Privacy Notice

Last updated: 26 February 2026

1. Who we are

PrivacyAlgo Ltd is a company registered in England and Wales. We operate the PrimaVerify and CertaPrompt products.

Data Controller: PrivacyAlgo Ltd, London, United Kingdom.

Contact: Hello@PrivacyAlgo.com

2. What data we collect

We collect the minimum data necessary to operate our services and communicate with you. The data we may collect includes:

  • Account and contact information: name, work email address, organisation name, company size, and your areas of interest (e.g. privacy, verification, compliance, or due diligence). This is collected when you join our waitlist or request early access.
  • Communication preferences: whether you have opted in or out of marketing communications. If you opt out, your email is flagged as "no-marketing" in our systems so you only receive essential service communications.
  • Usage analytics: anonymised and aggregated data about how you use our products, such as which features are accessed and how often. This does not include the content of your prompts, verification queries, or any sensitive data.
  • Technical data: browser type, device type, and anonymised IP information collected automatically through standard web analytics.

3. How we process your data in our products

Our products offer different levels of verification. Understanding how data flows at each level is central to our privacy-first approach.

Client-side processing (on your device)

A basic scan runs entirely on your device. When you use CertaPrompt in this mode, your prompt content, sensitive data, and confidential information never leave your browser. The 360Redact engine identifies and strips sensitive data locally. Nothing is transmitted to our servers or to any AI provider.

Server-side processing (for rigorous verification)

For the most thorough verification, claims are verified server-side using our proprietary verification technology across 120+ databases. Before any data is sent server-side, you always have the option to use 360Redact to strip confidential content from your input. You have complete control over what data, if any, leaves your device.

Important: whenever you choose to operate outside the on-device zero-trust privacy environment, you are clearly notified before any data is transmitted. All server-side processing runs on EU data centres.

4. How we use your data

  • Service delivery: to provide, maintain, and improve PrimaVerify and CertaPrompt.
  • Communication: to contact you about your waitlist or early access request, and (if you have opted in) to send product updates and relevant information.
  • Service improvement: to analyse anonymised usage statistics (such as feature adoption rates) so we can improve the product experience. We do not use the content of your prompts or verification queries for this purpose.
  • Interest-based outreach: when you tell us your areas of interest (e.g. privacy, compliance, due diligence), we use this to tailor our communications so that the information we send you is relevant.

5. What we never do

  • We never train our systems or models on your sensitive data.
  • We never sell, rent, or share your personal data with third parties for their marketing purposes.
  • We never access the content of your prompts when you use on-device (client-side) processing.
  • We never send data to an AI provider without giving you the opportunity to strip confidential content first via 360Redact.

6. Legal basis for processing (GDPR)

  • Consent: for marketing communications. You may withdraw consent at any time.
  • Legitimate interest: for service improvement through anonymised analytics, and for contacting you about the waitlist or early access you requested.
  • Contractual necessity: for processing required to deliver the service when you use our products.

7. Marketing communications

When you sign up for our waitlist or request early access, you may choose to receive marketing communications from us. This is entirely optional.

If you opt out of marketing, your email address is flagged as "no-marketing" in our records. You will still receive essential service communications (such as confirmations and updates about your account or access), but you will not receive promotional material.

You can change your marketing preference at any time by contacting us at Hello@PrivacyAlgo.com.

8. Data retention

We retain your contact information for as long as you have an active relationship with us (e.g. you are on the waitlist, have an account, or are subscribed to communications). If you ask us to delete your data, we will do so promptly unless we are required by law to retain it.

Anonymised analytics data is retained indefinitely as it cannot be linked back to any individual.

9. Your rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing of your data.
  • Data portability (receive your data in a structured format).
  • Withdraw consent for marketing at any time.
  • Lodge a complaint with the Information Commissioner's Office (ICO) if you believe your rights have been infringed.

To exercise any of these rights, contact us at Hello@PrivacyAlgo.com.

10. Data security

We implement appropriate technical and organisational measures to protect your personal data. All server-side processing runs on EU data centres. Data in transit is encrypted using TLS. Access to personal data is restricted to authorised personnel on a need-to-know basis.

11. Cookies

We use cookies and similar technologies to operate our website and analyse usage. For full details on the cookies we use, how they work, and how to manage your preferences, please see our Cookie Notice.

12. Third-party services

We may use third-party services for analytics, hosting, and email delivery. These providers process data on our behalf and are bound by data processing agreements. We do not share your personal data with third parties for their own independent purposes.

13. International transfers

Our primary processing infrastructure is located within the European Union. Where data is transferred outside the EU/UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) in compliance with UK GDPR.

14. Changes to this notice

We may update this Privacy Notice from time to time. If we make significant changes, we will notify you by email or by placing a prominent notice on our website. The "Last updated" date at the top of this page indicates when this notice was last revised.

15. Contact us

If you have any questions about this Privacy Notice or how we handle your data, please contact us:

Email: Hello@PrivacyAlgo.com

Company: PrivacyAlgo Ltd, London, United Kingdom