1. About This Policy

This privacy policy explains how Nostrada AI Ltd ("Nostrada AI", "we", "us" or "our") collects, uses, stores and shares personal data. It applies to all individuals who interact with our website, platform, products and services.

Nostrada AI Ltd is a company registered in England and Wales. We are the data controller for the personal data described in this policy. We are registered with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as amended by the Data (Use and Access) Act 2025.

If you have any questions about this policy or how we handle your personal data, you can contact us at hello@nostrada.ai.

2. What Personal Data We Collect

2.1 Data you provide to us

When you register for an account, request a demo, download content, subscribe to communications or contact us, we may collect your name, job title, email address, phone number, organisation name and sector, billing and payment information, and any communications you send to us.

2.2 Data we collect automatically

When you use our website or platform, we may automatically collect your IP address and approximate location, browser type and operating system, the pages you visit and time spent on our website, referring websites or sources, and device identifiers.

2.3 Data from third-party sources

We may receive personal data from business contact databases and lead generation platforms, publicly available professional profiles such as LinkedIn and Companies House, and event organisers or conference platforms where you have consented to data sharing.

2.4 Data processed within the Nostrada AI platform

The Nostrada AI platform models the behaviour of public figures including politicians, regulators, journalists and other stakeholders acting in their official or public capacity. The data used for this modelling is drawn exclusively from publicly available sources including parliamentary records, regulatory publications, media archives and public statements. This processing is conducted under the legitimate interest lawful basis and relates to individuals acting in a public capacity. It does not involve the processing of private or sensitive personal data.

3. How We Use Your Personal Data

We use personal data to provide and operate our platform and services, to create and manage your account, to process payments and billing, and to respond to enquiries and support requests. The lawful basis for this processing is the performance of a contract with you.

We use personal data to send you marketing communications where you have opted in. The lawful basis for this is your consent, which you can withdraw at any time.

We use personal data to improve our platform and user experience, to monitor website analytics and performance, to detect and prevent fraud or security threats, and to model public figures within the platform. The lawful basis for this processing is our legitimate interest in operating, improving and securing our services and in providing our core product capability.

We use personal data to comply with legal obligations, including tax, accounting and regulatory requirements. The lawful basis for this is legal obligation.

Where we rely on legitimate interest as a lawful basis, we have conducted a balancing assessment to ensure our interests do not override the rights and freedoms of the individuals concerned. You may request a copy of our legitimate interest assessments by contacting us.

4. Marketing Communications

We will only send you marketing communications where you have given us clear consent to do so, or where we have a legitimate interest in contacting you about products and services closely related to those you have previously engaged with.

You can withdraw your consent or opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by emailing hello@nostrada.ai. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

5. Who We Share Your Data With

We do not sell your personal data.

We may share personal data with service providers who process data on our behalf under written data processing agreements. These include hosting and cloud infrastructure providers, payment processors, email delivery platforms, analytics tools and CRM systems. We may also share data with professional advisers including lawyers, accountants and auditors where necessary for the operation of our business.

We may disclose personal data to regulators and authorities such as the ICO, HMRC or law enforcement agencies where required by law or to protect our legal rights. In the event of a merger, acquisition, restructuring or sale of assets, your data may be transferred to a successor entity.

All third-party processors are required to process personal data only on our documented instructions and to maintain appropriate technical and organisational security measures.

6. International Data Transfers

We primarily store and process personal data within the United Kingdom and the European Economic Area. The UK benefits from renewed EU adequacy decisions adopted in December 2025, which apply until December 2031.

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place. These may include transfers to countries with an adequacy decision from the Secretary of State, standard contractual clauses approved by the ICO, or other safeguards permitted under the UK GDPR and assessed through a data protection test as required by the Data (Use and Access) Act 2025. You may request details of the safeguards in place for any specific transfer by contacting us.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Account and platform data is retained for the duration of the account plus 12 months after closure. Billing and financial records are retained for seven years as required by HMRC. Marketing contact data is retained until you opt out or for 24 months of inactivity, whichever comes first. Website analytics data is retained for 26 months. Support and enquiry correspondence is retained for 24 months from last contact. Public stakeholder modelling data within the platform is retained and updated on a rolling basis from public sources.

When data is no longer required, it is securely deleted or anonymised.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data. These include encryption of data in transit and at rest, role-based access controls and multi-factor authentication, regular security assessments and penetration testing, incident response and breach notification procedures, and staff training on data protection and information security.

No system is completely secure. If you believe your data has been compromised, please contact us immediately at hello@nostrada.ai.

9. Your Rights

Under UK data protection law, you have the right to access the personal data we hold about you, to have inaccurate or incomplete data corrected, to request deletion of your data in certain circumstances, to restrict how we process your data, to receive your data in a structured and commonly used format, to object to processing based on legitimate interest or for direct marketing, and to not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise any of these rights, please contact us at hello@nostrada.ai. We will respond within one calendar month. In complex cases, we may extend this by a further two months and will inform you if this is necessary. We may ask you to verify your identity before processing your request. There is no fee for exercising your rights unless a request is manifestly unfounded or excessive.

10. Data Protection Complaints

If you are unhappy with how we have handled your personal data, you have the right to raise a complaint with us directly. Under the Data (Use and Access) Act 2025, we are required to maintain a formal data protection complaints process.

To make a complaint, please email hello@nostrada.ai. We will acknowledge your complaint within 30 days of receipt and aim to provide a full response within three months. We will keep you informed of progress throughout.

If you are not satisfied with our response, you have the right to escalate your complaint to the Information Commissioner's Office at ico.org.uk or by telephone on 0303 123 1113.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve functionality, analyse usage and support marketing. Strictly necessary cookies are required for the website to function and cannot be switched off. Analytics cookies help us understand how visitors use our website. Marketing cookies are used to deliver relevant advertising and measure campaign performance.

Where cookies are not strictly necessary, we will ask for your consent before placing them. You can manage your cookie preferences at any time through the cookie banner on our website or through your browser settings.

12. Children

Our services are not directed at children under the age of 18 and we do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, legal requirements or regulatory guidance. Where changes are material, we will notify you by email or through a notice on our website. The date at the top of this policy indicates when it was last updated.

14. Contact Us

If you have questions, concerns or requests relating to this privacy policy or your personal data, please contact Nostrada AI Ltd at hello@nostrada.ai.