Privacy & Data Sovereignty Policy

Last Updated: February 2026

At AI Factory Labs, we believe that autonomous capability requires absolute trust. We are building the “SafeAI” infrastructure for the enterprise, which means your data privacy and sovereignty are not just compliance checkboxes—they are the core engineering principles of our platform.

This Privacy Policy explains how AI Factory Labs Ltd (“we”, “us”, “our”) collects, uses, and protects your data when you use our website (aifactorylabs.io) and our suite of AI agents (e.g., AirSafeAI, AMLSafeAI, SEAT).

1. The "No-Training" Guarantee (AI Safety)

We know the biggest risk in Enterprise AI is data leakage into public models. To address this, we adhere to a strict Data Sovereignty Standard:

  • No Public Model Training: We do not use your proprietary data, uploaded documents (PDFs, CSVs), or prompts to train, fine-tune, or improve public foundation models (such as OpenAI’s GPT-4, Anthropic’s Claude, or Google’s Gemini).
  • Data Isolation: Your data is processed in logically isolated environments. Vector embeddings generated from your documents are stored in segregated namespaces. This ensures that a query from Client A can never retrieve information from Client B’s knowledge base.
  • Enterprise API Agreements: We utilize Enterprise-tier agreements with our LLM providers (e.g., Microsoft Azure OpenAI Service), which contractually guarantees that inputs and outputs are not stored or used for model training by the provider.

2. Information We Collect

We collect two distinct types of data:

  1. Account & Operational Data

Information required to manage your account and billing.

  • Identity Data: Name, Job Title, Company Name.
  • Contact Data: Business email address, phone number.
  • Technical Data: IP address, browser type, and login logs (for security auditing).
  1. Service Data (Your “Knowledge Base”)

The documents and text you upload for our agents to analyse.

  • Uploaded Files: PDFs, Word documents, Excel sheets, and transcripts uploaded to agents like Textscanr or AirSafeAI.
  • User Prompts: The specific questions or instructions you give to the agents.
  • Generated Outputs: The reports, summaries, or citations created by the agent.

3. How We Use Your Data

We use Service Data strictly for the purpose of delivering the requested output.

Data Type
Purpose of Use
Account Data
To manage your subscription, issue invoices, and provide customer support.
Service Data
To perform Retrieval Augmented Generation (RAG). We index your text to allow the AI to answer your specific questions. This data is NOT used for any other purpose.

4. Data Retention & Deletion

We give you control over how long your data lives in our system.

  1. Transient Agents (e.g., Textscanr):
    • Data uploaded to “Transient” tools is processed in memory or temporary storage.
    • You can configure the system to purge all data immediately after the session or report generation is complete.
  2. Persistent Agents (e.g., AirSafeAI, AMLSafeAI):
    • Data is stored in your dedicated Vector Database namespace to allow for long-term querying (e.g., “What safety incidents happened last year?”).
    • Right to Erase: You may delete a document or an entire workspace at any time. When you trigger a deletion, the associated vector embeddings are permanently removed from our index immediately.

5. Data Storage & Security

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Region: Our primary infrastructure is hosted in the United Kingdom and European Union (unless a specific US region is requested for data residency compliance).
  • Access Control: We employ strict Role-Based Access Control (RBAC). Only authorized engineers have access to the backend infrastructure for maintenance, and they cannot view raw Service Data content without explicit client permission or a legal mandate.

6. Third-Party Sub-Processors

To provide our “SafeAI” services, we work with a select group of trusted infrastructure partners. All partners are vetted for SOC 2 Type II and GDPR compliance.

  • Microsoft Azure (UK South): Cloud hosting and Enterprise LLM API.
  • Pinecone / Weaviate: Vector Database providers (configured with single-tenant isolation where applicable).
  • Stripe: Payment processing (we do not store your credit card details).

7. Your Rights (GDPR & UK Data Protection Act)

Under the UK GDPR, you have specific rights regarding your data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate personal data.
  • Right to Erasure (“Right to be Forgotten”): Ask us to delete your data.
  • Right to Restriction: Request that we stop processing your data.

To exercise any of these rights, please contact our Data Protection Officer at: [email protected]

8. Contact Us

AI Factory Labs Ltd

160 Kemp House, City Road

London, EC1V 2NX

United Kingdom

Email: [email protected]

ABOUT US

AiFactoryLabs deploys autonomous AI agents to automate compliance, operations, and growth workflows for enterprise.

Socialize

Linkedin X-twitter Youtube Instagram

Email: [email protected]
160 Kemp House, City Rd, London EC1V 2NX

PLATFORM

COMPANY

LEGAL

© 2026 AiFactoryLabs. All rights reserved.