This Privacy Policy explains how Licentium collects, uses, stores, shares, and otherwise processes personal data in connection with https://www.licentium.io/, related applications, connected tools, subdomains, communications, and digital products (collectively, the "Services").

For purposes of this Privacy Policy, the data controller is LICENTIUM LTD, a company registered in England and Wales under company number 17057360, with registered office at 128 City Road, London, EC1V 2NX ("Licentium", "we", "us", or "our").

This Privacy Policy applies where Licentium acts as a controller of personal data, including when you:

• visit our website;

• submit an enquiry through our contact forms;

• book or request a call, demo, consultation, or meeting;

• sign up for or use our AI tools, portals, or applications;

• purchase or attempt to purchase digital products, subscriptions, consultations, or other Services;

• correspond with us by email, messaging tool, or support channel;

• subscribe to alerts, newsletters, or marketing communications; or

• otherwise interact with us in a professional or commercial context.

Where Licentium processes personal data solely on your behalf under a separate enterprise, advisory, or professional-services agreement and a separate data processing addendum or service agreement applies, that separate agreement may supplement or override parts of this Privacy Policy for that specific processing relationship.

Depending on how you interact with us, we may collect the following categories of personal data.

A. Identity and contact data

This may include your name, business name, job title, employer or organisation, email address, telephone number, country, and other contact details.

B. Account and authentication data

If you register for an account or use a gated application, we may collect login credentials, hashed passwords, account identifiers, profile settings, subscription status, authentication events, and related security information.

C. Enquiry, support, and communications data

If you contact us, book a meeting, submit a form, request a demo, or communicate with us, we may collect the contents of your message, attachments, records of correspondence, support history, calendar-booking details, and notes associated with the interaction.

D. Input, upload, and generated-content data

If you use AI-enabled or document-processing features, we may collect prompts, messages, text pasted into tools, uploaded files, PDFs, images, contextual notes, request history, generated outputs, and technical metadata linked to those interactions.

E. Transaction and billing data

If you purchase Services, we may collect billing name, billing address, VAT or tax information where relevant, order details, subscription records, payment status, invoice records, and limited payment-related data received from our payment processor. Full payment card details are typically collected and processed directly by the payment processor rather than by Licentium.

F. Usage, device, and technical data

We may collect IP address, approximate geolocation derived from IP, browser type, operating system, device identifiers, referral URLs, timestamps, clickstream data, feature usage, performance logs, diagnostic data, and security-event data.

G. Marketing and preference data

We may collect your communication preferences, opt-in or opt-out status, event registrations, survey responses, and records of your interaction with marketing communications.

H. Public, professional, and due-diligence information

Where relevant for business development, compliance, fraud prevention, or account verification, we may collect information from public sources, professional networking platforms, sanctions or screening tools, or business records.

Unless we expressly ask for it and you have a lawful basis to provide it, please do not submit:

• privileged or highly confidential legal advice material;

• special-category personal data (such as health, biometric, or racial or ethnic origin data);

• criminal-offence data;

• children's personal data; or

• personal data of third parties where you have no lawful basis to disclose it.

If you nevertheless submit such information, you represent that you are authorised to do so and that Licentium may process it as necessary to provide the requested Services, protect its rights, and comply with law.

We collect personal data:

• directly from you when you fill in forms, create an account, use our tools, upload material, make a purchase, or contact us;

• automatically through cookies, logs, scripts, and similar technologies when you browse or use the Services;

• from payment, scheduling, analytics, hosting, security, and other service providers that support the Services;

• from publicly available sources, professional directories, social media, or business records; and

• occasionally from colleagues, counterparties, advisers, or referral partners where they introduce you or your organisation to us.

We use personal data only where we have a valid legal basis. Depending on the context, one or more of the following lawful bases may apply under the UK GDPR and, where relevant, the EU GDPR: performance of a contract, taking steps at your request before entering into a contract, compliance with a legal obligation, consent, and our legitimate interests.

We may use personal data for the following purposes:

A. To operate the website and applications

We use identity, technical, and usage data to make the Services available, administer accounts, authenticate users, prevent abuse, secure infrastructure, and maintain system integrity. Lawful basis: legitimate interests and, where relevant, performance of a contract.

B. To provide products and services you request

We use account, transaction, input, output, and communications data to deliver subscriptions, AI tools, reports, consultations, digital products, support, and other requested Services. Lawful basis: performance of a contract and steps taken at your request before entering into a contract.

C. To process payments, orders, tax, and records

We use transaction and billing data to process orders, handle renewals, issue invoices, maintain accounting records, detect payment fraud, and manage disputes and refunds. Lawful basis: performance of a contract, legal obligation, and legitimate interests.

D. To communicate with you

We use contact and communications data to respond to enquiries, send service notices, schedule meetings, provide onboarding information, and administer the commercial relationship. Lawful basis: performance of a contract, steps at your request, and legitimate interests.

E. To improve, test, and develop the Services

We may analyse usage data, prompts, files, outputs, error reports, and service interactions to troubleshoot issues, improve product quality, develop new functionality, measure performance, evaluate model behaviour, enforce safety rules, and refine workflows. Where reasonably possible, we may also aggregate or de-identify data for analytics and product improvement. Lawful basis: legitimate interests.

F. To send marketing and business-development communications

We may send updates, invitations, newsletters, or service-related promotional communications where permitted by law. For individuals, we will seek consent where required. For corporate contacts and business-to-business communications, we may rely on legitimate interests where permitted, subject always to your right to object or unsubscribe. Lawful basis: consent and/or legitimate interests, depending on the context.

G. To comply with law, enforce rights, and manage risk

We may use personal data to comply with legal obligations, respond to regulators, courts, law enforcement, or payment processors, enforce contractual rights, investigate misuse, defend legal claims, and protect our business, personnel, users, systems, and reputation. Lawful basis: legal obligation and legitimate interests.

We may use cookies, pixels, local storage, and similar technologies to run the website and applications, remember preferences, understand usage, measure performance, secure sessions, and improve user experience.

Some cookies and similar technologies are strictly necessary for the Services to function. Others, including analytics, advertising, or social-media-related technologies, may require your consent depending on applicable law.

Where consent is required, we will request it through an appropriate consent mechanism before setting non-essential technologies. You can also manage certain cookies through your browser settings or any cookie-management tool we make available.

We may share personal data with the following categories of recipients where reasonably necessary:

A. Service providers and subprocessors

This includes hosting providers, cloud infrastructure providers, analytics providers, security providers, customer support tools, communications platforms, scheduling providers, storage providers, payment processors, identity and authentication providers, and AI or machine-learning infrastructure providers used to operate the Services.

B. Payment and billing providers

Where you make a purchase, personal data may be shared with payment providers such as Stripe to process payments, verify transactions, help prevent fraud, handle disputes, and manage refunds.

C. Scheduling and communications providers

If you book a call or consultation, we may share relevant data with scheduling and communications providers, including Calendly or comparable tools, as necessary to arrange and manage the meeting.

D. Professional advisers and corporate counterparties

We may disclose personal data to lawyers, accountants, auditors, insurers, payment advisers, financing counterparties, or transaction advisers where reasonably necessary for legitimate business purposes.

E. Authorities and other third parties where required

We may disclose personal data if required by law, regulation, court order, legal process, or regulatory request, or where we consider disclosure reasonably necessary to establish, exercise, or defend legal rights, enforce our Terms, or protect persons, systems, or property.

F. Corporate transactions

If we undergo or explore a merger, acquisition, restructuring, financing, insolvency process, sale of assets, or similar corporate transaction, personal data may be disclosed to relevant counterparties and advisers, subject to appropriate confidentiality measures.

We do not sell personal data in the ordinary meaning of that term.

We may transfer, store, or process personal data outside the United Kingdom or European Economic Area, including in countries that may not have equivalent data protection laws.

Where we make restricted international transfers, we will use appropriate safeguards where required, such as:

• adequacy regulations or adequacy decisions;

• the UK International Data Transfer Agreement or UK Addendum to the EU Standard Contractual Clauses;

• the EU Standard Contractual Clauses; or

• another lawful transfer mechanism recognised under applicable law.

You can request further information about relevant transfer safeguards by contacting us.

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain records, comply with law, resolve disputes, and protect our legal position.

Retention periods vary depending on context, but we may typically retain:

• enquiry and general correspondence data for up to 24 months after the last meaningful interaction;

• account data for the life of the account and a reasonable period afterward;

• transaction, tax, invoicing, and payment records for up to 6 years or longer where legally required;

• support, security, and abuse-prevention logs for as long as reasonably necessary for audit, defence, and security purposes;

• prompts, uploads, outputs, and related metadata for as long as reasonably necessary to operate, support, investigate, improve, and defend the Services, subject to product design, deletion workflows, contractual commitments, and legal obligations; and

• aggregated or de-identified data for longer periods where it no longer identifies an individual.

We may retain data longer where required or permitted by law, where a complaint, claim, investigation, or dispute is ongoing, or where deletion would impair our ability to exercise or defend legal rights.

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, and unlawful destruction. However, no internet-based service, cloud environment, or transmission method is completely secure, and we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of any account credentials, using appropriate access controls, and deciding what information you submit to the Services.

Depending on your location and the circumstances, you may have the right to:

• request access to the personal data we hold about you;

• request correction of inaccurate or incomplete data;

• request deletion of personal data;

• request restriction of processing;

• object to processing carried out on the basis of legitimate interests;

• request portability of certain personal data;

• withdraw consent where processing is based on consent; and

• complain to the relevant supervisory authority.

If you are in the UK, you can complain to the Information Commissioner's Office ("ICO"). If you are in the EEA, you may complain to the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.

We may need to verify your identity before acting on a request. We may also refuse or limit a request where permitted by law.

If you no longer want to receive marketing communications from us, you can unsubscribe using the link in the message or contact us at hello@licentium.io.

Even if you opt out of marketing, we may still send non-marketing communications, including transactional, billing, support, security, service, or legal notices.

The Services may link to third-party websites, tools, payment pages, knowledge sources, or communication platforms. We are not responsible for the privacy practices of third parties, and this Privacy Policy does not apply to websites or services we do not control. You should review the relevant third-party privacy notices before providing your information.

The Services are intended for professional and business users and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can review and, where appropriate, delete the information.

We may update this Privacy Policy from time to time to reflect changes in the Services, technology, law, or our processing practices. We will post the updated version with a revised effective date. Material changes may also be notified through the Services or by other appropriate means.

For privacy questions, rights requests, or complaints, please contact Licentium at hello@licentium.io.