90% Security Score: AWS Foundational Security Best Practices

90% Security Score: AWS Foundational Security Best Practices

Get in contact

Aibly Limited Privacy Policy

Last updated: October 2025

Company No: 15837048

Registered Office: Globe House, Sittingbourne Road, Maidstone, England, ME14 3EN

Data Protection Contact: [email protected]

1. About This Privacy Policy

Aibly Limited (“Aibly”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data.

This policy explains how we handle your information when you visit our website, communicate with us, or use our services. It also explains your rights and how you can exercise them.

We are based in the United Kingdom and comply with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and other relevant laws.

2. Who We Are and Our Roles

Aibly is a UK-based AI company. We process personal data in two main ways:
– As a Data Controller: when we collect and use personal data for our own purposes (e.g., through our website, HR, or marketing).

– As a Data Processor: when we process personal data on behalf of our customers (the “data controllers”) who use our AI products and services.

When acting as a data processor, we only handle data under our customers’ written instructions and in accordance with agreed Data Processing Agreements (DPAs).

We apply appropriate technical and organisational measures to protect that data and only use approved sub-processors (i.e. third-party service and technology providers) who meet equivalent standards of security and compliance.

If you are an end-user or individual whose data is processed by our systems on behalf of a customer, you will need to contact that organisation directly for any data-protection related queries.

3. The Information We Collect

As a Data Controller, during the course of running our business we collect and use personal data depending on how you interact with us. For example, in order to use or enquire about or services, or just get in touch with us, you might submit it to us through our website, an online form, via email or post. This may include:
– Identity data – name, title, role, employer.
– Contact data – email address, telephone number, business address.
– Technical data – IP address, browser type, operating system, and other device information collected through cookies or similar technologies, when you visit our website.
– Usage data – how you use our website or services. This data will typically collected through cookies and similar technologies.
– Communication data – your correspondence with us, such as queries or support requests.
– Photos – of you at work or for promotional purposes.

We do not intentionally collect “special-category” personal data (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) through the website.

4. How We Use Your Information

We use personal data for a number or purposes to operate our business, including:
– Operate and improve our website and services, including providing services that we have contractually agreed with you.
– Respond to enquiries and provide customer support.
– Manage our relationship with you, including updates about our products or services (where lawful).
– Maintain business records and comply with legal obligations.
– Protect our systems and detect or prevent security incidents.

We only use your information where there is a lawful basis to do so under UK GDPR, such as:
– Consent – e.g., when you sign up for marketing communications.
– Contract – when processing is necessary to perform a contract with you or your organisation.
– Legal obligation – when we need to process personal data in order to comply with the law.
– Legitimate interests – for example, to improve our website, secure systems, or manage relationships. We will always balance our interests with those of the owners of the data that we process, in order that any processing is fair and proportionate.

5. Our Role as a Data Processor

When we act as a processor for our customers (our Data Controller), as outlined earlier, we do so to provide  products and services that we have agreed. As a Data Processor:
– We process personal data only on their documented instructions.
– We ensure confidentiality, security, and restricted access.
– We require all sub-processors to meet our privacy and security standards.
– We notify our customers promptly of any data-breach incidents.
– We support our customers in meeting their own GDPR obligations, including responding to data-subject requests.

6. Cookies and Similar Technologies

Our website uses cookies to make it work efficiently and to understand how visitors use it.
You can manage or disable cookies in your browser settings. Further details are provided in our Cookie Policy.

7. Data Sharing

During the course of running our business, and where we are allowed to do so, we may share personal data with:
– Our service providers and business partners who help us run our website, marketing, or IT systems.
– Professional advisers (e.g., accountants, auditors, or legal consultants).
– Regulatory bodies, law enforcement, or courts where legally required.
– Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

All third-party recipients of shared data are bound by confidentiality and data-protection obligations.

8. International Data Transfers

Most of our data processing occurs within the UK or European Economic Area (EEA) although we do transfer data internationally for purposes such as storing and processing data with providers including Microsoft, Amazon Web Services and Google.

If we transfer data outside these regions, we ensure appropriate safeguards are in place — such as UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or EU Standard Contractual Clauses where applicable.

If we transfer our customer’s personal data to other jurisdictions we only do so with their permission, which we agree in contracts.

9. Data Retention

We only keep personal data for as long as necessary for the purposes we collected it, including to meet legal, accounting, or reporting requirements. When data is no longer required, it is securely deleted or anonymised.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

10. Security of Your Data

We apply appropriate technical and organisational measures to keep personal data secure, including:
– Encryption, firewalls, and access controls so that data is only accessed by the appropriate people in our business.
– Secure development practices and regular vulnerability testing.
– Staff training, confidentiality obligations, and incident response procedures.
– Regular review of security policies and controls to maintain resilience.

While we take every reasonable step to protect your data, no system or data transmission over the internet can be guaranteed to be completely secure. Accordingly, we cannot guarantee the absolute security of your information, but we continuously monitor and improve our controls to minimise risk.

11. Children’s Data

Our website and services are not directed at children under 16 years of age.
We do not knowingly collect data from children. If we become aware that a child’s personal data has been collected, we will delete it promptly.

12. Automated Decision-Making

We do not use automated decision-making or profiling through our website.
Where any AI-based services perform automated processing for our customers, this is done solely under their instructions and governance as data controllers.

13. Your Rights

You have the following rights under UK data-protection law:
– Access – to request a copy of the personal data we hold about you.
– Correction – to request correction of inaccurate or incomplete data.
– Erasure – to request deletion of your personal data in certain circumstances.
– Restriction – to request restriction of processing.
– Portability – to request transfer of your data to you or another organisation.
– Objection – to object to processing based on legitimate interests or direct marketing.
– Withdraw consent – where processing is based on consent.

You can exercise your rights by contacting us at [email protected]. We may need to verify your identity before responding.

If you are not satisfied, you have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk. Their email and postal address are available on their website.

14. Changes to This Policy

We may update this policy from time to time to reflect legal or operational changes.
The latest version will always be available on our website, with the date of the most recent update clearly shown.

Contact Us

For any privacy-related queries, please contact:
Compliance Team, Aibly Limited
Email: [email protected]