Legal
Privacy Policy
Last updated 2 June 2026
This Privacy Policy explains how nanosophia (“nanosophia”, “we”, “us” or “our”), a company registered in England and Wales (Company No. 17250136), collects, uses and protects personal data when you use the nanosophia platform and related services (the “Service”). We are the data controller in respect of the personal data described below. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Personal data we collect
- Account data — your name, email address, password (stored in hashed form) and team details.
- Content you provide — the documents, files and data you upload for analysis, which may incidentally contain personal data.
- Usage & technical data — log data, device and browser information, IP address, and information about how you interact with the Service.
- Billing data — where you make payments, transaction records and limited details processed by our payment provider (we do not store full card details).
2. How we use personal data
We use personal data to:
- provide, operate, maintain and secure the Service;
- process the documents and data you submit, including using AI and automated processing to extract, analyse and generate outputs;
- manage your account, authenticate you and provide support;
- process payments and administer billing;
- improve and develop the Service, monitor performance and prevent fraud and abuse; and
- comply with our legal obligations.
3. Legal bases for processing
We rely on the following legal bases under UK GDPR: contract, where processing is necessary to provide the Service to you; legitimate interests, to operate, secure and improve the Service (balanced against your rights); consent, where we ask for it (for example, certain communications), which you may withdraw at any time; and legal obligation, where we are required to process data by law.
4. AI & automated processing
The Service uses AI models and automated processing to analyse the content you submit. We do not use your content to train third-party, publicly available foundation models, and we work with AI providers under terms designed to prevent your content being retained or used to train their models beyond what is needed to return a result to you. The Service does not make decisions producing legal or similarly significant effects about individuals; its outputs are decision support tools intended to be reviewed by you. AI outputs may be inaccurate or incomplete — please see our Terms & Conditions for details.
5. Sharing & sub-processors
We share personal data with trusted service providers who process it on our behalf to deliver the Service, including cloud hosting and database providers, AI model and inference providers, and payment processors. These providers act under contract and may only process data on our instructions. We may also disclose data where required by law, to enforce our agreements, or in connection with a corporate transaction. We do not sell your personal data.
6. International transfers
Some of our providers may process data outside the UK. Where personal data is transferred internationally, we put in place appropriate safeguards (such as the UK International Data Transfer Agreement or Addendum to the EU Standard Contractual Clauses) to ensure your data remains protected.
7. Data retention
We retain personal data and uploaded content for as long as your account is active and as needed to provide the Service, and thereafter only as required to meet legal, accounting or reporting obligations or to resolve disputes. You may delete projects and content within the Service, and may request deletion of your account.
8. Security
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls and tenant isolation. No system is completely secure, and we cannot guarantee absolute security of data transmitted to or stored by the Service.
9. Your rights
Subject to applicable law, you have the right to access, rectify or erase your personal data; to restrict or object to processing; to data portability; and to withdraw consent where processing is based on consent. To exercise these rights, contact us using the details below. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk, although we would welcome the chance to address your concerns first.
10. Cookies
We use cookies and similar technologies that are strictly necessary to operate the Service (for example, to keep you signed in) and, where applicable, to understand usage and improve the Service. You can manage cookies through your browser settings.
11. Changes to this policy
We may update this Privacy Policy from time to time. Where changes are material we will take reasonable steps to notify you. The “last updated” date above reflects the latest revision.
12. Contact
For any privacy questions or to exercise your rights, contact us at hello@nanosophia.com.