Privacy Policy

Last updated: 27 May 2025

1. Introduction

Systemic Labs Limited (trading as 'AnalystEngine') ("we", "us", or "our") respects your privacy and is committed to protecting personal data in accordance with the UK General Data Protection Regulation ("UK GDPR"), the EU GDPR, and other applicable laws. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you:

• visit or interact with analystengine.io (the "Website"); or
• access or use the AnalystEngine software-as-a-service platform (the "SaaS Application", together with the Website, the "Services").

Please read this Policy carefully. By using the Services, you acknowledge that you have read and understood its terms.

Not legal advice: This Policy is provided for information only and does not constitute legal advice. You should obtain independent legal advice to ensure compliance with your specific obligations.

2. Who We Are (Our Data Protection Roles)

• Legal entity: Systemic Labs Limited
• Company number: 16367262
• Registered address: 98 Bedford Road, SW4 7HB, London
• Contact email: info@analystengine.io

For the purposes of the UK GDPR/EU GDPR:

• We are the data controller for personal data we collect directly from you (such as when you contact us via our Website, request a demo, or create an account).
• We are the data processor for personal data that our customers upload to the SaaS Application. In this case, our customers are the data controllers and are responsible for ensuring they have appropriate legal basis to process such data.

3. What Personal Data We Collect

A. Data you provide to us

Context	Categories of data	Typical source
Demo / contact form (Website)	• Work name • Work email • Company • Any additional information you include	Visitor completing form
Account creation (SaaS Application)	• First & last name • Business email • Job title/role	Customer's authorised user
Uploaded content (SaaS Application)	• Any information the customer chooses to upload or integrate (may include personal data)	Customer and its users

B. Data we collect automatically

• Technical & usage data: IP address, browser type, device identifiers, referring pages, pages visited, time spent, and similar diagnostic logs.
• Cookie data: Essential cookies required for the Website to function. We do not use marketing cookies.

We do not deliberately collect special category data. Users are responsible for removing or anonymising personal data in documents they upload where feasible.

4. Purposes & Lawful Bases for Processing

Purpose	Lawful basis (UK/EU GDPR Art 6)
Provide a requested demo or respond to enquiries	Contract – processing is necessary to take steps at your request prior to entering into a contract (Art 6 (1)(b))
Create and manage user accounts; deliver the SaaS Application	Contract (Art 6 (1)(b))
Operate, secure, and improve the Services; prevent fraud and abuse	Legitimate interests – our interest in ensuring the security and performance of the Services (Art 6 (1)(f))
Comply with legal or regulatory obligations	Legal obligation (Art 6 (1)(c))
Set essential cookies	Legitimate interests (Art 6 (1)(f))
Optional marketing communications (only if expressly requested)	Consent (Art 6 (1)(a))

We rely on customers to ensure they have a valid legal basis to upload any personal data to the SaaS Application.

5. Artificial Intelligence (AI) Processing

We employ third-party AI models exclusively to generate real-time outputs requested by users (e.g., document analysis). We do not use customer-submitted data to train, fine-tune, or improve AI models. Input data is processed transiently and is not stored by the model provider. Some information may be retained by model providers for up to 30 days for the purposes of security and fraud monitoring.

6. How We Share Personal Data

We do not sell personal data. We may disclose it only:

1. Service providers acting as processors under written agreements, including:
   • Cloud hosting & storage (servers located in the EU/UK)
   • Authentication & identity management
   • AI model infrastructure
   • Email delivery & support tools
2. Professional advisors (lawyers, auditors) under confidentiality.
3. Authorities where required by law or to defend legal claims.
4. Business transfers if we merge, sell, or reorganise all or part of our business (notice will be provided where required).

All processors are contractually bound to implement appropriate security measures and process data only on our instructions.

7. International Transfers

Where we transfer personal data outside the UK or European Economic Area, we ensure an adequate level of protection by:

• Using destinations covered by an adequacy decision; or
• Implementing the UK/EU Standard Contractual Clauses with supplementary measures where necessary.

You may request a copy of relevant transfer safeguards via the contact details above.

8. Data Retention

Data category	Retention period
Demo / contact enquiries	12 months after last interaction, unless you become a customer or ask us to delete sooner
SaaS account data	For the term of the customer contract plus 90 days, then deleted or anonymised
Uploaded content	As above
Logs & diagnostics	Up to 30 days, unless required for security or legal reasons, in which case, up to 7 years

9. Security

Refer to our Terms of Service for a comprehensive overview of our security commitments.

10. Your Data Protection Rights

Under the UK/EU GDPR you have rights to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Erase data in certain circumstances
• Restrict or object to processing
• Data portability
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority

To exercise any of these rights, contact us using the details in §2. We will respond within one month.

11. Cookies

We use the following types of cookies:

Strictly necessary cookies

• Maintain session state after you sign in
• Balance server load for high availability

Analytics cookies

We use anonymised usage metrics to:

• Understand how users interact with our Website and SaaS Application
• Improve user experience and functionality
• Identify technical issues and optimize performance

These analytics cookies collect data in an anonymised form and do not identify individual users. We do not use advertising cookies or share data with third-party advertisers.

You can disable cookies via your browser settings, though this may affect the functionality of the Website and Services.

12. Children

The Services are directed to business users and are not intended for children under 16. We do not knowingly collect data from children.

13. Changes to This Privacy Policy

We may update this Policy from time to time. Material changes will be notified via the Website or by email. The "Last updated" date at the top indicates when the Policy was last revised.

14. Contact Us

For any questions about this Privacy Policy or our privacy practices, please contact:

Data Protection Lead
Systemic Labs Limited
98 Bedford Road
SW4 7HB
London
Email: info@analystengine.io

If you are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (https://ico.org.uk) or your local supervisory authority.