Privacy Notice & Cookie Policy

1. About this Policy

1.1This privacy notice and cookie policy ("Policy") explains how Conscium Limited (a limited company incorporated and registered in England and Wales under company number 15404582) and any company controlled by or under common control with Conscium Limited from time to time (together "Conscium", "we", "our", "us"):

1.1.1processes the personal data of visitors to, users of and (where applicable) subscribers of ("you", "your") our websites, products and services that link to this Policy ("Services"); and

1.1.2uses cookies and similar technologies on or in relation to each of our Services (as further explained in section 10 below, headed "Cookies").

1.2This Policy forms part of and is incorporated into any Terms of Use ("Ts&Cs") applicable to the use of our Services. Please note that other 'product or service specific' privacy policies and fair processing notices may apply to the use of your personal data, depending on which of our Services you are using.

1.3Our Services are not intended for persons under the age of majority in the jurisdiction where you live, and we do not knowingly collect data relating to children.

1.4Conscium is the 'data controller' of your personal data and is subject to:

1.4.1the EU General Data Protection Regulation (the "EU GDPR") insofar as we are established in the EU, making our Services available to individuals in the EU, or where our Services are used to monitor individuals' behaviour as far as it takes place in the EU; and

1.4.2the version of the EU GDPR retained in UK law following the UK's exit from the EU (the "UK GDPR") insofar as we are established in the UK, making our Services available to individuals in the UK, or where our Services are used to monitor individuals' behaviour as far as it takes place in the UK.

1.5For the purposes of complying with the EU GDPR and the UK GDPR (which are together referred to below as the "GDPR"), we have appointed a Privacy Lead who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact our Privacy Lead using the information set out in section 9 below.

1.6We may change this Policy at any time by notifying you of a change when you next use our Services. The new terms may be displayed on screen, and you may be required to read and accept them to continue your use of our Services.

1.7This Policy was last updated in March 2026.

2. How we collect your personal data

2.1When you use our Services, we collect your personal data in the following ways:

2.1.1When you access and navigate around any platforms, apps or websites associated with our Services, including when you provide us with feedback;

2.1.2When you communicate with us via a platform, app or website provided as part of or otherwise associated with our Services, or by another means of communication such as email, for example when you request support or submit an enquiry;

2.1.3If you are a subscriber to our Services with a registered account, when you register for an account to gain full access to our subscription Services; and

2.1.4As you interact with our Services, we may automatically collect technical data about your device (including computers, smartphones, tablets and other handheld devices) ("Devices"), and/or your browsing activity. We collect this personal data by using cookies and other similar technologies. We may also receive technical information about you if you visit other websites which use our cookies. Please see our cookie policy at section 10 below for further details.

2.2Where you provide us with personal data relating to others, we understand that you are authorised to provide that information to us, and that you have provided this Policy to them, as appropriate.

3. The categories of personal data we collect

3.1Personal data means any information about an individual from which that person can be identified. If you are a visitor to our website, or where you otherwise interact with us via our website or for example as a prospective customer, we may collect, store and use the following types of personal data about you:

3.1.1Technical data and information about your Device and/or your browsing activity collected using cookies and similar technologies (including details of your Device type, location and internet protocol (IP) address, operating system, browser version, the content viewed during a particular browsing session, and how long you stayed on a particular page). Please see our cookie policy at section 10 below for further details; and

3.1.2Other information that you provide in correspondence in connection with your use of our Services, or in written communications such as email, online forms and web-based messages.

3.2If you are a subscriber to our Services with a registered account, we may also collect, store and use the following types of personal data about you:

3.2.1Your basic identity and contact details, including your first name, last name, and contact details (including email addresses and telephone numbers); and

3.2.2Your account and billing related information, including details of credits purchased, any refunds or sums owing on your account, etc. (however, only Stripe or another third party payment processor will process your payment card details).

3.3We may also collect, store and use certain more sensitive types of personal data in connection with your use of a particular product or Service. Please see the Conscium privacy notice for the relevant product or Service for details.

4. The legal grounds and purposes for processing your information

4.1We may process your personal data because it is necessary for the performance of a contract with you (including our Ts&Cs) and/or where it is necessary for our or a third party's legitimate interests. Our "legitimate interests" include our commercial interests in operating our business, which includes operating any of our Services. In this respect, we may use your personal data for the following:

4.1.1to interact with you before you become a subscriber to our Services (where applicable) with a registered account;

4.1.2to provide the Services and assess the information that you provide through our Services (for example in forms or in emails), including in relation to billing and payment for your use of the Services;

4.1.3to interact with you via our Services, or by another means of communication such as email (for example, to answer enquiries about our Services);

4.1.4outsourcing selected administration functions in connection with our Services to third parties for the purposes of the efficient management of our Services (for example Hubspot for CRM functionality);

4.1.5to monitor and evaluate the performance of our Services, including to administer, support or improve our Services (including any of our products); or

4.1.6for our marketing purposes, including in order to keep you informed of updates to our Services (for example, to let you know about the release of newer versions of software used in connection with our Services, when available).

Note: If you do not wish to receive such marketing information, please let us know now or at any time in the future, and your details will be removed from our mailing list(s).

4.2We may also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data:

4.2.1in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities, where those authorities are acting in compliance with relevant laws applicable to us; and

4.2.2to meet our other compliance and regulatory obligations, including in order to comply with any requirement of any applicable statute, regulation or regulatory rule to which we are subject.

4.3We may also process your personal data for additional reasons where:

4.3.1it is necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property); or

4.3.2we have your specific or, where necessary, explicit consent to do so.

5. When your personal data may be shared with others

5.1For the purposes referred to in this Policy and relying on the legal grounds for processing as set out in section 4 above, we may share your personal data with certain third parties, including:

5.1.1our employees, agents and contractors where there is a legitimate reason for their receiving the information, including: (a) those of our staff and consultants who may provide or offer to provide services to you in response to a request for support or an enquiry made through our Services; (b) providers of outsourced services to us (for example, any third party we engage to administer on our behalf a platform, website or app in connection with our Services); and (c) internal and external auditors;

5.1.2in circumstances where we are required or authorised by law (including applicable data protection laws), court order, regulatory or governmental authorities to disclose your personal data; and

5.1.3with a third party in a business transaction, in the event that all or part of Conscium is sold, merged, dissolved, acquired, or involved in a similar transaction which involves the transfer of our Services (in whole or in part).

6. Transferring your personal data overseas

6.1In the course of making our Services available to you, we may transfer your personal data outside of the UK and/or the European Economic Area ("EEA"), principally to Conscium's offices and servers in the United States; this means that your personal data will not have the automatic protection of UK or European data protection laws (including the GDPR). In these circumstances, in order to ensure that your personal data continues to have adequate protection when it is transferred out of the UK and/or the EEA, your personal data will only be transferred on one of the following grounds:

6.1.1the country or territory to which the transfer is made ensures an adequate level of protection for personal data and such country or territory has been granted an 'adequacy decision' by the European Commission or the UK Secretary of State (as applicable); or

6.1.2Conscium and the recipient of the personal data outside the UK / the EEA have signed a form of model data protection clauses approved by the European Commission (the "Standard Contractual Clauses") or the model "International Data Transfer Agreement" approved by the UK Information Commissioner's Office; or

6.1.3there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent for this).

6.2You can obtain more details of the protection given to your personal data when it is transferred outside the UK and/or the EEA by contacting us using the details set out in section 9 below.

7. How long your information is kept

7.1We will retain your personal data for as long as we are interacting with you via our Services and/or under applicable terms and conditions, for as long as necessary to keep in touch with you where you have previously asked for this, and for as long as permitted or required for legal and regulatory purposes after the last such interaction we have with you or following the expiry or termination of your contract(s) with us.

7.2If you are a subscriber to our Services with a registered account, we will retain your personal data for as long as you maintain an account with us in respect of any of our Services and we are interacting with you via (or in respect of) our Services, and otherwise for as long as permitted or required for legal and regulatory purposes after the last such interaction between you and us.

7.3Subject to any other notices that we may provide to you, we will typically retain your personal data for a period of seven (7) years after the later of: (i) our last interaction with you; and (ii) your last interaction with any of our Services. However, some information may be retained for longer than this, for example where we need to retain it for the purposes of legal claims or for compliance with particular directions, instructions or rules made by a competent regulatory authority.

8. Your rights in relation to personal data

8.1Under the GDPR, you have the following rights in relation to our processing of your personal data. Please note that these rights are not absolute, and we may be entitled to refuse requests where exceptions apply:

8.1.1to obtain access to, and copies of, the personal data that we hold about you;

8.1.2to require us to correct the personal data we hold about you if it is incorrect;

8.1.3to require us to erase your personal data in certain circumstances;

8.1.4to require us to restrict our data processing activities in certain circumstances;

8.1.5to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;

8.1.6to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller; and

8.1.7where our processing is based on your consent, you may withdraw that consent (without affecting the lawfulness of our processing based on consent before its withdrawal).

8.2Note: If you have given your consent for any particular purpose and you wish to withdraw that consent, please contact our Privacy Lead using the contact details set out in section 9 below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to make available all or some aspects of our Services to you.

8.3If you are not satisfied with how we are processing your personal data, you can make a complaint to a data protection supervisory authority in the EU, including the data protection regulator in the EU country where you are located, or you can raise a concern with the UK Information Commissioner. You can also find out more about your rights under data protection legislation from the Information Commissioner's Office website available at: www.ico.org.uk.

9. Contact us

9.1If you have any queries about this Policy or how we process your personal data, or if you wish to exercise any of your rights under applicable law, you may contact our Privacy Lead:

By email: privacy@conscium.com
By post: Conscium Limited, Sea Containers House, Upper Ground, London, England, SE1 9GL

10. Cookies

10.1Our Services may from time to time use cookies and similar technologies to distinguish you from other users of our Services. A "cookie" is a small text file of letters and numbers which is sent by our servers and placed on the internal storage of your Device when you access our Services. We use cookies for the purpose of improving your experience of our Services, for example by remembering your preferences for how our websites are displayed on your Device, and other information that you have provided to us and also allows us to improve our Services.

10.2When you use our Services, you will be asked to confirm whether you agree to our Services using cookies and, if you accept, we will store cookies on your Device. You can, if you wish, change the cookies settings on your Device to refuse cookies. However, if you do this, or if you reject our request to use cookies when you use our Services, you may be unable to access certain parts of our Services and you may not be able to benefit from the full functionality of our Services.

10.3We may use the following cookies for the following purposes:

10.3.1Strictly necessary cookies. These are cookies that are required for the operation of our Services. These essential cookies are always enabled because our Services will not function properly without them. You can switch off these cookies in your browser settings or on your Device but you may then not be able to access certain functions of our Services.

10.3.2Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors navigate through our Services when they are using it. This helps us to improve the way our Services work.

10.3.3Functionality cookies. These are used to recognise you when you return to our Services. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

10.3.4Targeting cookies. These cookies record your visit to our websites, the pages you have visited and the links you have followed. We will use this information to make our Services and the advertising displayed on it more relevant to your interests.

10.4You can find more information about the individual cookies we use and the purposes for which we use them in the relevant privacy policy for each of our Services. In relation to our Verify AX platform, we use the following cookies and third-party plug-ins:

• React front-end, NodeJS API gateway, Python Backend services. PostGres SQL main database, Redis for caching and Celery for queueing / execution.
• Cloud infrastructure on GCP (we use GKE, Cloud Runs, Cloud SQL, Buckets, Artifacts registry).
• 3rd party providers: Auth0 for authentication, Stripe for payments, GitHub CI/CD pipelines and repository.
• Open source: LiteLLM for managing LLM calls, Langfuse for LLM calls observability, MCP Server for agent tools, Redocly for API documentation and Sentry for observability.
• Open source ClamAV for file malware / anti-virus detection engine.

10.5We may share the information collected by the cookies with third parties.

10.6You can choose which analytical, functionality and targeting cookies we can set by clicking on the button(s):

10.6.1Analytical or performance cookies OFF

10.6.2Functionality cookies OFF

10.6.3Targeting cookies OFF

10.7You can also choose to "Reject All" cookies in the cookie banner.

10.8However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Services.

10.9To find out more about cookies, including how to see what cookies have been set on your device and how to manage and delete them, please visit www.allaboutcookies.org.

10.10If you have any questions or concerns about our use of cookies, please contact our Privacy Lead using the details in section 9.