Privacy Policy

1. Who we are

Trustinera AI Ltd ("Trustinera AI", "we", "us", "our") is a company registered in England and Wales. We provide an enterprise AI platform for financial data categorisation, reconciliation, risk scoring, and governance.

For the purposes of UK GDPR and the Data Protection Act 2018, Trustinera AI Ltd is the data controller for personal data we collect through our website, marketing activities, and account management processes. For personal data processed within the platform on behalf of our customers, we act as a data processor under the customer's instruction.

Contact our Data Protection contact: privacy@trustinera.ai

2. Data we collect

2.1 Data you provide directly

Contact and demo forms: name, work email address, company name, job title, transaction volume range, and any message you include.
Account registration: name, work email, company, password (hashed), and billing information (processed by Stripe — we do not store card numbers).
Communications: email correspondence, support tickets, and chat sessions.
Newsletter subscription: email address and topic preferences.

2.2 Data collected automatically

Usage data: pages visited, time on page, referral source, and button interactions — collected via Google Analytics 4 (with IP anonymisation enabled) subject to your cookie consent.
Technical data: browser type, operating system, screen resolution, and approximate location (country/city level from IP).
Log data: server access logs including IP address, request path, and HTTP response codes, retained for 90 days for security purposes.

2.3 Platform transaction data (customers only)

When you use the Trustinera AI platform, you send us financial transaction data for processing. This data is processed under our Data Processing Agreement (DPA) as a processor acting under your instruction. We do not use your transaction data for any purpose other than providing the contracted service.

3. How we use your data

To respond to demo requests and sales enquiries
To provision, manage, and support your account
To send transactional emails (confirmations, invoices, product notices)
To send marketing communications (with your consent, or under legitimate interest for business contacts)
To analyse website usage and improve our product (with your consent for analytics cookies)
To detect and prevent fraud, abuse, and security threats
To comply with legal obligations (tax, regulatory, court orders)

4. Legal basis for processing

Purpose	Legal basis (UK GDPR)
Responding to enquiries and booking demos	Article 6(1)(b) — contract performance / pre-contract steps
Account management and billing	Article 6(1)(b) — contract performance
Marketing to business contacts	Article 6(1)(f) — legitimate interest
Analytics and website improvement	Article 6(1)(a) — consent (via cookie banner)
Security and fraud prevention	Article 6(1)(f) — legitimate interest
Compliance with legal obligations	Article 6(1)(c) — legal obligation

5. Who we share your data with

We do not sell personal data. We share data only with the following categories of third parties:

Stripe — payment processing (card data never touches our servers)
Google Analytics — website analytics (subject to consent; IP anonymised)
Customer support tools — for managing support tickets and chat
Cloud infrastructure providers — AWS and Azure (UK regions) for hosting and data storage
Legal and regulatory authorities — where required by law

All third-party processors are subject to data processing agreements and operate under equivalent data protection obligations.

6. Data retention

Enquiry / contact data: 2 years from last contact, or until you ask us to delete it
Account data: duration of the account plus 1 year after closure
Transaction data (customers): as configured in your DPA; default 12 months
Marketing data: until you unsubscribe or withdraw consent
Security logs: 90 days
Financial / tax records: 7 years (legal obligation)

7. Your rights

Under UK GDPR you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — ask us to correct inaccurate data
Erasure — ask us to delete your data ("right to be forgotten"), subject to legal retention obligations
Restriction — ask us to restrict processing while a dispute is resolved
Portability — receive your data in a machine-readable format
Objection — object to processing based on legitimate interest, including for direct marketing
Withdraw consent — at any time where processing is based on consent

To exercise any right, email privacy@trustinera.ai. We respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use cookies and similar technologies for:

Category	Purpose	Consent required?
Strictly necessary	Session management, security, cookie consent preferences	No
Analytics	Google Analytics 4 — understanding how visitors use the site	Yes
Marketing	LinkedIn Insight Tag — retargeting and ad performance	Yes

You can manage your cookie preferences at any time via the panel.

9. International transfers

By default, all data is processed and stored within the UK. Where third-party processors transfer data internationally (e.g., some Stripe operations), those transfers are covered by UK IDTA (International Data Transfer Agreement) or equivalent adequacy mechanisms. We do not transfer customer transaction data outside the UK without explicit contractual consent.

10. Contact us

For any privacy-related questions, data subject access requests, or concerns:

Trustinera AI Ltd
Data Protection Contact
privacy@trustinera.ai

We aim to respond to all requests within 30 calendar days.