Legal · Privacy

Privacy policy.

How aiGUARD Systems Limited handles personal data. UK GDPR-aligned. No cookies, no trackers, no third-party analytics.

Last updated 13 May 2026 / Draft v0.1 · pending legal review
Draft status

This privacy policy is published in draft form pending review and ratification by qualified legal counsel. It is a good-faith statement of how we handle personal data and represents our current practice; it does not yet constitute the final ratified policy. Material changes following legal review will be reflected in subsequent versions with a clear changelog.

Who we are

aiGUARD Systems Limited (“we”, “us”, “our”) is a private limited company registered in England and Wales (Company No. 17090629) with registered office at Dunleavy House, Dunleavy Drive, Cardiff, CF11 0SN, United Kingdom. We are the data controller for personal data processed in connection with this website and our direct business engagement activities.

What this policy covers

This policy applies to personal data we process in connection with:

  • visits to and use of aiguard.systems and any subdomain;
  • direct engagement enquiries received by email or other contact channel;
  • business correspondence, NDA discussions, and per-partner technical briefings;
  • SEIS / EIS-related investor engagement (handled under separate per-investor processes);
  • journalist, analyst, and industry-commentator engagement.

It does not cover personal data processed by deployers, customers, or downstream parties operating the trust stack architectures in their own environments. Those parties are separate data controllers in respect of their own deployments.

What we do, and do not, collect on this website

We do not collect visitor personal data through our own site code for marketing, analytics, profiling, or behavioural tracking. Our hosting provider, Netlify Inc., may process standard operational logs, including IP addresses on edge requests, for service-operational and security purposes. Specifically, the website itself:

  • does not set any cookies;
  • does not load any third-party analytics, advertising, or tracking pixels;
  • does not embed third-party social-media widgets or share-buttons;
  • does not run behavioural fingerprinting, session replay, or cross-site tracking;
  • does not aggregate or sell visitor data of any kind.

Our hosting provider Netlify Inc. may process standard operational logs, including request metadata and IP addresses on edge requests, for service-operational and security purposes. These logs are operated by Netlify under their own privacy policy. We do not access them for marketing, profiling, or analytics.

When you contact us directly

When you write to us by email or other direct contact channel, we receive the personal data you provide. Typically this includes your name, email address, the organisation you represent, the nature of your enquiry, and the content of your correspondence.

We hold this information for the purpose of:

  • responding to your enquiry;
  • scoping and progressing any onward partnership, engagement, or investor discussion;
  • maintaining a record of business communication consistent with our operational and corporate-governance requirements;
  • complying with applicable legal obligations.

Lawful basis for processing

Our lawful bases under UK GDPR Article 6 are:

  • Legitimate interests, for responding to enquiries and progressing business engagements where you have initiated contact;
  • Performance of a contract, where you and we have entered into an engagement or NDA, for processing necessary to perform that engagement;
  • Legal obligation, for processing required to comply with UK law (e.g. corporate records, tax, anti-money-laundering);
  • Consent, in the narrow cases where we explicitly seek your consent (e.g. for inclusion in a public case study).

How long we keep your data

We retain business correspondence and engagement records for a period appropriate to the relationship. Short-form enquiries that do not lead to onward engagement are typically retained for up to 24 months. Active engagements, NDAs, and contracts are retained for the duration of the relationship and for a further period as required by applicable law and corporate-governance obligations (typically 6–7 years post-engagement for UK statutory record-keeping).

Who we share data with

We do not sell or syndicate personal data. We share personal data only with:

  • our service providers (e.g. email hosting, document storage, secure communications) acting as data processors under contractual obligations;
  • our advisers (legal, accounting, IP, regulatory) on a professionally-confidential basis;
  • our partners and sister company Alclusio AI Limited where the engagement is operationally routed through them (with notice to you where applicable);
  • any party where we are legally compelled to disclose, in compliance with applicable law.

International transfers

Where a service provider operates infrastructure outside the United Kingdom or European Economic Area, we ensure that personal data is transferred under an appropriate safeguard recognised under UK GDPR (typically the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or transfer to a jurisdiction with a UK adequacy decision in force).

Your rights

Under UK GDPR you have the following rights in respect of personal data we hold about you:

  • the right to be informed about how we use your data (this policy);
  • the right of access (to obtain a copy of your data);
  • the right to rectification of inaccurate data;
  • the right to erasure in certain circumstances;
  • the right to restrict processing in certain circumstances;
  • the right to data portability where applicable;
  • the right to object to processing based on legitimate interests;
  • the right not to be subject to solely automated decisions producing legal or similarly significant effects;
  • the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Requests in respect of any of these rights can be made to the contact address below. We will acknowledge such requests promptly and respond within the statutory one-month window, subject to permissible extensions.

Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. Our website is served over HTTPS exclusively. Operational systems are accessed through authenticated channels. Personal-data access is limited to those with a legitimate need.

Changes to this policy

We will publish updates to this policy on this page. Where a change is material we will indicate this clearly. The current version and date are recorded at the top of this page. We recommend reviewing the policy periodically.

Contact

Data-protection enquiries, including UK GDPR rights requests, should be addressed by email to christopher.hamilton@aiguard.systems with subject line beginning PRIVACY:, or by post to aiGUARD Systems Limited, Dunleavy House, Dunleavy Drive, Cardiff, CF11 0SN, United Kingdom.

If you are not satisfied with our handling of a data-protection request, you have the right to lodge a complaint with the UK Information Commissioner's Office: ico.org.uk, helpline 0303 123 1113.