Privacy Policy

InteractiveAI Ltd., an Irish company with registration number 790653, registered office at 31-32 Leeson Street Lower, Dublin 2, Dublin, Ireland (“InteractiveAI”, “we”, “us”, or “our”) is committed to protecting your privacy and ensuring transparency regarding how we process personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our AI platform and implementation services.

We process personal data for the following purposes and on the following legal bases:

Performance of Contract: We process personal data to deliver professional services to implement AI-native systems and related integrations on the InteractiveAI platform. This includes discovery and mapping, build and training, testing and tuning, and deployment and handover activities.

Legitimate Interests: We may process personal data where necessary for our legitimate interests, including improving our services, protecting confidential information, and managing our business relationships.

Compliance with Legal Obligations: We process personal data to comply with applicable laws and regulations, including export controls and sanctions laws.

Consent: Where required by law, we will obtain your consent before processing certain categories of personal data.

We may process the following categories of personal data:

Client Contact Information: Names, titles, email addresses, and contact details of client representatives.

Professional Information: Job titles, roles, and organisational information.

Technical Data: Information relating to system configurations, workflows, integrations, datasets, prompts, and monitoring data.

Communications Data: Information contained in correspondence, feedback, and support requests.

Usage Data: Metrics and logs relating to platform usage, token consumption, storage, and compute usage.

The categories of data subjects whose personal data we process include:

• Client employees, directors, and officers
• Client contractors and professional advisers
• End users of AI systems implemented for clients

We may disclose personal data to the following categories of recipients:

Subcontractors and Service Providers: We may engage qualified subcontractors to perform portions of our services. Any such subcontractors will be bound by appropriate data protection obligations.

Third-Party Service Providers: We may use third-party services including LLMs, embedding providers, cloud resources, and enterprise tools. A list of approved sub-processors is maintained and updated in accordance with our data protection obligations.

Professional Advisers: We may disclose personal data to our legal counsels, auditors, and other professional advisers who are bound by confidentiality obligations.

Legal and Regulatory Authorities: Where required by law, regulation, or court order, we may disclose personal data to competent authorities.

We may transfer personal data outside the European Economic Area or the United Kingdom only where:

• The recipient country benefits from an adequacy decision
• Appropriate safeguards are in place, including EU Standard Contractual Clauses or UK International Data Transfer Addendum
• Another valid transfer mechanism applies under applicable data protection laws

Where processing is subject to data protection laws outside the EEA and UK, we will implement supplementary terms as required.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations.

Upon termination or expiration of our services, we will, at the client’s choice, delete or return all personal data, unless applicable law requires retention. We may retain copies in routine backup archives maintained in the ordinary course of business, which shall be destroyed in accordance with our retention policies, and one archival copy solely for evidentiary and compliance purposes.

Confidential information, including personal data, will be protected for five years following termination or expiration of our agreement, except that trade secrets and source code will be protected for so long as such information remains a trade secret under applicable law.

Under applicable data protection laws, you have the following rights:

• Right of Access: You have the right to obtain confirmation as to whether we are processing your personal data and to access that data.
• Right to Rectification: You have the right to request correction of inaccurate personal data.
• Right to Erasure: You have the right to request deletion of your personal data in certain circumstances.
• Right to Restriction of Processing: You have the right to request restriction of processing in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to processing based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time.

We implement appropriate technical and organisational security measures to protect the confidentiality, integrity, and availability of personal data. These measures include:

• Encryption of personal data in transit and at rest
• Access controls and authentication mechanisms
• Regular security testing and vulnerability assessments
• Incident response and business continuity procedures
• Staff training on data protection and security
• Physical security measures for data centre facilities where applicable

We ensure that personnel authorised to process personal data are bound by appropriate confidentiality obligations. We protect confidential information using at least the degree of care we use to protect our own confidential information of like importance, and in no event less than a reasonable standard of care.

We will notify affected clients without undue delay, and within 48 hours, upon becoming aware of a personal data breach, providing sufficient detail to enable the client to meet its notification obligations to supervisory authorities and data subjects.

We will promptly notify clients upon becoming aware of any unauthorised use or disclosure of personal data.

Clients are responsible for ensuring that their use of AI systems and outputs complies with applicable industry standards, regulatory regimes, and internal policies, including end-user disclosures where required.

If you believe that your personal data has been processed in violation of the General Data Protection Regulation (GDPR), you have the right to lodge a complaint with a supervisory authority.

In Ireland, the competent supervisory authority is:

You also have the right to lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable legal requirements. The “Last Updated” date at the top of this policy indicates when it was most recently revised.

This Privacy Policy is governed by the laws of Ireland, excluding conflict-of-law rules. The courts of Dublin, Ireland have exclusive jurisdiction over any disputes arising from this Privacy Policy.

If you have questions about this Privacy Policy or our data practices, please contact us: