Skip to main content
AI Governance Hub
Log inGet started

Legal Review in Progress

This Privacy Policy is currently under legal review and will be finalized before public launch. Last updated: 15 February 2026

Privacy Policy

Last updated: 15 February 2026

1. Introduction

AI Governance Hub ("we", "our", or "us") is operated by ITNextGen Limited. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform (aigovernancehub.uk).

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

ITNextGen Limited
Company Number: 15698623
Registered Office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

3. Information We Collect

3.1 Account Information

  • Email address
  • Organization name
  • Password (encrypted)
  • Subscription tier and billing information

3.2 AI System Data

  • AI system details (name, purpose, vendor, deployment date)
  • Risk assessment responses and scores
  • AI Impact Assessment (AIIA) content
  • Compliance checklist responses
  • Uploaded documents and metadata

3.3 Usage Data

  • Log data (IP address, browser type, pages visited)
  • Analytics data (feature usage, session duration)
  • Error reports and diagnostic information

4. How We Use Your Information

We use your personal information to:

  • Provide and maintain the AI Governance Hub platform
  • Process your subscription and payments
  • Send service updates and security notifications
  • Improve our platform through analytics (anonymized where possible)
  • Comply with legal obligations
  • Detect and prevent fraud or security incidents

5. Legal Basis for Processing (UK GDPR)

  • Contract: Processing necessary to fulfill our service agreement with you
  • Consent: Marketing communications (opt-in required)
  • Legal Obligation: Tax, accounting, and regulatory compliance
  • Legitimate Interests: Platform security, fraud prevention, and service improvement

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Upon account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law (e.g., financial records for 7 years).

7. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption at rest
  • TLS 1.2+ encryption in transit
  • Row-Level Security (RLS) in our database
  • Regular security audits and penetration testing
  • Access controls and audit logging

8. Data Sharing and Third Parties

We share your data only with:

  • Supabase (Database): UK/EU data centers, GDPR-compliant
  • Stripe (Payments): PCI-DSS Level 1 certified payment processor
  • Vercel (Hosting): CDN and hosting infrastructure
  • Resend (Email): Transactional email delivery
  • PostHog (Analytics): Privacy-focused analytics (anonymized)

We do not sell your personal information to third parties.

9. Your Rights (UK GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Opt out of marketing communications

To exercise these rights, contact us at privacy@aigovernancehub.uk

10. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

11. International Data Transfers

Your data is stored in UK/EU data centers. If data is transferred outside the UK/EU, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses).

12. Children's Privacy

AI Governance Hub is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform.

14. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@aigovernancehub.uk
Address: AI Governance Hub, c/o ITNextGen Limited, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

15. Complaints

If you believe we have not handled your personal information correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ICO: ico.org.uk/make-a-complaint