Ai-Verify

1. Data Controller

EdvanceIQ Limited is the data controller responsible for your personal data. We are registered in England and Wales.

Contact:

Email: support@edvanceiq.com

Website: ai-verify.co.uk

2. Personal Data We Collect

2.1 Account Information

Name and email address (via Auth0 authentication)
Account credentials and authentication tokens
Organisation details (if applicable)
Subscription tier and payment information

2.2 Audit Data

Apprenticeship documentation (PDF files)
Apprentice names and employers
Audit results and compliance assessments
Audit history and usage statistics

2.3 Technical Data

IP addresses
Browser type and version (user agent)
Device information
Session data and cookies
Usage logs and analytics

2.4 Disclaimer Acknowledgments

Timestamp of acknowledgment
IP address at time of acknowledgment
User agent (browser/device information)
Trigger reason (e.g., first registration, periodic reminder)

3. Legal Basis for Processing

We process your personal data under the following legal bases:

Contract Performance: To provide the AiVerify service to you
Legitimate Interests: To improve our service, prevent fraud, and ensure security
Legal Obligation: To comply with accounting, tax, and regulatory requirements
Consent: Where you have explicitly consented (e.g., marketing communications)

4. How We Use Your Personal Data

To provide and maintain the AiVerify service
To process audit documents using AI technology
To manage your account and subscription
To process payments and issue invoices
To provide customer support
To improve our service and develop new features
To comply with legal obligations and enforce our terms
To track compliance with AI disclaimer acknowledgments

5. Data Processing Locations

Where Your Data is Processed

🇬🇧 UK-Based Infrastructure:

Database: Supabase (AWS eu-west-2, London, UK)
Application Hosting: Vercel (AWS eu-west-2, London, UK)
User data, audit records, and documents are stored in the UK

🌍 Third-Party Services:

Authentication: Auth0 (US/EU with GDPR compliance)
AI Processing: Azure OpenAI (UK South region)
Payments: Stripe (US-based with UK/EU compliance)

Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the UK ICO
EU-US Data Privacy Framework compliance (where applicable)
Adequacy decisions under UK GDPR

6. Data Sharing

We do not sell your personal data. We may share your data with:

Service Providers: Auth0 (authentication), Supabase (database), Vercel (hosting), Azure OpenAI (AI processing), Stripe (payments)
Legal Requirements: When required by law, court order, or regulatory authority
Business Transfers: In the event of a merger, acquisition, or sale of assets
Organisation Admins: If you're part of an organisation, admins may see your usage data

7. Data Retention

We retain your personal data for as long as necessary to provide the service and comply with legal obligations:

Account Data: Until account deletion plus 30 days
Audit Records: 7 years (UK accounting and regulatory requirements)
Payment Records: 7 years (UK tax law)
Disclaimer Acknowledgments: 7 years (compliance and legal protection)
Technical Logs: 90 days

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements)
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Where processing is based on consent
Right to Lodge a Complaint: File a complaint with the UK Information Commissioner's Office (ICO)

To exercise any of these rights, contact us at support@edvanceiq.com. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

Encryption in transit (TLS/HTTPS) and at rest
Secure authentication via Auth0 with industry-standard protocols
Row-level security (RLS) policies in our database
Regular security audits and vulnerability assessments
Access controls and staff training
Incident response procedures

While we take security seriously, no system is 100% secure. You are responsible for keeping your account credentials confidential.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies: Required for authentication and service functionality
Analytics: To understand how you use our service (anonymised where possible)
Preferences: To remember your settings

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

11. Children's Privacy

AiVerify is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the service. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

EdvanceIQ Limited

For privacy-related questions, data subject access requests, or complaints: