This Privacy Policy describes how Nearfield.ai handles the Subscriber's (User) data and the sensitive Source Data uploaded for processing via the PIIQ Service.
Note: This Privacy Policy should be read in conjunction with our Terms & Conditions.
1. The PIIQ Data Model (Data Controller vs. Processor)
The Subscriber acknowledges and agrees that:
- Subscriber's Role: The Subscriber is typically the Data Processor (or joint Controller/Processor) acting on behalf of their client (the primary Data Controller).
- Company's Role: Nearfield.ai acts solely as a Data Processor with respect to the Source Data (the DSAR/FOIA files) uploaded by the Subscriber for automated processing and redaction. We process this data strictly under the instructions of the Subscriber.
2. Information Collected
We collect two types of information:
2.1. Subscriber Account Data
Information provided directly by the Subscriber (e.g., name, contact details, billing information, account login credentials). This is used solely for service provision, billing, and technical support.
2.2. Source Data (for Processing)
The files containing PII uploaded by the Subscriber for DSAR/FOIA fulfillment. This data is the most sensitive and is handled under strict security protocols (see Section 4).
3. Use of Information
3.1. Service Provision
Subscriber Account Data is used to manage the subscription, provide technical support, and process payments.
3.2. Service Improvement (Anonymised)
The Company may use anonymised and aggregated metadata (e.g., file complexity, processing time, redaction count) derived from processing operations to improve the Service's performance and AI models. This process never involves the retention or use of original PII or Source Data.
4. Data Security, Sovereignty, and Retention
4.1. UK Data Storage & Processing
All Source Data is processed and temporarily stored in secure, certified UK Data Centres.
4.2. Encryption
Data is protected in transit via HTTPS/TLS encryption and at rest using strong encryption algorithms.
4.3. Data Deletion
The Company operates a strict, time-bound data retention policy for Source Data. All Source Data and resulting PII identification logs are automatically purged from the platform after a defined retention period (typically 30 days) or immediately upon explicit request by the Subscriber, unless a longer period is specifically agreed upon in a Contract agreement.
5. Data Sharing and Disclosure
The Company does not sell any Subscriber Account Data or Source Data to third parties. Data is only shared:
- As required by law or legal process.
- With approved sub-processors (e.g., UK-based cloud infrastructure partners) under strict contractual terms ensuring GDPR compliance and data security equal to or greater than the Company's standards.
6. Subscriber/Data Subject Rights
The Subscriber and, indirectly, the underlying Data Subject retain all rights regarding their personal data. PIIQ facilitates the Subscriber's ability to fulfill Data Subject Rights, including the right to access, rectify, erase (right to be forgotten), and object to the processing of the Source Data held by the Data Controller (the Subscriber's client).
7. Changes to the Privacy Policy
We reserve the right to update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Changes will be effective upon posting. Continued use of the Service constitutes acceptance of the updated policy.
8. Contact Information
For any inquiries or concerns regarding this Privacy Policy, please contact the Nearfield.ai Data Protection Office:
Email: compliance@nearfield.ai