eyreact

Privacy Policy

Effective Date: 1 June 2025

This Privacy Policy explains how Eyre AI Limited (“we”, “us”, or “our”) collects, uses, discloses, and safeguards your information when you visit or use our website, eyreACT.com (“Website”), and associated services in compliance with the European Union’s General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), the UK Privacy and Electronic Communications Regulations (PECR), and the upcoming EU Artificial Intelligence Act (AI Act).

1. Who We Are Eyre AI Limited is a UK-registered company developing eyreACT, a regulatory compliance platform for the EU AI Act. We are committed to protecting your privacy and handling your data transparently and lawfully.

2. Data We Collect We collect the following categories of personal data:

  • Identifiers: Name, email address, phone number, company name, and role.
  • Usage Data: IP address, browser type, pages visited, time spent, clicks, and referring URLs.
  • Communication Data: Email content, support messages, demo requests.
  • Consent Data: Opt-in preferences, cookie consent, waitlist sign-ups.

We do not collect sensitive personal data unless explicitly required and consented to.

3. How We Collect Data We collect data via:

  • Website forms (e.g., contact, waitlist, demo requests)
  • Newsletter subscriptions
  • Cookies and tracking technologies
  • Direct communication (e.g., emails, support chats)
  • Third-party integrations, where explicitly authorized

4. Legal Basis for Processing (GDPR) We rely on the following legal grounds:

  • Consent (Article 6(1)(a)): For email communications, cookies, and waitlist participation.
  • Contractual necessity (Article 6(1)(b)): To provide services or respond to demo or pilot requests.
  • Legitimate interests (Article 6(1)(f)): To improve services, engage in B2B communications, or prevent abuse.
  • Legal obligation (Article 6(1)(c)): When required by law or regulatory authorities.

5. How We Use Data We use your personal data to:

  • Provide access to eyreACT features and updates
  • Respond to requests and questions
  • Manage pilot programs and onboarding
  • Send product updates, newsletters, and relevant insights
  • Ensure compliance with applicable laws and AI Act obligations

6. Data Sharing and Disclosure We do not sell your personal data. We may share data with:

  • Trusted service providers (e.g., analytics, email delivery)
  • Legal or regulatory authorities where required
  • Partners involved in pilots or joint compliance programs, with consent

7. International Transfers Data is primarily processed in the European Economic Area (EEA). If transfers occur outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • UK Addendum to the SCCs
  • Data Processing Agreements (DPAs) with vendors

8. Your Rights Under GDPR You have the right to:

  • Access your data
  • Correct or update inaccurate data
  • Request data deletion
  • Object to processing
  • Withdraw consent
  • Data portability
  • Lodge a complaint with your Data Protection Authority (DPA)

To exercise your rights, contact: privacy@eyreact.com

9. CCPA Rights for California Residents You have the right to:

  • Know what personal data we collect and how we use it
  • Request deletion of your data
  • Opt-out of the sale (we do not sell data)
  • Non-discrimination for exercising privacy rights

10. Cookies and PECR We use cookies for essential functionality, analytics, and performance. You will be prompted to accept or manage cookies on first visit. Cookie preferences can be updated at any time.

11. Data Retention We retain data only for as long as needed to:

  • Fulfill the purposes outlined in this policy
  • Comply with legal obligations
  • Resolve disputes

12. Children’s Privacy Our services are not intended for children under 16. We do not knowingly collect personal data from minors.

13. AI Act Compliance As part of the eyreACT platform, we:

  • Log all AI system inputs and outputs for traceability
  • Maintain risk classification records
  • Support documentation and governance aligned with AI Act Annex III
  • Do not use personal data to train any public AI model

14. Security We implement organizational and technical measures, including encryption, access controls, and regular audits, to protect your data.

15. Contact Us Eyre AI Limited
[Insert company address]
Email: privacy@eyreact.com

For regulatory matters or to exercise your rights, contact our Data Protection Officer (DPO) at the same email.

Updates to This Policy We may update this policy to reflect changes in law or our services. We will notify users of significant changes and update the “Effective Date” accordingly.

Thank you for trusting eyreACT with your data.