Privacy Policy
This policy explains how SafeZoneAI Ltd ("we", "us") collects and uses personal data when you use our websites at safezoneaitech.com, the products at /planet_info and /supplier_info, our newsletter, or contact us. We are the data controller for the personal data described here under the UK GDPR and the Data Protection Act 2018.
1. Who we are
- Company: SafeZoneAI Ltd, registered in England & Wales.
- ICO registration: ZC133689
- Privacy contact: privacy@safezoneaitech.com — reaches the founder directly.
2. What we collect and why
| Data | Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|---|
| Account data — email, name, password (hashed), Cognito user ID | Authenticate you and provide the product | Contract (6(1)(b)) |
| Supplier data you upload — supplier names, countries, addresses | Score and display supplier risk in your portfolios | Contract (6(1)(b)) — we are processor for your upload (see DPA) |
| Memo subscribers — email address, subscription status, timestamps | Send the Monday Memo you signed up for | Consent (6(1)(a)) — you opted in |
| Website analytics — page views, referrer, anonymised session data | Improve the website | Consent (6(1)(a)) — only after you accept the cookie banner |
| Support correspondence — emails you send us | Reply to you and keep a record | Legitimate interest (6(1)(f)) |
| Billing data — paid by Stripe, who hold your card details directly | Take payment, issue invoices | Contract (6(1)(b)) and legal obligation (6(1)(c)) for HMRC |
We do not collect special category data (health, biometric, political, etc.) and do not knowingly collect data from children.
3. Where the data goes
We use a small number of carefully chosen processors, all under written agreements (Art. 28 UK GDPR):
| Processor | What they do | Where |
|---|---|---|
| Amazon Web Services | Hosting, databases, email delivery (SES) | UK / EU (eu-west-2) |
| OpenAI | Parses uploaded PDF supplier lists | USA (under SCC + UK Addendum) |
| Mapbox | Geocoding supplier addresses | USA (under SCC + UK Addendum) |
| Stripe | Billing and payments | UK / Ireland |
Where data leaves the UK we rely on the UK government's adequacy decisions, Standard Contractual Clauses, and the UK International Data Transfer Addendum.
4. How long we keep it
- Account data: until you delete the account, plus up to 30 days in backups.
- Supplier data you upload: until you delete the portfolio. We do not retain copies after deletion.
- Memo subscribers: until you unsubscribe. Unsubscribe deletes the record.
- Billing records: 6 years from the end of the relevant tax year (UK statutory).
- Support correspondence: up to 2 years after the last reply.
5. Your rights
Under UK GDPR you have the right to:
- Access your personal data (Art. 15) and receive a copy.
- Correct inaccurate data (Art. 16).
- Have your data erased (Art. 17), subject to our retention obligations.
- Restrict or object to processing (Art. 18, 21).
- Data portability for data you provided under a contract (Art. 20).
- Withdraw consent at any time, where consent is the lawful basis.
- Complain to the ICO at ico.org.uk if you think we've handled your data badly.
Email privacy@safezoneaitech.com to exercise any of these. We respond within one calendar month.
6. Cookies
We do not use any analytics or marketing cookies before you click Accept in the banner. Essential cookies (your session token after sign-in) are required for the site to work and are exempt from consent under the PECR exemption. You can change your decision any time via the Cookie settings link in any page footer.
7. Security
Sessions are signed and encrypted in transit (HTTPS). Passwords are hashed with Argon2 by AWS Cognito. Data at rest is encrypted with AES-256. Access to production systems is restricted, multi-factor authenticated, and logged. We follow the security practice we sell: Inspector vulnerability scans gate every deployment, and findings are tracked publicly via our infrastructure repository.
8. Changes to this policy
If we change this policy in a way that materially affects how we handle your data, we'll email you (if we have your email under an active relationship) or post a banner on the site at least 14 days before the change takes effect.
9. Contact
Questions or complaints: privacy@safezoneaitech.com. We aim to acknowledge within 2 business days and resolve within one calendar month.
Terms · DPA · Cookie settings