Privacy Notice & Cookie Policy

1. About this Policy

1.1This privacy notice and cookie policy ("Policy") explains how Conscium Limited (a limited company incorporated and registered in England and Wales under company number 15404582) and any company controlled by or under common control with Conscium Limited from time to time (together "Conscium", "we", "our", "us"):

1.1.1processes the personal data of visitors to, users of and (where applicable) subscribers of ("you", "your") our websites, products and services that link to this Policy ("Services"); and

1.1.2uses cookies and similar technologies on or in relation to each of our Services (as further explained in section 10 below, headed "Cookies").

1.2This Policy forms part of and is incorporated into any Terms of Use ("Ts&Cs") applicable to the use of our Services. Please note that other 'product or service specific' privacy policies and fair processing notices may apply to the use of your personal data, depending on which of our Services you are using.

1.3Our Services are not intended for persons under the age of majority in the jurisdiction where you live, and we do not knowingly collect data relating to children.

1.4Conscium is the 'data controller' of your personal data and is subject to:

1.4.1the EU General Data Protection Regulation (the "EU GDPR") insofar as we are established in the EU, making our Services available to individuals in the EU, or where our Services are used to monitor individuals' behaviour as far as it takes place in the EU; and

1.4.2the version of the EU GDPR retained in UK law following the UK's exit from the EU (the "UK GDPR") insofar as we are established in the UK, making our Services available to individuals in the UK, or where our Services are used to monitor individuals' behaviour as far as it takes place in the UK.

1.5For the purposes of complying with the EU GDPR and the UK GDPR (which are together referred to below as the "GDPR"), we have appointed a Privacy Lead who is responsible for overseeing questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact our Privacy Lead using the information set out in section 9 below.

1.6We may change this Policy at any time by notifying you of a change when you next use our Services. The new terms may be displayed on screen, and you may be required to read and accept them to continue your use of our Services.

1.7This Policy was last updated in March 2026.

2. How we collect your personal data

2.1When you use our Services, we collect your personal data in the following ways:

2.1.1When you access and navigate around any platforms, apps or websites associated with our Services, including when you provide us with feedback;

2.1.2When you communicate with us via a platform, app or website provided as part of or otherwise associated with our Services, or by another means of communication such as email;

2.1.3If you are a subscriber to our Services with a registered account, when you register for an account to gain full access to our subscription Services; and

2.1.4As you interact with our Services, we may automatically collect technical data about your device ("Devices"), and/or your browsing activity. We collect this personal data by using cookies and other similar technologies.

2.2Where you provide us with personal data relating to others, we understand that you are authorised to provide that information to us, and that you have provided this Policy to them, as appropriate.

3. The categories of personal data we collect

3.1Personal data means any information about an individual from which that person can be identified. If you are a visitor to our website, or where you otherwise interact with us, we may collect, store and use the following types of personal data about you:

3.1.1Technical data and information about your Device and/or your browsing activity collected using cookies and similar technologies (including details of your Device type, location and internet protocol (IP) address, operating system, browser version, the content viewed during a particular browsing session, and how long you stayed on a particular page); and

3.1.2Other information that you provide in correspondence in connection with your use of our Services, or in written communications such as email, online forms and web-based messages.

3.2If you are a subscriber to our Services with a registered account, we may also collect, store and use the following types of personal data about you:

3.2.1Your basic identity and contact details, including your first name, last name, and contact details (including email addresses and telephone numbers); and

3.2.2Basic financial information, including bank/credit card details necessary for the payment of subscription costs (which will be held securely by a third party payments processor).

4. The legal grounds and purposes for processing your information

4.1We may process your personal data because it is necessary for the performance of a contract with you and/or where it is necessary for our or a third party's legitimate interests. Our "legitimate interests" include our commercial interests in operating our business. In this respect, we may use your personal data for the following:

4.1.1to interact with you before you become a subscriber to our Services;

4.1.2to provide the Services and assess the information that you provide through our Services, including in relation to billing and payment;

4.1.3to interact with you via our Services, or by another means of communication such as email;

4.1.4outsourcing selected administration functions in connection with our Services to third parties (for example Hubspot for CRM functionality);

4.1.5to monitor and evaluate the performance of our Services, including to administer, support or improve our Services; or

4.1.6for our marketing purposes, including in order to keep you informed of updates to our Services.

4.2We may also process your personal data for our compliance with our legal obligations, including:

4.2.1in order to assist with investigations carried out by the police and other competent authorities; and

4.2.2to meet our other compliance and regulatory obligations.

4.3We may also process your personal data for additional reasons where:

4.3.1it is necessary for the establishment, exercise or defence of legal claims; or

4.3.2we have your specific or, where necessary, explicit consent to do so.

5. When your personal data may be shared with others

5.1We may share your personal data with certain third parties, including:

5.1.1our employees, agents and contractors where there is a legitimate reason for their receiving the information, including: (a) those of our staff and consultants who may provide services to you; (b) providers of outsourced services to us; and (c) internal and external auditors;

5.1.2in circumstances where we are required or authorised by law, court order, regulatory or governmental authorities to disclose your personal data; and

5.1.3with a third party in a business transaction, in the event that all or part of Conscium is sold, merged, dissolved, acquired, or involved in a similar transaction.

6. Transferring your personal data overseas

6.1In the course of making our Services available to you, we may transfer your personal data outside of the UK and/or the European Economic Area ("EEA"), principally to Conscium's offices and servers in the United States. In these circumstances, your personal data will only be transferred on one of the following grounds:

6.1.1the country or territory has been granted an 'adequacy decision'; or

6.1.2Conscium and the recipient have signed Standard Contractual Clauses or the UK International Data Transfer Agreement; or

6.1.3there exists another situation where the transfer is permitted under applicable law.

6.2You can obtain more details of the protection given to your personal data when it is transferred outside the UK and/or the EEA by contacting us using the details set out in section 9 below.

7. How long your information is kept

7.1We will retain your personal data for as long as we are interacting with you via our Services, for as long as necessary to keep in touch with you where you have previously asked for this, and for as long as permitted or required for legal and regulatory purposes.

7.2If you are a subscriber to our Services with a registered account, we will retain your personal data for as long as you maintain an account with us.

7.3Subject to any other notices that we may provide to you, we will typically retain your personal data for a period of seven (7) years after the later of: (i) our last interaction with you; and (ii) your last interaction with any of our Services. However, some information may be retained for longer where we need to retain it for the purposes of legal claims or compliance.

8. Your rights in relation to personal data

8.1Under the GDPR, you have the following rights in relation to our processing of your personal data. Please note that these rights are not absolute, and we may be entitled to refuse requests where exceptions apply:

8.1.1to obtain access to, and copies of, the personal data that we hold about you;

8.1.2to require us to correct the personal data we hold about you if it is incorrect;

8.1.3to require us to erase your personal data in certain circumstances;

8.1.4to require us to restrict our data processing activities in certain circumstances;

8.1.5to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;

8.1.6to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of transmitting that personal data to another data controller; and

8.1.7where our processing is based on your consent, you may withdraw that consent (without affecting the lawfulness of our processing based on consent before its withdrawal).

8.2If you have given your consent for any particular purpose and you wish to withdraw that consent, please contact our Privacy Lead using the contact details set out in section 9 below.

8.3If you are not satisfied with how we are processing your personal data, you can make a complaint to a data protection supervisory authority in the EU, or you can raise a concern with the UK Information Commissioner. You can also find out more about your rights at: www.ico.org.uk.

9. Contact us

9.1If you have any queries about this Policy or how we process your personal data, or if you wish to exercise any of your rights under applicable law, you may contact our Privacy Lead:

By email: privacy@conscium.com
By post: Conscium Limited, Sea Containers House, Upper Ground, London, England, SE1 9GL

10. Cookies

10.1Our Services may from time to time use cookies and similar technologies to distinguish you from other users of our Services. A "cookie" is a small text file of letters and numbers which is sent by our servers and placed on the internal storage of your Device when you access our Services. We use cookies for the purpose of improving your experience of our Services.

10.2When you use our Services, you will be asked to confirm whether you agree to our Services using cookies and, if you accept, we will store cookies on your Device. You can, if you wish, change the cookies settings on your Device to refuse cookies. However, if you do this, you may be unable to access certain parts of our Services.

10.3We may use the following cookies for the following purposes:

10.3.1Strictly necessary cookies. These are cookies that are required for the operation of our Services. These essential cookies are always enabled because our Services will not function properly without them.

10.3.2Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors navigate through our Services when they are using it.

10.3.3Functionality cookies. These are used to recognise you when you return to our Services. This enables us to personalise our content for you and remember your preferences.

10.3.4Targeting cookies. These cookies record your visit to our websites, the pages you have visited and the links you have followed. We will use this information to make our Services and advertising more relevant to your interests.

10.4In relation to our Verify AX platform, we use the following technologies and third-party services:

• React front-end, NodeJS API gateway, Python Backend services. PostGres SQL main database, Redis for caching and Celery for queueing / execution.
• Cloud infrastructure on GCP (GKE, Cloud Runs, Cloud SQL, Buckets, Artifacts registry).
• 3rd party providers: Auth0 for authentication, Stripe for payments, GitHub CI/CD pipelines and repository.
• Open source: LiteLLM for managing LLM calls, Langfuse for LLM calls observability, MCP Server for agent tools, Redocly for API documentation and Sentry for observability.
• Open source ClamAV for file malware / anti-virus detection engine.

10.5We may share the information collected by the cookies with third parties.

10.6You can choose which analytical, functionality and targeting cookies we can set by clicking on the relevant buttons. You can also choose to "Reject All" cookies in the cookie banner.

10.8However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Services.

10.9To find out more about cookies, including how to see what cookies have been set on your device and how to manage and delete them, please visit www.allaboutcookies.org.

10.10If you have any questions or concerns about our use of cookies, please contact our Privacy Lead using the details in section 9.