Inferrex

/ legal · privacy policy

Privacy Policy

Draft — pending solicitor review

This document is a working draft and not yet legally binding. It will be finalised after professional review.

1. Introduction

Inferrex Ltd is the data controller for personal data collected through inferrex.com and for account management. For Customer Data processed through the Service, Inferrex acts as a data processor.

2. What We Collect

Account Data: Name, email, company name, billing address, payment information (processed by Stripe — we do not store card numbers).

Usage Data: Service usage metrics, feature interactions, API call volumes, error logs.

Technical Data: IP address, browser type, device information, cookies.

Customer Data (Processor Role): Data flowing through the Service as part of integrations. Processed solely on your instructions per the DPA.

3. How We Use Your Data

To provide the Service (account management, billing, sync operations, inference, support). To improve the Service (anonymised analytics, AI model improvement subject to learning consent). To communicate (notifications, security alerts, billing, product updates with consent). To comply with legal obligations (tax, regulatory compliance).

4. Legal Basis for Processing

Contract performance: Account management, billing, service delivery.

Legitimate interests: Security, fraud prevention, service improvement, anonymised analytics.

Consent: Marketing communications, optional learning modes.

Legal obligation: Tax, regulatory compliance.

5. Data Sharing

Sub-processors only (listed at inferrex.com/legal/subprocessors). Legal requirements where required by law. We do not sell personal data or share for advertising.

6. International Transfers

Customer Data stored in the EU by default. Where transfers outside UK/EEA are necessary (with consent), Standard Contractual Clauses or adequacy decisions apply.

7. Data Retention

Account Data: Duration of account + 30 days after closure (unless legally required longer).

Usage Data: 24 months, anonymised.

Customer Data: Deleted within 30 days of termination. Deletion certificates available.

Billing Records: 6 years (HMRC requirement).

8. Your Rights

Access, rectification, erasure, restriction, portability, objection, withdraw consent. Contact: privacy@inferrex.com.

9. AI-Specific Privacy Controls

Four learning consent modes. Learning event export (GDPR right of access). Learning event deletion (GDPR right to erasure). Named sub-processor consent for AI providers during signup.

10. Children

Not directed at individuals under 18. No knowing collection of children's data.

11. Changes

Material changes notified 30 days in advance.

12. Contact

Inferrex Ltd — privacy@inferrex.com. ICO complaints: ico.org.uk.