← Back
Terms & ConditionsPrivacy PolicyData Processing AgreementAcceptable Use PolicyService Level Terms

Privacy Policy

Last updated: March 2026

1. Introduction

AuditEvidenceAI Ltd is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with the AuditEvidenceAI platform. We are a data controller for personal data relating to our users and prospects. This Policy is governed by UK GDPR and the Data Protection Act 2018.

2. Data We Collect

2.1 Account and User Data

Full name; email address; organisation name and role; account credentials (passwords are hashed and never stored in plain text); subscription and billing information (processed by our payment provider).

2.2 Platform Usage Data

AI systems, decisions, and evidence pack content you create on the Platform; audit log entries; uploaded supporting evidence and documentation; generated PDF outputs.

2.3 Technical Data

IP address; browser type and version; device information; session data and cookies; usage analytics.

2.4 Communications Data

Emails and messages you send to us; support requests and feedback.

3. How We Use Data

We use your personal data to:

  • Provide, operate, and maintain the Platform
  • Create and manage your user account
  • Process subscription payments
  • Send service notifications
  • Provide customer support
  • Improve and develop the Platform using aggregated anonymised analytics
  • Comply with legal obligations
  • Detect and prevent fraud or misuse

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

  • Contract performance — processing necessary to provide the Platform services
  • Legitimate interests — improving the Platform and preventing fraud
  • Legal obligation — where required by applicable law
  • Consent — where specifically requested, which you may withdraw at any time

5. Data Storage and Infrastructure

The Platform is hosted on cloud infrastructure provided by Supabase (database and authentication services). Data is stored in secure data centres. Where possible, we configure infrastructure to store data within the United Kingdom or European Economic Area. Supabase implements industry-standard security controls including encryption at rest and in transit. We may also use sub-processors for payment processing, email delivery, and analytics. A current list of sub-processors is available on request.

6. Data Sharing

We do not sell your personal data. We share personal data only:

  • With sub-processors necessary to provide the Platform
  • Where required by law, regulation, or court order
  • To protect the rights, property, or safety of AuditEvidenceAI Ltd, our users, or the public
  • In connection with a merger or acquisition where the recipient agrees to honour this Policy

We do not share personal data with third parties for advertising or marketing purposes.

7. International Transfers

Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place including adequacy decisions from the UK ICO, International Data Transfer Agreements (IDTAs), or equivalent standard contractual clauses. Contact hello@auditevidence.ai for further information.

8. Data Retention

We retain personal data only as long as necessary:

  • Account data — for the duration of your account plus 30 days following closure
  • Platform content — for the duration of your subscription plus 30 days following termination
  • Billing records — 7 years in accordance with UK tax obligations
  • Support communications — 2 years

We will securely delete or anonymise personal data when no longer required.

9. Your Rights (UK GDPR)

Under UK GDPR you have the right of access; right to rectification; right to erasure; right to restrict processing; right to data portability; right to object; and rights related to automated decision-making.

To exercise any right, contact hello@auditevidence.ai. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.

10. Security Measures

We implement appropriate technical and organisational measures including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Hashed password storage
  • Role-based access controls
  • Regular security assessments
  • Incident response procedures

No data transmission over the internet can be guaranteed entirely secure.

11. Cookies

The Platform uses essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies. Analytics, where used, are based on aggregated anonymised data. You can manage cookie preferences through your browser settings.

12. Contact Details

Data controller: AuditEvidenceAI Ltd. Email: hello@auditevidence.ai. Website: auditevidenceai.com. For data protection enquiries, please email with “Data Protection” in the subject line.

13. Updates

We may update this Privacy Policy from time to time. Material changes will be notified to users by email or via a notice on the Platform at least 14 days before they take effect.