Privacy Policy

Introduction

Welcome to Skirr AI Limited, a company incorporated in Scotland No. SC852078 with its registered office at 100 Queen Street, Glasgow G1 3DN, Scotland, United Kingdom ("Skirr AI", "we", "us", or "our"). Your privacy is paramount to us, and we are committed to protecting your personal data.

This Privacy Policy explains how we collect, process, store, and protect your personal information when you visit our website or use our services, including AI strategy, autonomous agent development, enterprise consulting, and chatbot development (collectively, the "Services"). It also informs you of your rights under the UK GDPR, the Data Protection Act 2018, and other applicable UK privacy legislation ("Data Protection Law").

Important Information and Who We Are

Skirr AI is the data controller responsible for your personal data. We are committed to the lawful, fair, and transparent handling of personal data, respecting the legal rights, privacy, and trust of all individuals with whom we deal.

Our Data Protection Officer can be contacted at privacy@skirrai.co.uk. They are responsible for administering this policy and ensuring compliance with Data Protection Law. For any questions about this policy or our privacy practices, please refer to the Contact Details section.

Definitions

For clarity, the following terms used in this policy have specific meanings:

• "Consent" means a freely given, specific, informed, and unambiguous indication of your wishes, by a statement or clear affirmative action, agreeing to the processing of your personal data.
• "Data Controller" means Skirr AI, which determines the purposes and means of processing personal data.
• "Data Processor" means any party processing personal data on our behalf.
• "Data Subject" means a living individual about whom we hold personal data.
• "Personal Data" means any information relating to an identifiable person, such as a name, identification number, location data, or online identifier.
• "Personal Data Breach" means a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.
• "Processing" means any operation performed on personal data, such as collection, storage, use, or deletion.
• "Special Category Personal Data" means data revealing racial or ethnic origins, political opinions, religious beliefs, health, or other sensitive information.

The Data We Collect About You

We may collect the following categories of personal data:

• Identity Data: Name, username, or similar identifiers.
• Contact Data: Email address, phone number, postal address.
• Financial Data: Payment information for subscription or professional services.
• Transaction Data: Details of payments and services purchased.
• Technical Data: IP address, browser type, device information, and website interaction data.
• Usage Data: Information about how you use our Services.
• Special Category Personal Data: Only where necessary and with your explicit consent or lawful basis (e.g., health data for specific AI applications). We do not collect personal data about individuals under 18 years old.

How We Collect Your Personal Data

We collect personal data through:

• Direct Interactions: When you register for an account, subscribe to Services, fill out forms, or contact us.
• Automated Technologies: Cookies, server logs, and analytics tools that track your interactions with our website and Services.
• Third Parties: Partners or service providers (e.g., payment processors) acting as data processors, provided they comply with Data Protection Law.

How We Use Your Personal Data

We process personal data only where lawful, based on at least one of the following:

• Consent: Where you have given clear consent for specific purposes.
• Contract: To perform a contract with you or take steps at your request before entering a contract.
• Legal Obligation: To comply with legal requirements.
• Legitimate Interests: For our legitimate business interests (e.g., improving Services), unless overridden by your rights.
• Vital Interests: To protect your or another person's vital interests.
• Public Interest: For tasks in the public interest or official authority.

We use personal data to:

• Provide and manage the Services, including account setup and subscription processing.
• Improve and personalize user experience.
• Communicate with you about the Services or respond to inquiries.
• Ensure security and prevent fraud.
• Comply with legal obligations.

Special category personal data is processed only with explicit consent or where another lawful basis applies (e.g., for health-related AI applications).

Data Protection Principles

We adhere to the UK GDPR principles, ensuring personal data is:

• Processed lawfully, fairly, and transparently.
• Collected for specific, explicit, and legitimate purposes.
• Adequate, relevant, and limited to what is necessary.
• Accurate and kept up to date.
• Retained only for as long as necessary.
• Processed securely to prevent unauthorized access, loss, or damage.

Your Legal Rights

Under the UK GDPR, you have the following rights:

• Right to be Informed: To know how your data is processed.
• Right of Access: To request a copy of your personal data.
• Right to Rectification: To correct inaccurate or incomplete data.
• Right to Erasure: To request deletion of your data (the "right to be forgotten").
• Right to Restrict Processing: To limit how we use your data.
• Right to Data Portability: To receive your data in a portable format.
• Right to Object: To object to processing based on legitimate interests or direct marketing.
• Rights Regarding Automated Decision-Making: To not be subject to decisions based solely on automated processing, including profiling, that significantly affect you.

To exercise these rights, contact our Data Protection Officer. We will respond within one month, unless the request is complex.

Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These include encryption, access controls, and compliance with ISO 27001 standards where applicable.

You are responsible for maintaining the confidentiality of your account credentials and using robust passwords.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. Retention periods vary based on the type of data and purpose (e.g., financial data may be retained for 6 years to comply with tax laws).

Upon termination of Services, we provide a 10-day period for you to recover your data, after which we may retain backups for up to one year, subject to confidentiality obligations, unless required by law to retain longer.

International Transfers

We do not transfer personal data outside the UK or EEA without your consent and appropriate safeguards, such as standard contractual clauses or adequacy decisions, as required by the UK GDPR. If such transfers are necessary, we ensure compliance with Data Protection Law to protect your data.

Third-Party Links

Our website or Services may include links to third-party websites or services not operated by us. We are not responsible for their content or privacy practices. You should review the privacy policies of these third parties before engaging with them.

Sharing Your Personal Data

We may share personal data with:

• Data processors (e.g., hosting or payment providers) under strict agreements compliant with Data Protection Law.
• Third parties where required by law or to protect our rights.
• Aggregated, anonymized data for analytics or service improvement, ensuring no individual is identifiable.

We do not sell or lease your personal data.

Personal Data Breaches

If we become aware of a personal data breach, we will notify you and the Information Commissioner's Office (ICO) without undue delay, as required by the UK GDPR. We will take steps to mitigate any harm and prevent future breaches.

Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage, and ensure security. You can manage cookie preferences through your browser settings. Our website provides a cookie notice with details on how to opt out.

Changes to the Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. Updates will be posted on our website with a revised date. Your continued use of the Services constitutes acceptance of the updated policy.

Contact Details

For questions about this Privacy Policy, to exercise your rights, or to report concerns, contact our Data Protection Officer at:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.