Privacy Policy

Effective date: 13 October 2025

Vigilant AI2 Ltd (trading as Vigilant AI.ai) ("Vigilant AI", "we", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit www.vigilant-ai.ai or any website we operate that links to this notice (the “Site”). It also explains your rights and how to contact us.

Scope
This policy covers our marketing websites and contact channels only. If you later become a customer or use any Vigilant AI.ai product or sandbox we provide under a separate agreement, we will give you a product‑specific privacy notice and data processing terms.

1) Who we are (data controller)

Vigilant AI2 Ltd (company number 16093045) is the data controller for the personal data collected via the Site.

Registered office: 1 Pride Place, Pride Park, Derby, Derbyshire, DE24 8QR, United Kingdom
Contact (privacy): data-privacy@vigilant-ai.ai
Postal contact: Data Protection, Vigilant AI2 Ltd, at the above address
Data Protection Officer: Hon Data Privacy Lead - Michael Anyfantakis

ICO registration number: ZB925662 (registered 30 June 2025; renewal due 29 June 2026)

2) What data we collect and why

We collect the minimum necessary information to operate the Site, respond to you, and improve our content. The table below summarises the purposes and lawful bases under the UK GDPR.

• Provide and secure the Site (e.g., load pages, prevent abuse) — IP address; device and browser data; basic logs; cookie preferences — Legitimate interests (running a secure website) and legal obligations (security) — 12 months for security logs unless needed longer for investigations.

• Analytics and improvement (only if you consent) — Pseudonymous usage and event data; approximate location; device info — Consent (settings changeable any time) — 14–26 months, depends on the tool.

• Contact us / demo requests — Name; work email; company; role; phone; your message — Legitimate interests (responding to B2B enquiries) or pre-contract steps upon request — 24 months after last meaningful contact.

• Newsletter / updates — Name; email; subscription preferences; engagement metrics — Consent (you can unsubscribe any time) — Until you unsubscribe, then a limited suppression record is retained.

• Events & webinars — Registration info; participation data — Legitimate interests (manage events you sign up for) — 24 months.

• Recruitment (if you apply) — CV; cover letter; interview notes; right-to-work documents — Pre-contract steps and legal obligations — 6 months after decision (or longer with your consent, if local law permits).

3) Cookies & similar technologies

We only set essential cookies by default. We ask for your consent before setting any non‑essential cookies (e.g., analytics). You can change or withdraw consent at any time via the cookie banner or your browser settings.

• See our separate Cookie Policy for a full list of cookies, providers, purposes, and lifespans.
  
  
• Analytics, if enabled, is configured with IP anonymisation and data minimisation where supported.
  
  

Your choices: You can reject non‑essential cookies and still use the Site. Some features may be limited if you block all cookies.

4) Where your data comes from

• Directly from you when you submit a form, register for an event, or communicate with us.
  
  
• Automatically from your device when you browse the Site (see Cookies).
  
  
• From event partners where you register via a third‑party platform (we’ll tell you at the point of collection).
  
  

5) Who we share data with

We do not sell your personal data. We share limited information with trusted service providers who help us run the Site and manage our communications, for example:

• Hosting & infrastructure (cloud hosting, content delivery, DDoS protection)
  
  
• Website operations (site platform, forms, consent management)
  
  
• Analytics (only if you consent)
  
  
• Communications (email delivery, scheduling tools; only when you interact)
  
  
• Event platforms (if you register for an event or webinar)
  
  

Each provider acts under a contract and may only use your data to deliver the services we request. If the law or regulators require it, we may also share data with public authorities.

6) International transfers

Some providers may process data outside the UK. When we transfer personal data internationally, we use approved safeguards, for example:

• the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; and/or
  
  
• transfers to US organisations certified under the UK–US Data Bridge; and/or
  
  
• other mechanisms recognised under UK law (e.g., adequacy regulations).
  
  

We assess vendors before onboarding and apply additional measures where appropriate.

7) How we protect your data

We implement technical and organisational measures aligned to our compliance‑by‑design approach, including access controls, encryption in transit and at rest (where supported), environment segregation, audit logging, and regular reviews of our security posture. We restrict staff access to personal data on a need‑to‑know basis and train our team on data protection and security.

8) Your rights

Under UK data protection law, you have rights to:

• Access your personal data and get a copy
  
  
• Correct inaccurate data
  
  
• Erase data in certain circumstances
  
  
• Restrict or object to processing, including objections to direct marketing
  
  
• Port data you provided to us in a structured, commonly used, machine‑readable format
  
  
• Withdraw consent at any time where processing relies on consent (e.g., analytics cookies)
  
  

To exercise your rights, email data-privacy@vigilant-ai.ai. We may need to verify your identity. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at www.ico.org.uk or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

9) Children

Our Site is aimed at professionals and is not intended for children under 13. We do not knowingly collect children’s data.

10) Automated decision‑making

We do not carry out automated decisions producing legal or similarly significant effects via the Site.

11) How long we keep data

We keep personal data only as long as needed for the purposes described in this policy (see retention table above), to comply with legal or accounting requirements, or to resolve disputes. When we no longer need personal data, we will delete or irreversibly anonymise it.

12) Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, guidance, or our operations. We will post the updated version with a new effective date, and where changes are material, we will provide a prominent notice on the Site.

13) Contact us

If you have questions about this policy or how we handle personal data, contact us at data-privacy@vigilant-ai.ai.