Privacy Policy

Effective date: 1 June 2026

1. Introduction & Scope

AIRiver (“we”, “us”, or “our”) operates the AIRiver platform, which provides AI model discovery, professional certification management, agent building, and credential verification services (collectively, the “Service”). This Privacy Policy explains how we collect, use, store, and share information about you when you access or use the Service.

By using the Service you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account data: When you register we collect your name, email address, password (hashed), and any profile information you choose to provide (role, organisation, avatar).

Usage data: We automatically log IP addresses, browser type, operating system, pages visited, click-through paths, session duration, and referring URLs.

Chat & agent content: Prompts you send via the Chat Hub or Agent Builder, model responses returned to you, conversation history, and any files you upload.

Certificate data: Professional credentials you submit for certification, verification results, share codes, and blockchain transaction references.

Cookies & local storage: Session tokens, appearance preferences, and authentication state stored in your browser.

3. How We Use Your Information

• To provide, operate, and improve the Service.
• To process AI chat and agent requests by forwarding prompts to third-party model providers.
• To issue, store, and verify professional certificates.
• To send transactional emails (account activation, password reset, certificate issuance).
• To produce aggregated, anonymised analytics about platform usage.
• To detect and prevent fraud, abuse, or security incidents.
• To comply with legal obligations.

4. AI Processing & Model Providers

The Service proxies your prompts to third-party AI model providers (such as OpenAI, Anthropic, Google, and others listed in the Marketplace). Your prompt text and any attached context are transmitted to the selected provider for inference. Each provider's own privacy policy governs how they handle that data. We do not sell your prompt data to providers; transmission is solely for the purpose of returning a model response to you.

Model response content is stored in our database to enable conversation history, token accounting, and certificate evidence trails. You may request deletion of your conversation history at any time (see Section 8).

5. Cookies & Tracking

We use essential cookies and browser local storage to maintain your session and remember your appearance preferences. We do not use third-party advertising cookies. Analytics are collected using server-side logs; no third-party analytics script is loaded on the page. You may clear your browser storage at any time, which will log you out.

6. Data Sharing

We share personal data only in the following circumstances:

• Service providers:Azure (cloud hosting & blob storage), PostgreSQL database host, Redis cache provider, and email delivery provider — all under data processing agreements.
• AI model providers: As described in Section 4.
• Legal requirements: Where required by law, court order, or to protect our rights.
• Business transfers: In the event of a merger, acquisition, or asset sale, data may be transferred to the successor entity, with prior notice to you.

We do not sell your personal data to third parties.

7. Data Retention & Security

We retain account data for as long as your account is active or as needed to provide the Service. Conversation history is retained for 24 months by default; you may request earlier deletion. Certificate records are retained indefinitely to support verification requests by third parties.

All data is encrypted in transit using TLS 1.2+. Files stored in Azure Blob Storage are encrypted at rest. Access to production databases is restricted to authorised personnel via role-based access control and MFA-protected accounts.

8. Your Rights

Depending on your jurisdiction you may have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data (“right to be forgotten”); receive a machine-readable export of your data (portability); restrict or object to processing; and withdraw consent where processing is consent-based.

EEA and UK residents may also lodge a complaint with their local supervisory authority. California residents have additional rights under the CCPA, including the right to know categories of personal information sold (we do not sell personal information).

To exercise any right, email us at info@consultancyoutfit.co.uk. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we discover we have collected data from a child under 16 we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or an in-app notice at least 14 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

11. Contact

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: info@consultancyoutfit.co.uk
• Post: AIRiver Ltd, Data Protection Officer, [Registered Address]