Privacy Policy

1. Introduction & Data Controller

Petrion AI (“we”, “our”, “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website at petrionai.com and interact with our services.

Petrion AI is the data controller for personal data collected through this website, as defined under the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR 2016/679), and the UK Data Protection Act 2018.

If you have any questions about this policy or your personal data, please contact us at: office@petrionai.com

2. What Data We Collect

Data You Provide Directly

• Contact form submissions: name, email address, company name, project budget, service interest, and project description
• AI audit request forms: name, email address, company name, industry, and business description
• Email correspondence: any information you include when contacting us directly

Data Collected Automatically

• Technical data: IP address, browser type and version, operating system, device type
• Usage data: pages visited, time spent on pages, referring website, click patterns
• Cookies: see Section 8 for details on our cookie usage

Data We Do Not Collect

We do not collect special category (sensitive) personal data, such as information about your racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

3. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data on the following legal bases:

• Consent (Article 6(1)(a)): When you voluntarily submit a contact form or audit request, you consent to us processing your data to respond to your inquiry.
• Legitimate interest (Article 6(1)(f)): We have a legitimate interest in responding to inquiries, improving our website and services, and ensuring the security of our platform.
• Performance of a contract (Article 6(1)(b)): When processing is necessary to provide the services you have requested or to take pre-contractual steps at your request.

4. How We Use Your Data

We use your personal data for the following purposes:

• To respond to your inquiry, typically within 24 hours
• To prepare AI audit reports when you request a free assessment
• To send you relevant information about our services, only where you have given consent
• To improve our website, user experience, and services
• To comply with legal obligations

We do not sell, rent, or trade your personal data to any third parties for marketing purposes.

5. Data Sharing

We may share your personal data with:

• Trusted service providers: We work with carefully selected third-party providers (such as email hosting, CRM, and cloud infrastructure) who process data on our behalf. These providers are bound by data processing agreements and are required to comply with GDPR.
• Legal requirements: We may disclose your data if required to do so by law, by a court order, or in response to a valid request from a law enforcement authority.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the business, subject to the same privacy protections.

We do not sell personal data to third parties.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Contact form data: retained for 24 months from the date of submission, then securely deleted
• AI audit request data: retained for 36 months, as audit data may be referenced in ongoing service discussions
• Website analytics data: retained for 26 months in anonymised or aggregated form

You may request deletion of your data at any time by contacting us at office@petrionai.com. We will process your request within 30 days.

7. Your Rights

Under the GDPR (Articles 15–22) and UK Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of access (Article 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Article 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Article 17): You may request deletion of your personal data (the “right to be forgotten”), subject to applicable legal exceptions.
• Right to restrict processing (Article 18): You may request that we limit how we use your data in certain circumstances.
• Right to data portability (Article 20): You may request a machine-readable copy of the data you provided to us.
• Right to object (Article 21): You may object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

How to Exercise Your Rights

To exercise any of these rights, please email us at office@petrionai.com. We will respond to your request within 30 days, as required by law.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:

• UK residents: Contact the Information Commissioner’s Office (ICO) at ico.org.uk or by phone at 0303 123 1113.
• EU residents: Contact your national data protection authority. A list is available at edpb.europa.eu.

8. Cookies

Our website uses cookies — small text files placed on your device — to help us provide a better experience.

Types of Cookies We Use

• Essential cookies: Required for the website to function correctly (e.g., language preference). These cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our website, such as pages visited and time spent. Data is collected in anonymised form.

Managing Cookies

You can control and delete cookies through your browser settings. Please note that disabling certain cookies may affect website functionality. For instructions on managing cookies in common browsers:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

9. International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the United Kingdom and the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreements (IDTAs) where required
• Transfers to countries recognised as providing adequate data protection

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (HTTPS/TLS)
• Access controls and authentication for systems containing personal data
• Regular review of our security practices
• Data processing agreements with all third-party service providers

While we take all reasonable steps to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page.

We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes acceptance of the updated policy.

12. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

• Email: office@petrionai.com
• Company: Petrion AI