Legal Framework
Privacy Policy
How AcronIQ collects, uses, and protects your personal data — written plainly and completely.
Effective date: 22 April 2026
1. Who We Are
AcronIQ Limited (“AcronIQ”, “we”, “our”, “us”) is the data controller responsible for all personal data collected through our website at acroniq.co.uk and our platforms (AcronIQ Prism and future AcronIQ products).
- Company name: AcronIQ Limited
- Company number: SC882057 (registered in Scotland)
- Registered address: 5 South Charlotte Street, Edinburgh, EH2 4AN
- Contact: hello@acroniq.co.uk
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As data controller, we determine the purposes and means of processing your personal data, and we are accountable for handling it lawfully, fairly, and transparently.
2. What Personal Data We Collect
We collect the minimum data necessary to provide and improve our services. The categories below describe what we collect, why we collect it, and how it arises.
Identity Data
Your name and email address, collected when you register for the Early Access Programme, submit a contact form, or create a platform account. This is the minimum information needed to identify you as a user and communicate with you.
Usage Data
Records of how you use our platforms: which features you access, files you upload, analyses you generate, and actions you take within the product. This data helps us understand what is working, identify bugs, and improve the experience. It is processed under our legitimate interests and, where applicable, under our contract with you.
Technical Data
Your IP address, browser type and version, operating system, device type, screen resolution, referring URL, and session identifiers. This data is collected automatically when you visit our website or use our platforms. It is used to maintain security, diagnose technical issues, and understand aggregate traffic patterns across the product.
Communications Data
The content of emails and messages you send us, including support requests, feedback, Early Access Programme applications, and any other correspondence. We retain this to respond to your enquiries and maintain an accurate record of our relationship with you.
Uploaded and Processed Data
When you use a platform such as Prism, you may upload datasets, documents, or structured files for analysis. This data belongs to you. We process it only to deliver the analytical outputs you have requested. We do not inspect it for purposes beyond service delivery, and we do not use it to train AI models. See Section 4 for full details of AI processing.
3. How We Use Your Data and Our Lawful Basis
Under UK GDPR we must have a lawful basis for every processing activity. The table below maps each purpose to its legal basis and explains what that means in practice.
| Purpose | Lawful Basis |
|---|---|
| Providing you with platform access and the services you have requested | Performance of contract |
| Sending Early Access confirmations and onboarding communications | Performance of contract |
| Improving our platforms by analysing aggregated usage patterns | Legitimate interests |
| Sending marketing communications where you have opted in | Consent |
| Complying with legal and regulatory obligations | Legal obligation |
| Fraud prevention, security monitoring, and abuse detection | Legitimate interests |
Where we rely on legitimate interests, we have assessed that our interest does not override your rights and freedoms. You may object to processing carried out on this basis at any time; see Section 8 for your rights.
Where we rely on consent, you may withdraw it at any time by emailing hello@acroniq.co.uk. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
4. AI Processing Disclosure
Important — please read this section carefully
AcronIQ platforms use artificial intelligence to analyse data you upload and generate reports, summaries, and analytical outputs. This section discloses exactly how that works and who is involved.
What AI processing we perform
- Data analysis: Automated analysis of structured files, datasets, and documents you upload to identify trends, patterns, and anomalies relevant to your query.
- Report generation: Generation of plain-language summaries, charts, and analytical reports from your data and query inputs.
- Conversational analysis: Natural language query processing that allows you to ask questions of your data and receive structured answers.
Third-party AI providers
To deliver AI-powered analysis, we route queries through third-party AI infrastructure providers. Your data is transmitted to these providers when you use AI features. All providers are contractually prohibited from using your data to train their models.
| Provider | Role | Privacy Policy |
|---|---|---|
| OpenRouter Technologies Inc | Routes AI queries to underlying language model providers on our behalf | openrouter.ai/privacy |
| Meta Platforms, Inc. | Provides the Llama family of language models (accessed via OpenRouter) — used for strategic analysis and data modes | ai.meta.com/privacy |
| Google LLC | Provides Gemma and Gemini language models (accessed via OpenRouter) — used for operations, support, and production analysis | policies.google.com/privacy |
| Mistral AI SAS | Provides Mistral Small language models (accessed via OpenRouter) — used for data and finance modes | mistral.ai/privacy |
| NVIDIA Corporation | Provides Nemotron language models (accessed via OpenRouter) — used for assistant mode | nvidia.com/privacy |
| OpenAI, LLC | Provides AI script generation and text-to-speech audio synthesis for the Prism video export feature | openai.com/privacy |
Note: OpenAI, LLC only receives data when you use the video export feature in Prism. Users who do not export videos have no data transmitted to OpenAI. All other AI processing is routed through OpenRouter to the model providers listed above.
Your data is not used to train AI models
Neither AcronIQ nor our AI providers use your uploaded data, query inputs, or analysis outputs to train, fine-tune, or improve any AI model. Your data is processed solely to deliver the specific analytical output you have requested, and is not retained by AI providers beyond the processing window.
No automated decisions affecting your legal rights
AcronIQ produces advisory analytical outputs only. No automated decision with a legal or similarly significant effect is made about you solely by AI. All outputs are presented as analytical tools and require human review before any consequential action is taken.
Lawful basis for AI processing
AI processing of your uploaded data is carried out under performance of contract (Article 6(1)(b) UK GDPR) — it is the core function of the service you requested. You may contact us at hello@acroniq.co.uk if you wish to restrict AI processing of your data.
5. Who We Share Your Data With
We share your personal data only where necessary to operate our services or comply with the law. We do not sell your data to any third party under any circumstances.
Infrastructure and hosting providers
The following providers process data on our behalf as data processors, bound by contractual obligations to protect your data and use it only on our instructions:
- Railway — Application hosting and infrastructure. Your data is processed on Railway's servers when you interact with our backend services.
- Cloudflare — Network security, DDoS protection, CDN delivery, and analytics. Cloudflare processes connection metadata to protect the website from abuse and serve content efficiently.
- Supabase — Database storage and authentication. Your account data and platform data are stored in Supabase's hosted PostgreSQL infrastructure.
AI providers
OpenRouter Technologies Inc routes your query inputs and uploaded data to underlying model providers (Meta, Google, Mistral AI, NVIDIA) when you use AI analysis features. OpenAI, LLC receives analytical output derived from your uploaded data when you use the video export feature in Prism. This is described fully in Section 4.
Legal authorities
We may disclose personal data to law enforcement, regulatory bodies, or courts where required by law, court order, or to protect the rights, property, or safety of AcronIQ, our users, or the public.
6. International Data Transfers
Some of our service providers operate outside the United Kingdom. Where personal data is transferred to countries that do not benefit from a UK adequacy decision, we ensure transfers are protected by Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or by another appropriate safeguard recognised under UK GDPR.
In particular, OpenRouter Technologies Inc, Meta Platforms Inc, Google LLC, NVIDIA Corporation, and OpenAI, LLC are incorporated in the United States. Mistral AI SAS is incorporated in France (European Union). Transfers to US-based providers are covered by Standard Contractual Clauses approved by the ICO. Transfers to Mistral AI SAS are covered by the UK's adequacy regulations for EEA countries. You may request details of the safeguards in place by emailing hello@acroniq.co.uk.
7. How Long We Keep Your Data
We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by law. The table below sets out our standard retention periods.
| Data Category | Retention Period |
|---|---|
| Account data (name, email, profile) | Duration of account plus 2 years after closure |
| Uploaded datasets and files | Deleted within 30 days unless explicitly saved by you |
| Usage and analytics data | 12 months from collection |
| Communications and correspondence | 3 years from the date of communication |
At the end of any retention period, data is securely deleted or anonymised. Where we are required by law or legitimate business need to retain data beyond these periods, we will inform you of the extended retention and the reason for it.
8. Your Rights Under UK GDPR
You have the following rights in relation to your personal data. To exercise any of them, contact us at hello@acroniq.co.uk. We will respond within one month as required by law.
Right of access
You may request a copy of all personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this in a structured, machine-readable format within one month.
Right to rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected without undue delay.
Right to erasure (“right to be forgotten”)
You may request deletion of your personal data where: there is no compelling reason for continued processing; you withdraw consent and there is no other lawful basis; you object and we have no overriding legitimate interests; or the data was unlawfully processed.
Right to restrict processing
You may request that we limit how we process your data in certain circumstances, such as while we verify the accuracy of data you have disputed.
Right to object
You may object at any time to processing based on legitimate interests (including profiling) or to direct marketing. Where you object to marketing, we will stop immediately. Where you object to legitimate-interests processing, we will stop unless we can demonstrate compelling grounds that override your interests.
Right to data portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to complain to the ICO
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would appreciate the opportunity to address your concerns first — please contact us at hello@acroniq.co.uk before escalating.
9. Children
Our services are not designed for, marketed to, or directed at individuals under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that a child under 13 has provided personal data to us, we will delete that data promptly. If you believe your child has submitted data to us, please contact us at hello@acroniq.co.uk.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal obligations, or regulatory guidance. The effective date at the top of this page will be updated whenever changes are made.
Where changes are material — meaning they significantly affect how we use your data or your rights — we will notify you by email (if you have an account) or by placing a prominent notice on our website before the change takes effect. Non-material corrections and clarifications will be made without specific notice.
Contact
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:
- AcronIQ Limited (Company No. SC882057)
- 5 South Charlotte Street, Edinburgh, EH2 4AN
- hello@acroniq.co.uk