Transformation Diagnostics AI Ltd (Company No. 15358901), trading as Intriq AI, is a private limited company registered in England & Wales.

Registered Address: 20 Wenlock Road, London, N1 7GU, United Kingdom

We design and operate AI-driven platforms for data analysis, automation, and reporting. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the Data Controller for personal data described in this Policy.

Contact: security@intriq.ai

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you:

• visit or interact with any Intriq.AI website or mobile/desktop application;
• create an account, upload content, or otherwise use our SaaS platform;
• communicate with us via email, chat, social media, or other channels;
• participate in events, webinars, research, or surveys hosted by us;
• apply for employment or provide services to us.

It does not cover third-party websites or services that link to or from our properties.

We do not intentionally collect special-category data unless you voluntarily provide it and its processing is necessary for a described purpose.

• Direct interactions - forms, chat, email, telephone, in-product input.
• Automated technologies - cookies, SDKs, server logs, analytics tools.
• Third parties - business partners, authentication providers, public sources, recruiters.

Where we rely on consent, you may withdraw it at any time without affecting processing performed before withdrawal.

• Provide, maintain, and personalise the Intriq.AI platform;
• Authenticate users and authorise access (MFA, RBAC);
• Process payments and manage subscriptions;
• Detect, investigate, and prevent fraud, abuse, or security incidents;
• Generate anonymised statistics and product insights;
• Communicate service updates, security alerts, and marketing (where permitted);
• Fulfil contractual or legal requirements (e.g. tax invoices, court orders).

We never sell personal data.

Our services may employ automated scoring or anomaly-detection models to flag potential fraud or suspicious activity. These processes do not produce legal or similarly significant effects without human review. You may request human intervention, contest a decision, or express your viewpoint (Art 22 UK GDPR).

We retain personal data only for as long as necessary to:

• deliver the service you requested,
• satisfy legal, tax, audit, or regulatory requirements, or
• resolve disputes and enforce agreements.

Upon expiry, data is securely deleted or irreversibly anonymised. We respect your Right to Erasure under UK GDPR and EU GDPR. Requests for deletion may be sent to privacy@intriq.ai.

• Encryption - TLS 1.2+ in transit; AES-256 at rest.
• Infrastructure - hosted in Supabase and Krystal Hosting UK (compute, networking) in UK/EU regions.
• Access controls - least-privilege IAM, MFA, RBAC, row/column-level security.
• Monitoring - real-time threat detection, immutable audit logs, SIEM alerting.
• Compliance - SOC 2 (Type II), ISO 27001, and PCI-DSS certifications.
• Data residency - all production data is stored and backed-up exclusively within the EU Central (Frankfurt, Germany) region.

A detailed Technical & Organisational Measures (TOMs) schedule is available on request.

AI Vendors: Where AI models are used (AWS Bedrock Claude 3.5 Sonnet), we ensure no customer data is used for foundational model training. AWS Bedrock enforces strict data isolation.

Live Register: A complete and always up-to-date list is maintained online. Clients will be notified of material changes at least 30 days in advance.

All production customer data is stored in the EU Central (Germany) region and is not routinely transferred outside the EEA. Where limited transfers occur (e.g., to the US), safeguards are applied.

• UK International Data Transfer Addendum (IDTA) to SCCs;
• Adequacy regulations under UK/EU law;
• Other lawful transfer mechanisms approved by ICO/EU Commission.

For details, see our Subprocessor Register or contact privacy@intriq.ai.

• to sub-processors listed above, strictly for service delivery;
• to professional advisers under confidentiality;
• when required by law, subpoena, or regulatory authority;
• in connection with a merger, acquisition, or sale of assets (with notice);
• with your explicit consent.

We use cookies, pixels, and SDKs for functionality, analytics, and advertising. Full details and controls are set out in our Cookie Policy.

• Access - obtain a copy of your personal data;
• Rectify - correct inaccurate or incomplete data;
• Erase - request deletion ("right to be forgotten");
• Restrict - limit processing;
• Port - receive data in machine-readable format;
• Object - to legitimate interests or direct marketing;
• Withdraw consent - at any time.

To exercise any right, email security@intriq.ai. We may need to verify your identity and will respond within one month.

If unresolved, you can complain to the UK Information Commissioner's Office (ICO): https://ico.org.uk Tel: +44 303 123 1113

Our services are not intended for individuals under 18. We do not knowingly collect data from minors.

If you believe a minor has accessed the service, contact security@intriq.ai so we can delete their data.

If a breach risks your rights, we will notify the ICO within 72 hours and affected individuals without undue delay.

For details, see our Security & Bug Reporting Policy.

We may update this Privacy Policy to reflect legal, technical, or business developments. Material changes will be announced at least 14 days before they take effect.

Policy Owner: Head of Engineering - Chris Ward

Intriq.AI - Transformation Diagnostics AI Ltd, 20 Wenlock Road, London, N1 7GU, United Kingdom

📧 security@intriq.ai