right to know: You may request details about the categories and specific pieces of personal information we have collected about you.
• Right to delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to correct: You may request correction of inaccurate personal information.
• Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at support@algorise.ai. We will verify your identity before processing your request and respond within a reasonable timeframe in accordance with applicable law.

16. Cookies

We use the following categories of cookies:

• Essential cookies: Required for platform functionality, including authentication (Clerk session tokens) and security. These cannot be disabled.
• Functional cookies: Used to remember your preferences and settings (e.g., theme, language).
• Analytics cookies: Used to understand how the platform is used and to identify areas for improvement. These are only set with your consent where required by law.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

17. Data Processing Agreement

A Data Processing Agreement (DPA) is available on request for enterprise customers and any customer who requires one for compliance purposes. Our DPA covers the scope and purpose of processing, sub-processor obligations, data breach procedures, and audit rights. To request a DPA, contact us at support@algorise.ai.

18. Children

The Service is not directed to individuals under the age of 16 (the age of digital consent under UK GDPR). We do not knowingly collect Personal Data from children under 16. If we become aware that we have inadvertently collected Personal Data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with Personal Data, please contact us at support@algorise.ai.

19. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will use reasonable efforts to notify you via email or through the Service before the changes take effect. We will post the updated policy on this page with a revised date. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.

20. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@algorise.ai.

Our supervisory authority is the Information Commissioner's Office (ICO), the UK's independent body set up to uphold information rights. You can contact the ICO at ico.org.uk or by post at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.