TRIE9

PRIVACY POLICY

This Privacy Policy describes how Redress Space Ltd (“Redress Space Ltd,” “we,” or “us”) collects, uses, stores, and shares information about you in connection with the Redress Space Ltd Platform Pilot Program (the “Platform” or “Service”). We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) (as amended by the CPRA), and other relevant laws.

By using the Platform, you acknowledge that your information will be handled as described in this Privacy Policy. This Policy is integrated into and subject to the Terms of Use above. (In fact, it is part of the same agreement document for your convenience.)

1. Information We Collect

We may collect two types of information: (A) information that you provide directly, and (B) information collected automatically about your use of the Platform.

A. Information You Provide:

  • Account Information: If account creation is required for the pilot, we might collect basic personal details such as your name, email address, organization name, and contact information. This is used to set up and manage your user account.

  • Content and Inputs: The Platform allows you to input text, documents, or other data (“Client Data”) for processing by the AI. Any information you choose to provide in such inputs is collected by the Platform in order to generate the AI outputs. This could include personal data if you choose to include it in the content (for example, you might input a document that contains names or other personal information). We advise you to avoid submitting highly sensitive personal data (such as social security numbers, financial account info, health records, etc.) unless absolutely necessary, as the Service is not intended to process special categories of data in this pilot.

  • Feedback and Communications: If you provide feedback, fill out a survey, or communicate with us (for example, emailing support or using a feedback form), we will collect the information you share. This might include your email, the content of your message, and any attachments.

B. Information Collected Automatically:

  • Usage Data: We may automatically collect certain technical information when you use the Platform. This can include log data like the date and time of your use, the type of actions performed (e.g., queries made, features used), your IP address, browser type, and operating system. We collect this primarily to monitor the system performance, ensure security, and improve the Service.

  • Device and Analytics Data: If applicable, we might use cookies or similar technologies to collect usage analytics. For instance, we might track how long you use the Platform, errors encountered, and other diagnostic data. (In a controlled pilot, this automatic data may be minimal and primarily for ensuring the service works properly rather than marketing analytics.)

  • AI Interaction Logs: The Platform may keep temporary logs of AI interactions (prompts and outputs) for troubleshooting, moderation, and improving the accuracy or safety of the system. However, such logs are handled per the data handling rules below (e.g., limited retention). Also, note that our underlying AI service providers (AWS/Azure) handle prompts as described – e.g., Azure may hold data up to 30 days for abuse monitoring (learn.microsoft.com), while AWS Bedrock does not store prompts persistently (docs.aws.amazon.com).

We do not knowingly collect any information from children. The Platform is intended for adult business use. If you are under 16 (or a higher minimum age in your jurisdiction), you should not use this Platform. If we discover that we have inadvertently collected personal information from a child under 13 (or applicable age), we will delete it.

2. How We Use Your Information

Redress Space Ltd uses the collected information for the following purposes, in accordance with applicable law:

  • Providing the Service: First and foremost, we use your inputs and data to operate the Platform and deliver results to you. For example, the text or documents you provide are used by the AI models to generate a response, which we then return to you. We also use your account info to authenticate you and allow your access, and any preferences to customize your experience.

  • Operating and Improving the Platform: We may use usage data and feedback to debug, improve, and refine the Platform. For instance, understanding how users interact with the Platform (in aggregate) can help us optimize features or UX. If you report a bug or the AI produces an inappropriate result, we may review the relevant log information to address the issue.

  • Communication: We use contact information (like your email) to send service-related communications. This can include onboarding instructions, notifications about updates or changes to the Platform or Terms, security alerts, or responding to your inquiries. Since this is a pilot, we may also reach out to you for feedback or with surveys about your experience.

  • Ensuring Security and Preventing Abuse: Information (including content of requests) may be used to monitor for and prevent fraudulent, unauthorized, or illegal activity. For example, our systems or personnel might review content if we suspect it violates the Acceptable Use Policy or to filter out malicious inputs. Both Redress Space Ltd and our cloud providers might use automated tools to detect abuse patterns (which is why Azure retains data briefly to check for misuse)​ learn.microsoft.com. This is done to keep the Platform and its users safe.

  • Compliance with Legal Obligations: We may process your data if necessary to comply with applicable laws, regulations, legal process, or enforceable governmental requests. For instance, if we receive a subpoena or are required to retain certain data for legal compliance, we will do so. We may also use data to enforce our own legal rights or agreements (e.g., to investigate a violation of these Terms or to defend against legal claims).

Legal Bases (GDPR specific): If you are in a jurisdiction like the EU/EEA or UK where a legal basis for processing is required:

  • Our legal basis for processing your account and content data is typically “performance of a contract” (Art. 6(1)(b) GDPR), meaning we need to process this data to provide the service you requested under these Terms.

  • We rely on legitimate interests (Art. 6(1)(f) GDPR) to process certain technical and usage data to improve our platform, secure our services, and communicate with you about the pilot. We consider these interests not to override your privacy rights given the limited and relevant nature of the data and the safeguards in place.

  • If we ever seek to use your data for new purposes that require consent (for example, if in the future we wanted to use your data for marketing), we will obtain your consent (Art. 6(1)(a) GDPR). In this pilot, we do not use your data for marketing or advertising.

  • For any special category of data (sensitive data) that you might input, we assume you have made it manifestly public or have otherwise consented to its processing via the Platform (Art. 9(2)(e) or (a) GDPR), because our intended use is purely at your direction to process that data through the AI. We do not actively request or target collecting any sensitive data.

3. How We Share or Disclose Information

Redress Space Ltd will not sell or rent your personal information to third parties. We share information in the following limited contexts, as necessary to run the Platform and as permitted by law:

  • Service Providers (Subprocessors): We share data with our trusted cloud service providers that enable the AI functionality – primarily AWS and Azure (which in turn involve OpenAI and Anthropic models). These providers act under our direction and implement strong privacy safeguards. For example:

    • Your prompts and data are sent to AWS Bedrock or Azure OpenAI to get the AI result. AWS and Azure will process that data only to provide the AI inference and related support, not for their own purposes. See ​ docs.aws.amazon.com and learn.microsoft.com.

    • They also won’t retain or share it beyond what’s necessary to deliver the service (Azure’s brief retention for abuse monitoring aside​ learn.microsoft.com). We have agreements (including data protection addenda) in place with them to protect your information.

    • We may also use other service providers for functionalities like cloud storage (for any data that needs to be stored), database hosting, or logging. All such providers are obligated by contract to protect your data and use it only in accordance with our instructions and this Policy. We ensure that any personal data shared with our subprocessors is minimized and subject to confidentiality.

  • Within Redress Space Ltd: Access to personal data within our organization is restricted to personnel who need to know the information for their job – for example, the team members operating the pilot, engineers debugging an issue, or support personnel assisting you. These staff are bound by confidentiality obligations. We implement access controls so that, for instance, an engineer could only access user data if required for a specific task (like investigating a bug) and such access is logged and monitored.

  • Business Transfers: If in the future Redress Space Ltd is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be disclosed or transferred as part of that transaction, in accordance with applicable data protection laws. We would ensure the successor adheres to similar privacy commitments or inform you if the privacy terms change.

  • Legal Compliance and Protection: We may disclose your information to courts, law enforcement, governmental or public authorities, or authorized third parties, if required or allowed by law – for example, to respond to a valid legal process (warrant, subpoena, court order), or to enforce our Terms, or to address fraud or security issues. We will aim to notify you of such demands when appropriate (e.g., unless legally prohibited or if the request is an emergency). Additionally, we may share information as necessary to exercise our legal rights or defend against legal claims. This includes sharing information with our legal counsel or auditors.

  • Aggregated or De-Identified Data: We may create aggregate or de-identified data from your personal information or usage of the Platform. This means information that cannot reasonably be used to identify you. For example, we might report “In this pilot, X% of users asked the AI to summarize documents” without any personal details. We reserve the right to use and share such aggregated or de-identified data for any purpose, such as product improvement, research, or analytics, since it is no longer personal data.

We do not share your personal data with third-party advertisers or social media companies. This Platform is for internal/pilot use and not part of any advertising network.

4. Data Security

Redress Space Ltd takes data security very seriously. We implement a combination of administrative, technical, and physical safeguards to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.

Some key security measures include:

  • Encryption: All communications with the Platform are encrypted using TLS (HTTPS) in transit. Data stored in our databases or cloud storage is encrypted at rest. Similarly, our cloud AI providers encrypt data in transit and at rest within their systems​ learn.microsoft.com. For instance, Microsoft Azure OpenAI encrypts prompts and outputs during transmission and storage, and AWS Bedrock does not log or store them beyond processing​ docs.aws.amazon.com

  • Access Controls: We limit access to personal data to authorized Redress Space Ltd personnel and service provider staff who need it for their duties. Access to production systems requires strong authentication (e.g., multi-factor authentication) and is logged. Our contracts with cloud providers ensure that even their personnel have extremely limited access to customer content.

  • Network Security: The Platform is hosted in secure cloud environments with firewalls, intrusion detection systems, and continuous monitoring for potential vulnerabilities or attacks. We follow best practices provided by AWS and Azure for securing the environment (for example, using private networks, security groups, encryption keys management).

  • Testing and Auditing: We perform periodic security assessments of our systems and respond promptly to any identified issues. Our providers like AWS, Azure, OpenAI are regularly audited for compliance (OpenAI has SOC 2, and Azure/AWS have numerous certifications)​ (openai.com). While those certifications are held by our providers, Redress Space Ltd leverages their compliance to maintain a secure service.

  • Employee Training: Redress Space Ltd team members involved in the Platform are trained on data privacy and security practices. We maintain internal policies to safeguard user data and handle it responsibly.

However, please note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You also play a role in security: protect your account credentials and notify us if you suspect any unauthorized access.

In the event of any data breach that affects your personal data, we will comply with applicable breach notification laws. This means we will inform you and/or authorities as required by law, and take steps to mitigate the impact.

5. Data Retention

We will retain your personal information and content only for as long as necessary to fulfill the purposes described in this Policy or as required by law or our legitimate interests (such as maintaining security logs). In practice:

  • User Account Data: If accounts are created, we retain your registration information for the duration of the pilot program. If you withdraw from the pilot or request deletion, we will delete or anonymize your account data (unless we need to keep it for legal reasons).

  • Content Inputs and AI Outputs: The documents or prompts you provide, and the AI-generated outputs, may be stored transiently on our systems to facilitate the service (for example, to allow you to retrieve results, or for caching to improve speed). We do not intend to store this data long-term. By default, Redress Space Ltd will regularly purge or anonymize user-provided content from the Platform. At the end of the pilot, we plan to delete all user-provided content and outputs, unless you separately agree to extended use or unless required for a specific legal retention obligation. We will provide a way for you to export any important data before deletion if needed.

  • Logs and Analytics: Basic logs (like system logs or security logs) are typically kept for a short period (e.g., a few weeks to months) for the purposes of troubleshooting and security, and then rotated or deleted. If logs contain any personal data (which they generally should not, except possibly IP addresses or user IDs), we treat them as confidential and limit retention.

  • Backup copies: Our systems may have routine backups. Those backups are encrypted and have retention schedules (for instance, backups might be kept for a certain number of days before being automatically deleted). When we delete active data, it may persist in backups for a limited time until those backups cycle out.

If you request deletion of your data (see “Your Rights” below), we will make commercially reasonable efforts to delete the data from our active systems and, where feasible, from backups or archives (or segregate it to ensure it’s not used). We may retain information if necessary to comply with legal obligations, resolve disputes, or enforce our agreements. In such cases, we will not use the retained data for any other purpose.

6. International Data Transfers

Redress Space Ltd is based in the United States, and the Platform is primarily operated through cloud servers that may be located in the United States or other countries. This means your data may be transferred to, and processed in, countries other than your own. Specifically, data may be processed on AWS and Azure data centers in regions that could include the U.S. and possibly the EU (depending on how the pilot is configured).

We endeavor to choose data center regions that align with our users’ locations (for example, using EU-based servers for EU customers when possible), but given the nature of the integrated services, some data may be transmitted to the U.S. for processing.

Whenever we transfer personal data internationally, we take steps to ensure appropriate safeguards are in place to protect it, as required by applicable law. If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on one or more of the following legal mechanisms for such transfers:

  • Standard Contractual Clauses (SCCs): We have entered into Data Processing Addendums with our service providers (like Azure and AWS) that incorporate the European Commission’s Standard Contractual Clauses, which are designed to ensure your personal data receives a comparable level of protection when transferred outside the EEA.

  • EU-U.S. Data Privacy Framework (if applicable): We note that providers like Microsoft and Amazon might participate in or be certified under new data transfer frameworks (if any become available/approved). We will utilize such frameworks as appropriate.

  • Adequacy Decisions: Where applicable, if a country is deemed by the EU Commission or UK authorities to provide an adequate level of data protection, we may rely on that approval for transfers.

  • For California residents, if we transfer your data outside of the U.S., it is done only for the purposes outlined and with similar protections. For other jurisdictions with data transfer requirements, we similarly ensure that an equivalent level of protection travels with your data.

YOUR ACKNOWLEDGMENT: Using the Platform, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Policy, which may be located in other countries. If you do not want your data transferred to the United States or other jurisdictions, please do not use the Platform. However, note that we have put safeguards in place to protect your data in transit and at rest regardless of location.

7. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal data. We are committed to honoring applicable rights requests.

If you are located in the EU/EEA, UK, or other jurisdictions with similar laws (e.g., some other countries’ privacy laws):

Under the GDPR and similar regulations, you have the following rights with respect to your personal data:

  • Right of Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the data and information about how we use it.

  • Right of Rectification: You can request that we correct or update any inaccurate or incomplete personal data that we hold about you.

  • Right to Erasure: You can request that we delete your personal data. This is sometimes called the “right to be forgotten.” We will honor such requests to the extent we are not legally required to retain the data. (For example, if you withdraw from the pilot and ask us to delete your data, we will erase your inputs and personal info from our systems, subject to any retention needed for legal purposes.)

  • Right to Restrict Processing: You can ask us to restrict or pause the processing of your personal data under certain circumstances (for instance, if you contest the accuracy of the data, or if the processing is unlawful but you don’t want it erased).

  • Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, machine-readable format, and to have that information transmitted to another controller where technically feasible. (This typically applies to data you provided directly, under consent or contract, and which is processed by automated means.)

  • Right to Object: You can object to our processing of your personal data in certain situations, especially if we are processing it under legitimate interests. You also have the right to object if we were processing your data for direct marketing (which we do not do in this pilot).

  • Right not to be subject to Automated Decision-Making: The GDPR gives you the right not to be subject to a decision based solely on automated processing (including profiling) that has legal or similarly significant effects. However, the Platform’s AI outputs do not constitute such a decision; you are in control of how to use the AI’s output. We do not make any solely automated decisions about you in running this Service.

To exercise any of these rights, please contact us at [[email protected]] with your request. We may need to verify your identity before fulfilling the request (to ensure that we do not disclose data to an unauthorized person). We will respond to your request within the timeframe required by law (e.g., typically within one month for GDPR, which can be extended once if necessary). There is no fee for making a request, unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request with an explanation.

If you are unsatisfied with our response to a privacy issue, you have the right to lodge a complaint with your local data protection authority (e.g., a supervisory authority in the EU, or the UK Information Commissioner’s Office). We encourage you to contact us first so we can address your concerns.

If you are a California Resident (CCPA/CPRA):

Under California law, California consumers have specific rights regarding their personal information:

  • Right to Know: You can request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources for that information, the purpose for collecting it, and the categories of third parties with whom we share it. (In this Policy, we’ve essentially provided that information, but you can also request a more formal report).

  • Right to Delete: You can request that we delete personal information we collected from you and retained, subject to certain exceptions (for example, we may retain information needed to complete a transaction, for security, legal compliance, etc., as permitted by CCPA).

  • Right to Correct: As of CPRA (2023), you can request correction of inaccurate personal information that we have about you.

  • Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the “sale” of personal information or “sharing” for cross-context behavioral advertising. Note: Redress Space Ltd does not sell personal data, and we do not share it for targeted advertising purposes. Therefore, this right may not apply since we don’t engage in those activities. We treat any data sharing with our service providers as a “service provider” usage, not a sale.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. For example, we will not deny you the service or provide a different quality of service just because you made a privacy rights request.

To submit a verifiable request to know, delete, or correct under CCPA, you (or an authorized agent) can contact us at [[email protected]] with “CCPA Request” in the subject line and detail your request. We will need to verify your identity (or authority of your agent) which might involve confirming information we have on file (like your email or phone number). We aim to respond within 45 days as required by CCPA (with an extension of 45 more days if needed, which we would communicate to you).

If you are under 18 years old and a registered user of the Platform (though our service isn’t intended for minors), you may request removal of content or information you posted by contacting us.

Users in Other Jurisdictions:

For individuals in other states or countries with privacy laws (e.g., Canada, Australia, Brazil’s LGPD, etc.), we will also endeavor to honor your requests regarding access, correction, or deletion of your personal information, in line with applicable laws. Please contact us with your specific request.

Your Choices: In addition to formal rights, you have some practical choices:

  • Voluntary Data: You can choose not to provide certain information or input certain content into the Platform. However, note that the Service’s functionality may depend on certain data. For example, if you do not provide an email, we might not be able to create an account for you; if you do not input any text, the AI cannot generate a response.

  • Opt-Out of Communications: If we send any informational or survey emails, you will have the option to unsubscribe or opt out of future non-essential communications. (Be aware we may still send you important service or legal notices.)

  • Do Not Track: Our Platform does not currently respond to “Do Not Track” signals from web browsers, and we do not use third-party trackers for behavioral advertising in the pilot.

8. Additional Notices for International Users

EEA/UK Representatives: If required by law (for example, Article 27 of GDPR), we would designate a representative in the EU or UK to be an additional point of contact for data protection authorities and individuals. [As this is a pilot, Redress Space Ltd may not have a formal EU representative yet; we will update this section if that changes.]

Brazil (LGPD): Brazilian users have rights similar to GDPR. You may contact us to exercise rights under the Lei Geral de Proteção de Dados (LGPD). Our legal basis for processing in Brazil is similar to those outlined for GDPR (performance of contract, legitimate interest, consent, etc., as applicable).

Australia Privacy: If you are in Australia, and the Australian Privacy Act applies, note that by using the Platform, you consent to the transfer of your data overseas as described. You can contact us with any complaints or requests, and we will handle them per the Australian Privacy Principles.

Other Jurisdictions: If you are in a jurisdiction not specifically mentioned, we still value your privacy. This Policy outlines our practices globally. We will adhere to any mandatory rights or disclosures required by the laws of your country to the extent they apply to Redress Space Ltd. Feel free to reach out with any questions about how we handle data in your region.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  • Redress Space Ltd
  • Attn: Privacy Team
  • Email: [[email protected]]
  • Address: Parker Russell, Level 30, The Leadenhall Building, 122 Leadenhall Street, City of London, London EC3V 4AB, United Kingdom

We will be happy to assist you and will respond as soon as reasonably possible, generally within the timeframes required by law for any privacy requests.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make material changes, we will notify pilot users by appropriate means – for example, by sending an email to registered users or by posting a notice within the Platform. The “Last Updated” date at the top will always indicate when the latest changes were made.

It’s important that you review the Policy whenever we update it, to stay informed about how we protect your information. If you continue to use the Platform after a change to this Policy, it will indicate your acceptance of the updated practices. If you do not agree with any updates, you should stop using the Platform and can request deletion of your data.

We encourage you to periodically review this combined Terms of Use and Privacy Policy document to be aware of our current terms and practices.

By clicking “Accept and Continue” (or similar) and using the Redress Space Ltd Platform Pilot Program, you confirm that you have read and understood these Terms of Use and Privacy Policy, and that you agree to abide by them.