Legal

Privacy Policy

Aigonix · Effective date: 08 June 2026

1. Introduction

Aigonix is a technology company that builds document intelligence infrastructure for regulated industries. We operate two products: C2C, which extracts emissions activity data from business documents for GHG reporting, and Invoice Intelligence, which extracts structured invoice data for finance and accounts payable workflows.

This Privacy Policy explains what data we collect, how we use it, and your rights in relation to it. It covers all services operated by Aigonix, including both products and our corporate website at aigonix.com.

Our customers are businesses. This policy is written accordingly. If you are an individual whose data a customer has submitted to one of our products, please contact that customer directly — they are the data controller and the appropriate point of contact.

2. Information we collect

Account and contact data

When you sign up for a product or contact us, we collect information such as your name, business email address, job title, company name, and any details you provide in correspondence.

Usage and product data

We collect data about how you interact with our products — including features used, actions taken, and the time and frequency of those actions. We use this to operate and improve the service.

Technical data

We collect standard technical information when you use our services, including IP addresses, browser and device type, operating system, and session identifiers. This data is used for security, diagnostics, and service stability.

Customer-submitted document data

Our products process documents that customers upload or connect to the service — for example, supplier invoices, utility bills, and emissions-related records. We process this document data on behalf of our customers as their data processor. See Section 4 for details.

3. How we use information

We use the information we collect to:

  • Deliver the service — provision accounts, process documents, and return structured data output.
  • Maintain security — detect, investigate, and respond to security incidents or misuse.
  • Improve our products — analyse usage patterns to fix bugs, prioritise features, and improve accuracy. We do not use customer-submitted document data for model training without explicit written agreement.
  • Communicate with you — send service notifications, product updates, and respond to support requests. We will not send marketing communications without your consent.
  • Meet legal obligations — respond to lawful requests from authorities and comply with applicable law.

4. Data we process on behalf of customers

When customers upload documents to our products, Aigonix acts as a data processor. The customer is the data controller. We process document data only as instructed by the customer and only to deliver the agreed service.

This means:

  • We do not use customer document data for our own purposes beyond providing the service.
  • We do not sell or share customer document data with third parties for their own use.
  • We retain document data only as long as the customer account is active, or as specified in the applicable Data Processing Agreement (DPA).
  • Customers who require a formal DPA — for example, to meet GDPR Article 28 requirements — may request one from us at contact@aigonix.com.

5. Legal basis for processing

Where the GDPR or equivalent data protection law applies, we process personal data on the following legal bases:

  • Contract performance — processing necessary to deliver the service you have contracted for.
  • Legitimate interests — processing for security, fraud prevention, product improvement, and direct communications with existing customers, where those interests are not overridden by your rights.
  • Legal obligation — processing required to comply with applicable law or respond to lawful authority requests.
  • Consent — where we rely on consent (for example, for certain marketing communications or optional cookies), you may withdraw it at any time.

6. Data sharing

We do not sell personal data. We share data only in the following circumstances:

Subprocessors

We use a limited number of third-party subprocessors to operate our infrastructure, including cloud hosting, monitoring, and analytics services. All subprocessors are bound by data processing agreements and are required to handle data in line with applicable law. We will maintain and provide an up-to-date list of subprocessors on request.

Legal requirements

We may disclose data if required to do so by law, court order, or regulatory authority. Where legally permitted, we will notify affected customers before disclosing their data.

Business transfers

In the event of a merger, acquisition, or sale of assets, personal data held by Aigonix may be transferred to the relevant successor entity. We will notify customers of any such transfer in advance.

7. Data retention

We retain account and usage data for the duration of the customer relationship, and for a reasonable period afterwards for legal, audit, and dispute-resolution purposes — typically no longer than three years after contract termination.

Customer-submitted document data is retained according to the terms of the applicable contract or DPA. On request, we will delete document data promptly following contract termination, subject to any legal retention requirements.

You may request deletion of your personal data at any time by contacting us at contact@aigonix.com. We will confirm deletion within 30 days, subject to any legal obligations that require retention.

8. Security

We apply industry-standard security controls to protect the data we hold:

  • All data transmitted between your systems and ours is encrypted in transit using TLS.
  • Data stored on our infrastructure is encrypted at rest.
  • Access to customer data is restricted to authorised personnel on a need-to-know basis.
  • We conduct regular security reviews and maintain incident response procedures.

In the event of a security incident affecting your data, we will notify you without undue delay and in accordance with applicable breach notification requirements.

9. International transfers

Our infrastructure and subprocessors may be located in jurisdictions outside your country. Where data is transferred internationally, we take steps to ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms recognised under applicable law.

If you require details of the specific safeguards applicable to your data transfers, contact us at contact@aigonix.com.

10. Your rights

Depending on your location and applicable law, you may have the following rights in relation to your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that inaccurate or incomplete data be corrected.
  • Deletion — request that we delete your personal data, subject to legal retention obligations.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing carried out on the basis of legitimate interests.
  • Restriction — request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, contact us at contact@aigonix.com. We will respond within 30 days. If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.

11. Cookies

We use a small number of cookies and similar technologies on our website and product interfaces:

  • Strictly necessary cookies — required for the service to function. These cannot be disabled.
  • Analytics cookies — used to understand how visitors use our site and products. These are not used to identify individuals. You may opt out via our cookie preferences, which will be available via a cookie banner on our website.

We do not use advertising or tracking cookies, and we do not share cookie data with third-party advertisers.

Note: a cookie consent banner is pending implementation on aigonix.com.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify active customers by email and post the updated policy on our website with a revised effective date. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

We encourage you to review this page periodically.

13. Contact

For any questions, requests, or concerns about this policy or how we handle your data, contact us at:

Data contact

Aigonix

Email: contact@aigonix.com

Website: aigonix.com