Privacy Policy.

Information we collect

Information you provide. This includes contact details, account details, organization and billing information, support messages, communications preferences, files, prompts, tasks, call notes, and other content you choose to submit to the Service.

Information from connected services. If you authorize an integration, we process the information needed to provide that integration, such as emails, calendar events, workspace records, files, messages, or metadata made available by the connected service and your permissions.

Automatic information. We and our service providers may collect device, browser, log, usage, diagnostic, security, and cookie data when you interact with our websites and product.

Third-party sources. We may receive business contact details, enrichment data, referrals, and publicly available information from partners, customers, service providers, and public sources.

How we use information

• Provide, secure, operate, maintain, and improve the Service.
• Create and manage accounts, workspaces, subscriptions, and billing.
• Run AI droids, workflows, integrations, memory, calls, and support.
• Communicate about product updates, support, security, and contracts.
• Analyze aggregate usage and product performance.
• Prevent fraud, abuse, security incidents, and policy violations.
• Comply with legal, regulatory, tax, accounting, and audit obligations.

We do not use customer conversations, files, or integration data to train shared third-party AI models.

Legal bases

Where UK or EU GDPR applies, we rely on contract performance to provide the Service, legitimate interests to secure and improve the Service, consent where required for cookies or marketing, and legal obligations where we must retain or disclose information.

Retention

We retain personal information for as long as needed to provide the Service, comply with law, resolve disputes, enforce agreements, and keep appropriate business records. Retention periods vary by data type, customer settings, contract terms, and legal requirements.

How we share information

We may share personal information with service providers, sub-processors, payment processors, professional advisers, authorities where legally required, and counterparties in a merger, financing, acquisition, reorganization, or similar corporate transaction.

Customer data is shared with third-party providers only as needed to deliver the Service or as instructed by the customer.

Sub-processors and processing records

We engage a limited set of vendors as sub-processors to deliver the Service. Each is bound by written data-protection terms and restricted to the personal data necessary for the function we receive from them.

Our current list is maintained at droid.ai/sub-processors. We also maintain Records of Processing Activities under UK GDPR and EU GDPR Article 30.

Cookies and choices

We use strictly necessary cookies to operate the site and, with your consent, analytics cookies to understand business interest and improve the experience. You can update your cookie preference at any time by opening the Cookie Preference Center.

You may also opt out of marketing emails using the unsubscribe link in the message or by contacting privacy@droid.ai.

International transfers

Droid AI Ltd. is established in the United Kingdom. Our customer data plane runs in Google Cloud EU regions by default. Some sub-processors operate in other jurisdictions, including the United States. Where personal data transfers outside the UK or EEA, we use appropriate safeguards such as the UK IDTA, UK Addendum to the EU SCCs, EU SCCs, and transfer impact assessments where required.

Security

We use technical and organizational safeguards designed to protect personal information, including access controls, encryption in transit and at rest, secrets management, logging, monitoring, and vendor review. No internet service can be guaranteed to be completely secure.

European privacy rights

Individuals in the UK and EEA may request access, correction, deletion, portability, restriction, or objection to processing of their personal data, and may withdraw consent where processing is based on consent.

You can exercise these rights by emailing privacy@droid.ai. You also have the right to lodge a complaint with your local supervisory authority.

Children

The Service is not intended for anyone under 18. If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it.

Changes

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and provide additional notice where required by law.

Contact

Email: privacy@droid.ai
Mail: Droid AI Ltd., 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom