RiskAssessments.ai

Privacy Policy

Last Updated: November 2025

1. Introduction

RiskAssessments.ai ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered risk assessment platform (the "Service"). We are based in the United Kingdom and comply with UK data protection laws, including the UK GDPR and the Data Protection Act 2018.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Organisation name (if applicable)
  • Password (stored in encrypted form)
  • Account preferences and settings

2.2 Payment Information

For paid subscriptions, we collect payment information through our payment processor (Stripe). We do not store your full credit card details on our servers. Stripe handles payment processing and stores payment information securely in accordance with PCI-DSS standards.

2.3 Risk Assessment Data

Important: We do NOT permanently store the content of your risk assessments. When you use our Service to generate a risk assessment:

  • Your input data is processed through our AI system to generate risk identification suggestions
  • The assessment content is delivered to you
  • We do NOT retain copies of your scenario details, identified risks, or final assessments
  • We may temporarily cache data during the generation process, but this is deleted after delivery

We may collect anonymized, aggregated statistics about Service usage (e.g., number of assessments generated, industry categories) for analytical purposes, but this data cannot be linked back to you or your specific assessments.

2.4 Technical Information

We automatically collect certain technical information when you use the Service:

  • IP address and geographic location (country level)
  • Browser type and version
  • Device information (operating system, screen resolution)
  • Pages visited and features used
  • Date and time of access
  • Referring website or application

3. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To provide, operate, and maintain the Service
  • Account Management: To manage your account and provide customer support
  • Payment Processing: To process subscription payments and manage billing
  • AI Processing: To temporarily process your input through our AI system to generate risk assessments
  • Communication: To send you service-related emails, updates, and notifications
  • Improvement: To analyse usage patterns and improve the Service (using anonymised data)
  • Security: To detect, prevent, and address technical issues and security threats
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract: Processing necessary to perform our contract with you (providing the Service)
  • Legitimate Interests: Processing necessary for our legitimate interests in operating, improving, and securing the Service
  • Legal Obligation: Processing necessary to comply with legal requirements
  • Consent: Where you have provided consent for specific processing activities

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following circumstances:

5.1 Service Providers

We work with third-party service providers who assist us in operating the Service:

  • Clerk: Authentication and user management
  • Stripe: Payment processing
  • Anthropic: AI processing (Claude API) - data is processed but not stored by Anthropic
  • Resend: Transactional email delivery
  • Railway: Infrastructure hosting
  • Logtail: Error monitoring and logging (no personal data in logs)

These providers are contractually obligated to protect your data and only use it for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

  • Account Information: Retained while your account is active and for a reasonable period after closure to comply with legal obligations
  • Payment Information: Retained by Stripe in accordance with their retention policies and regulatory requirements
  • Risk Assessment Content: Not retained after delivery (as described in section 2.3)
  • Technical Logs: Typically retained for 90 days for security and operational purposes

7. Your Data Protection Rights

Under UK data protection laws, you have the following rights:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request restriction of processing your data in certain circumstances
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Secure hosting infrastructure with Railway

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the United Kingdom. Some of our service providers are based in the United States and other countries. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions recognising equivalent data protection standards
  • Service providers certified under recognised data protection frameworks

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Cookies are small data files stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some features of the Service.

We use the following types of cookies:

  • Essential Cookies: Required for the Service to function properly
  • Authentication Cookies: Used to keep you logged in
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how the Service is used (anonymized)

11. Children's Privacy

The Service is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us. If we discover that a child under 16 has provided us with personal data, we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We will also notify you via email for significant changes. You are advised to review this Privacy Policy periodically for any changes.

13. Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Support: [email protected]

← Back to Home
RiskAssessments.ai
    © Copyright 2025 RiskAssessments.ai. Powered by AI