Legal, Data Privacy & Security Policy

1. Data Collection & Use

  • We collect only the information necessary to deliver and improve our AI solutions, such as interaction logs, usage data, and feedback.

  • Personal and customer data will be used solely to provide AI services and customer support. We rely on lawful bases, such as contract fulfilment, consent, and legitimate interests, for data processing activities. For specific processing activities, you may be asked for your consent.

2. Data Protection & Storage

  • Data is securely stored on encrypted servers, with strict access controls to prevent unauthorised access.

  • We use industry-standard encryption protocols for data at rest and in transit, ensuring data security throughout the storage and transmission processes.

3. International Data Transfers

  • Pheme AI may work with partners and services outside the UK to deliver certain aspects of our AI solutions. Any personal data transferred outside the UK is safeguarded by Standard Contractual Clauses (SCCs) or equivalent protections, ensuring data remains secure and compliant with UK standards.

4. Compliance with Data Regulations

  • Our services and data handling practices comply with the UK GDPR, the Data Protection Act 2018, and other relevant UK regulations, ensuring comprehensive data protection.

  • We continuously review and update our practices to align with any regulatory changes to UK data protection laws.

5. Third-Party Data Sharing

  • Pheme AI does not sell or share your data with third parties except as necessary to deliver our services, and only with trusted, compliant partners.

  • Our partners are vetted for compliance, and we ensure they meet or exceed our security and privacy standards.

6. Data Retention

  • Data is retained only as long as necessary to provide our services or as required by law. Upon termination of services, we securely delete or anonymise data in compliance with UK regulations.

7. Data Breach Notification

  • In the event of a data breach that risks individual privacy, Pheme AI will notify affected parties and the Information Commissioner’s Office (ICO) within 72 hours, as mandated by the UK GDPR. We have protocols in place to promptly address any data breaches to mitigate risk.

8. Client Rights

  • Under the UK GDPR, clients have the right to request access to, correction, or deletion of their data, as well as the right to restrict or object to processing in certain cases. You can submit a request by contacting us at help@pheme-ai.com.

9. Right to Lodge a Complaint

  • If you believe your data rights have been violated, you have the right to file a complaint with the Information Commissioner’s Office (ICO). Visit their website at https://ico.org.uk or call their helpline on 0303 123 1113.

10. Children’s Data

  • Pheme AI is designed for business use and is not intended to collect data from children under the age of 13. We comply with the UK Children’s Code (Age-Appropriate Design Code) and ensure all data protection practices align with the highest standards for children’s privacy.

11. Updates to this Policy

  • This policy may be updated periodically to reflect changes in our practices or legal requirements. We will notify clients of significant changes to ensure transparency and continued trust.

Contact Us

For questions or concerns about our data practices or this policy, please reach out to us at help@pheme-ai.com.