Legal

Privacy Policy

How Aitemic collects, uses, and protects your personal data.

Last updated: 19 May 2026  ·  Effective: 19 May 2026  ·  Version 1.0

Summary: Aitemic Ltd is committed to protecting your privacy. We collect only what we need, store it securely, and never sell your data to third parties. This policy explains what data we collect, why, and your rights under UK GDPR.

1. Who we are

Aitemic Ltd ("Aitemic", "we", "us", "our") is a company registered in England and Wales. We operate the Aitemic platform at aitemic.com and the CyberAssure governance and compliance platform.

Data Controller: Aitemic Ltd
Contact: privacy@aitemic.com
Address: England, United Kingdom

2. What data we collect

2.1 Account and identity data

2.2 Platform usage data

2.3 Technical data

2.4 Data we do NOT collect

3. How we use your data

PurposeLegal basis
Providing the CyberAssure platform and its featuresContract (Article 6(1)(b))
Sending invitation emails and password reset linksContract (Article 6(1)(b))
Generating AI-powered gap analysis and policy documentsContract (Article 6(1)(b))
Communicating service updates, security noticesLegitimate interests (Article 6(1)(f))
Improving platform features and fixing bugsLegitimate interests (Article 6(1)(f))
Complying with legal obligationsLegal obligation (Article 6(1)(c))
Marketing communications (opt-in only)Consent (Article 6(1)(a))

4. AI processing

CyberAssure uses Claude (Anthropic) to power AI features including gap analysis, policy generation, and the AI assistant. When you use these features:

5. Data storage and security

Your data is stored in Supabase (PostgreSQL), hosted in the European Union. We implement the following security measures:

6. Data sharing

We share your data only with trusted sub-processors necessary to provide the service:

Sub-processorPurposeLocation
Supabase Inc.Database and authenticationEU (Frankfurt)
Vercel Inc.Platform hosting and CDNUS/EU (edge)
Anthropic PBCAI processing (CyberAssure AI features)US

We do not sell, rent, or trade your personal data to any third party.

7. Data retention

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, email privacy@aitemic.com. We will respond within 30 days.

9. Cookies

We use essential cookies only — no advertising or tracking cookies. See our Cookie Policy for details.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or by displaying a notice on the platform. Continued use of the platform after changes constitutes acceptance.

11. Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would appreciate the opportunity to address your concern directly first — please contact us at privacy@aitemic.com.

12. Contact

For any privacy-related queries:
Email: privacy@aitemic.com
General: hello@aitemic.com