LEGAL

Privacy Policy.

Last updated: 13 June 2026

1. Who we are

NarrativEye Ltd ("NarrativEye", "we", "us", "our") operates a narrative intelligence platform at narrativeye.ai.

We are the data controller for personal information collected via our website and platform. For data processed on behalf of our customers (for example, information included in their use of the platform), we act as a data processor. See our Data Processing Agreement for details.

Contact: privacy@narrativeye.ai

2. What personal information we collect

Information you provide to us

  • Demo and contact requests: name, work email address, company name, job role, and any message you include.
  • Account registration: name, work email address, password (hashed), company name, and role.
  • Communications: the content of emails, support tickets, and other messages you send to us.
  • Defence briefing requests: name, organisation, government or defence email, role, and classification context.

Information collected automatically

  • Usage data: pages visited, features used, time spent, and navigation patterns within the platform.
  • Technical data: IP address, browser type, operating system, referral source, and device identifiers.
  • Cookies: see our Cookie Policy for full details.

Information we do not collect

We do not collect personal information about individuals from our monitoring of public sources. Our platform monitors publicly available content — not private individuals. We do not scrape private accounts, private messages, or unauthorised sources.

3. How we use your information

We use personal information to:

  • Respond to demo requests, enquiries, and support tickets
  • Provide and operate the NarrativEye platform
  • Process payments and manage subscriptions
  • Send service communications (account updates, security alerts)
  • Send marketing communications, where you have consented or where we have a legitimate interest and you have not opted out
  • Improve the platform and develop new features
  • Comply with legal obligations
  • Defend against legal claims

4. Legal basis for processing (UK GDPR)

Purpose Legal basis
Responding to enquiries and demo requests Legitimate interests / Pre-contractual steps
Providing the platform to paying customers Contract performance
Sending service communications Contract performance / Legitimate interests
Marketing communications Consent / Legitimate interests (B2B)
Analytics and platform improvement Legitimate interests
Legal compliance and defence Legal obligation / Legitimate interests

5. Who we share your information with

We share personal information with:

  • Service providers: email delivery (Resend), analytics (Plausible — cookieless, GDPR-compliant), cloud infrastructure (Cloudflare), and CRM tools. These providers process data on our behalf under data processing agreements.
  • Professional advisers: lawyers, accountants, and auditors, where necessary.
  • Law enforcement: where required by law or to protect our legal rights.
  • Acquirers: in the event of a merger, acquisition, or sale of assets, subject to appropriate confidentiality obligations.

We do not sell personal information to third parties.

6. International transfers

Some of our service providers are based outside the UK and EEA. Where we transfer personal data internationally, we use appropriate safeguards: Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms under UK GDPR.

7. How long we keep your information

  • Demo and enquiry data: 2 years from last contact, or as long as necessary to manage the relationship.
  • Customer account data: for the duration of the contract plus 7 years (to comply with financial and legal record-keeping obligations).
  • Marketing data: until you withdraw consent or opt out.
  • Support communications: 3 years from resolution.

8. Your rights

Under UK GDPR, you have the right to:

  • Access: request a copy of the personal information we hold about you.
  • Rectification: ask us to correct inaccurate or incomplete information.
  • Erasure: ask us to delete your personal information ("right to be forgotten"), subject to legal exceptions.
  • Restriction: ask us to restrict how we process your information in certain circumstances.
  • Portability: receive your personal information in a structured, machine-readable format.
  • Object: object to processing based on legitimate interests, including direct marketing.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@narrativeye.ai. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, destruction, or alteration. These include encryption in transit and at rest, access controls, and security monitoring.

NarrativEye is Cyber Essentials Plus certified. ISO 27001 certification is in progress.

10. Cookies

We use a limited set of cookies and similar technologies. See our Cookie Policy for full details including how to manage your preferences.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify current customers of material changes by email. The "last updated" date at the top of this page reflects the most recent revision. We recommend reviewing this page periodically.

12. Contact

For privacy-related questions or to exercise your rights:

Email: privacy@narrativeye.ai