Privacy Policy

Last Updated: 01/07/2025

1. Introduction

RaiDOT (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (raidot.ai) and use our AI risk assessment platform (platform.raidot.ai).

Data Controller: D-Ready Limited
Registered Address: Stockton-on-Tees, Durham UK
Company Number: 14781254
ICO Registration: 00010742861
Contact: privacy@raidot.ai

2. Information We Collect

2.1 Personal Information

  • Account Information: Name, email address, company name, job title, phone number
  • Profile Data: Professional background, AI expertise level, industry sector
  • Payment Information: Billing address, payment method details (processed by Stripe)
  • Communication Data: Messages, support tickets, consultation requests

2.2 AI System Information

  • Assessment Data: Information about your AI systems, risk evaluations, and compliance assessments
  • Technical Data: AI system specifications, implementation details, operational context
  • Usage Data: Platform interactions, feature usage, assessment results

2.3 Automatically Collected Information

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Analytics: Page views, session duration, click patterns, feature usage
  • Cookies: As detailed in our Cookie Policy

3. How We Use Your Information

3.1 Primary Purposes

  • Service Delivery: Provide AI risk assessments, compliance reports, and certification services
  • Account Management: Create and maintain your account, process payments, and provide support
  • Platform Improvement: Enhance our AI assessment algorithms and user experience
  • Compliance: Meet legal obligations and regulatory requirements

3.2 Communications

  • Service Communications: Assessment results, certification updates, platform notifications
  • Marketing Communications: Newsletter, product updates, training opportunities (with consent)
  • Support Communications: Response to inquiries, technical assistance

3.3 Legal Basis (GDPR)

  • Contract Performance: Providing our services as agreed
  • Legitimate Interest: Platform improvement, security, fraud prevention
  • Consent: Marketing communications, non-essential cookies
  • Legal Obligation: Compliance with applicable laws and regulations

4. Information Sharing and Disclosure

4.1 We Do Not Sell Personal Data

We do not sell, rent, or trade your personal information to third parties.

4.2 Sharing for Service Delivery

  • Service Providers: Cloud hosting (AWS/Azure), payment processing (Stripe), email services
  • Professional Partners: Teesside University (for research collaboration), expert consultants
  • Certification Bodies: When providing certification services (with your consent)

4.3 Legal Requirements

We may disclose information when required by law, court order, or regulatory authority.

4.4 Business Transfers

In case of merger, acquisition, or asset sale, your information may be transferred (you will be notified).

5. Data Security and Retention

5.1 Security Measures

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication, regular access reviews
  • Infrastructure: Secure cloud hosting with ISO 27001-certified providers
  • Monitoring: 24/7 security monitoring, intrusion detection, vulnerability assessments

5.2 Data Retention

  • Account Data: Retained while the account is active, plus 7 years for legal compliance
  • Assessment Data: Retained for 10 years for certification and audit purposes
  • Marketing Data: Until consent is withdrawn
  • Technical Logs: 12 months for security and performance analysis

5.3 Data Anonymisation

AI system data may be anonymised for research and platform improvement purposes.

6. International Data Transfers

6.1 Transfer Safeguards

When transferring data outside the UK/EU, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Standard Contractual Clauses: EU-approved transfer mechanisms
  • Certification Schemes: Privacy frameworks like Privacy Shield successors

6.2 Cloud Providers

Our cloud infrastructure may process data in multiple jurisdictions, always with appropriate safeguards.

7. Your Privacy Rights

7.1 GDPR Rights (UK/EU Residents)

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Limit processing of your data
  • Portability: Receive your data in a structured format
  • Objection: Object to processing based on legitimate interests
  • Automated Decision-Making: Opt out of automated profiling (where applicable)

7.2 Additional Rights

  • Withdraw Consent: For marketing communications and non-essential cookies
  • Complaint: Lodge complaints with the ICO (UK) or the relevant supervisory authority

7.3 Exercising Rights

Contact us at privacy@raidot.ai or use the privacy controls in your account settings.

8. Cookies and Tracking Technologies

8.1 Essential Cookies

  • Authentication: Keep you logged in securely
  • Security: Protect against fraud and unauthorised access
  • Platform Function: Enable core platform features

8.2 Analytics Cookies

  • Usage Analytics: Google Analytics (anonymised), platform usage statistics
  • Performance Monitoring: Error tracking, load time optimisation

8.3 Marketing Cookies

  • Advertising: Google Ads, LinkedIn advertising (with consent)
  • Social Media: Integration with professional networks

Cookie Management: Control cookie preferences through our Cookie Consent banner or browser settings.

9. Third-Party Services

9.1 Integrated Services

  • Stripe: Payment processing (PCI DSS compliant)
  • Google Workspace: Email and productivity tools
  • AWS/Azure: Cloud infrastructure and data storage
  • Intercom: Customer support and communications

9.2 External Links

Our platform may contain links to third-party websites. We are not responsible for their privacy practices.

10. Children’s Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children.

11. AI and Automated Processing

11.1 AI Risk Assessment

Our platform uses AI to analyse your AI systems and generate risk assessments. This processing is:

  • Transparent: Assessment criteria and methodologies are documented
  • Explainable: Results include reasoning and recommendations
  • Reviewable: Expert human oversight available for all assessments

11.2 Automated Decisions

We do not make solely automated decisions with legal or significant effects without human oversight.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. Material changes will be communicated via:

  • Email notification to registered users
  • Platform notification upon login
  • Website notice for 30 days

13. Contact Information

13.1 Privacy Inquiries

Email: privacy@raidot.ai
Mail: Privacy Officer, D-Ready Limited, Infinity View, Stockton-on-Tees, Durham, UK

13.2 Data Protection Officer

Email: legal@raidot.ai

13.3 Supervisory Authority

UK: Information Commissioner’s Office (ICO) – ico.org.uk

14. Legal Framework

This Privacy Policy is governed by:

  • UK GDPR (Data Protection Act 2018)
  • Privacy and Electronic Communications Regulations (PECR)
  • Computer Misuse Act 1990
  • Other applicable UK data protection laws

Acknowledgement: By using our services, you acknowledge that you have read and understood this Privacy Policy.

Scroll to Top