Skip to main content
AI Governance Hub
Log inGet started

Legal Review in Progress

This Privacy Policy is currently under legal review and will be finalized before public launch. Last updated: 10 April 2026

Privacy Policy

Last updated: 10 April 2026

1. Introduction

AI Governance Hub ("we", "our", or "us") is operated by ITNextGen Limited. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform (aigovernancehub.uk).

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

ITNextGen Limited
Company Number: 15698623
Registered Office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

3. Information We Collect

3.1 Account Information

  • Email address
  • Organization name
  • Password (encrypted)
  • Subscription tier and billing information

3.2 AI System Data

  • AI system details (name, purpose, vendor, deployment date)
  • Risk assessment responses and scores
  • AI Impact Assessment (AIIA) content
  • Compliance checklist responses
  • Uploaded documents and metadata

3.3 Usage Data

  • Log data (IP address, browser type, pages visited)
  • Analytics data (feature usage, session duration)
  • Error reports and diagnostic information
  • Beta agreement acceptance records (version accepted, acceptance date, IP address, user agent)

4. How We Use Your Information

We use your personal information to:

  • Provide and maintain the AI Governance Hub platform
  • Process your subscription and payments
  • Send service updates and security notifications
  • Improve our platform through analytics (anonymized where possible)
  • Comply with legal obligations
  • Detect and prevent fraud or security incidents

5. Legal Basis for Processing (UK GDPR)

  • Contract: Processing necessary to fulfill our service agreement with you
  • Consent: Marketing communications (opt-in required)
  • Legal Obligation: Tax, accounting, and regulatory compliance
  • Legitimate Interests: Platform security, fraud prevention, and service improvement

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Upon account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law (e.g., financial records for 7 years).

7. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption at rest
  • TLS 1.2+ encryption in transit
  • Row-Level Security (RLS) in our database
  • Access controls and audit logging
  • Planned third-party penetration testing and security certifications (see our Security Policy)

8. Data Sharing and Third Parties

We share your data only with:

  • Supabase (Database): UK/EU data centers, GDPR-compliant
  • Stripe (Payments): PCI-DSS Level 1 certified payment processor
  • Vercel (Hosting): CDN and hosting infrastructure
  • Resend (Email): Transactional email delivery
  • PostHog (Analytics): Privacy-focused analytics (anonymized)
  • Anthropic (AI Features): Some platform features (knowledge base curation, regulatory intelligence, policy assistance, support chat) use Claude by Anthropic. Only regulatory content and minimal system configuration context is sent — your personal data, risk assessments, AIIA content, and uploaded documents are not included. See our AI Transparency Statement for full details.

We do not sell your personal information to third parties.

9. Your Rights (UK GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Opt out of marketing communications

To exercise any of these rights, contact us at privacy@aigovernancehub.uk. We will respond within 30 days.

10. How to Request Data Deletion

You have the right to request the deletion of all personal data we hold about you (UK GDPR Article 17). To submit a deletion request:

  1. Email privacy@aigovernancehub.uk with the subject line "Data Deletion Request"
  2. Include the email address associated with your account
  3. We will acknowledge your request within 5 business days
  4. We will complete deletion within 30 days of your request

What gets deleted: Your account, AI system records, risk assessments, AIIA documents, compliance data, uploaded files, and all associated personal data.

What we retain: Anonymised aggregate usage data; financial transaction records required by law (up to 7 years, as per HMRC requirements); and any data we are legally obliged to keep.

We will confirm in writing when deletion is complete. If you have an active paid subscription, please cancel it before submitting a deletion request (Settings → Subscription → Cancel).

11. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

12. International Data Transfers

Your data is stored in UK/EU data centers. If data is transferred outside the UK/EU, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses).

13. Children's Privacy

AI Governance Hub is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform.

15. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@aigovernancehub.uk
Address: AI Governance Hub, c/o ITNextGen Limited, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

16. Complaints

If you believe we have not handled your personal information correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ICO: ico.org.uk/make-a-complaint