/ legal · privacy policy
Privacy Policy
Draft — pending solicitor review
1. Introduction
Inferrex Ltd is the data controller for personal data collected through inferrex.com and for account management. For Customer Data processed through the Service, Inferrex acts as a data processor.
2. What We Collect
Account Data: Name, email, company name, billing address, payment information (processed by Stripe — we do not store card numbers).
Usage Data: Service usage metrics, feature interactions, API call volumes, error logs.
Technical Data: IP address, browser type, device information, cookies.
Customer Data (Processor Role): Data flowing through the Service as part of integrations. Processed solely on your instructions per the DPA.
3. How We Use Your Data
To provide the Service (account management, billing, sync operations, inference, support). To improve the Service (anonymised analytics, AI model improvement subject to learning consent). To communicate (notifications, security alerts, billing, product updates with consent). To comply with legal obligations (tax, regulatory compliance).
4. Legal Basis for Processing
Contract performance: Account management, billing, service delivery.
Legitimate interests: Security, fraud prevention, service improvement, anonymised analytics.
Consent: Marketing communications, optional learning modes.
Legal obligation: Tax, regulatory compliance.
5. Data Sharing
Sub-processors only (listed at inferrex.com/legal/subprocessors). Legal requirements where required by law. We do not sell personal data or share for advertising.
6. International Transfers
Customer Data stored in the EU by default. Where transfers outside UK/EEA are necessary (with consent), Standard Contractual Clauses or adequacy decisions apply.
7. Data Retention
Account Data: Duration of account + 30 days after closure (unless legally required longer).
Usage Data: 24 months, anonymised.
Customer Data: Deleted within 30 days of termination. Deletion certificates available.
Billing Records: 6 years (HMRC requirement).
8. Your Rights
Access, rectification, erasure, restriction, portability, objection, withdraw consent. Contact: privacy@inferrex.com.
9. AI-Specific Privacy Controls
Four learning consent modes. Learning event export (GDPR right of access). Learning event deletion (GDPR right to erasure). Named sub-processor consent for AI providers during signup.
10. Children
Not directed at individuals under 18. No knowing collection of children's data.
11. Changes
Material changes notified 30 days in advance.
12. Contact
Inferrex Ltd — privacy@inferrex.com. ICO complaints: ico.org.uk.

