Privacy Policy

1. Introduction

Welcome to Regulus ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered UK tax guidance service.

Regulus is based in the United Kingdom and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy should be read together with our:

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, password (encrypted)
Payment Information: Processed securely by Stripe (we do not store full card details)
Tax Questions: The questions you ask our AI assistant
Conversation History: Your interactions with our AI system

2.2 Information We Collect Automatically

Usage Data: How you interact with our service, features used, pages visited
Device Information: Browser type, operating system, IP address
Cookies: Session cookies for authentication and functionality
Log Data: Error logs, performance metrics (anonymized)

3. How We Use Your Information

We use your personal data for the following purposes:

Provide Our Service: Process your tax questions and deliver AI-generated responses
Account Management: Create and manage your account, handle authentication
Billing: Process payments, send invoices, manage subscriptions
Communication: Send service updates, payment notifications, important announcements
Improvement: Analyse usage patterns to improve our AI and service quality
Security: Detect and prevent fraud, abuse, and security incidents
Legal Compliance: Comply with legal obligations and respond to lawful requests

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

Contract Performance: Processing necessary to provide our service (Article 6(1)(b))
Legitimate Interests: Service improvement, fraud prevention (Article 6(1)(f))
Legal Obligation: Compliance with tax, financial, and data protection laws (Article 6(1)(c))
Consent: Marketing communications (where applicable) (Article 6(1)(a))

5. Data Sharing and Third Parties

We share your data only with trusted third parties necessary for our service:

5.1 Service Providers

Stripe: Payment processing (PCI DSS compliant)
OpenAI: AI-powered tax guidance processing
Cloud Hosting: Secure data storage and application hosting
Email Service: Transactional emails and notifications

5.2 Legal Requirements

We may disclose your data when required by law, court order, or to protect our rights and safety.

5.3 No Data Selling

We never sell, rent, or trade your personal data to third parties for marketing purposes.

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise your rights: Visit your account settings or contact us at privacy@regulus.ai

7. Data Retention

We retain your data for the following periods:

Account Data: While your account is active
Conversation History: While your account is active
After Cancellation: 90 days (then permanently deleted)
Financial Records: 7 years (legal requirement)
Logs and Analytics: 3 months maximum

You can request immediate deletion of your data at any time (except where legally required to retain).

8. Data Security

We implement industry-standard security measures to protect your data:

Encryption: All data transmitted over HTTPS (TLS 1.3)
Password Security: Passwords are hashed using bcrypt
Access Controls: Role-based access and authentication
Regular Backups: Server-level backups configured by hosting provider
Payment Security: Stripe PCI DSS Level 1 compliance

9. Cookies and Tracking

🍪 For complete cookie information, please see our Cookie Policy.

We use essential cookies for:

Authentication: Keep you logged in securely
Session Management: Maintain your session state
Security: CSRF protection and fraud prevention

We do not use third-party advertising or tracking cookies. All cookies are first-party and essential for service functionality.

10. Children's Privacy

Regulus is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. International Data Transfers

Your data is processed within the UK and EEA. If we transfer data outside the UK/EEA, we ensure adequate safeguards through Standard Contractual Clauses (SCCs) or other approved mechanisms.

OpenAI Processing: Your tax questions are processed by OpenAI (US-based) under their data processing agreement and GDPR-compliant terms.

12. Automated Decision-Making

Our AI system provides tax guidance based on automated processing. However, you should always:

Verify information with official sources
Consult a qualified tax professional for specific advice
Not rely solely on AI-generated responses for important decisions

You have the right to request human review of any AI-generated guidance.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via:

Email notification to your registered address
Notice on our website and dashboard
Updated "Last Updated" date at the top of this page

Your continued use of Regulus after changes constitutes acceptance of the updated policy.

14. Contact Information

Data Controller: Regulus Ltd
Email: privacy@regulus.ai
Data Protection Officer: dpo@regulus.ai

Information Commissioner's Office (ICO):
If you have concerns about how we handle your data, you can lodge a complaint with the ICO:
https://ico.org.uk/make-a-complaint/