Last Updated: February 20, 2026

Privacy Policy

How OctoX protects and processes your personal data

1. Introduction

OctoX ("OctoX", "we", "our", "us") is a leading artificial intelligence company specialising in machine learning, natural language processing, and intelligent automation solutions.

We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, process, store, and safeguard personal data when you:

  • Visit our website
  • Engage with our AI services
  • Request enterprise solutions
  • Communicate with our team
  • Enter into a commercial relationship with us

We process personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The EU General Data Protection Regulation (EU GDPR)
  • The Data Protection Act 2018

If you have any questions, contact us at: admin@octox.tech

2. Data Controller

For the purposes of data protection law, OctoX is the Data Controller for personal data collected via our website and during business engagement.

Where we process data on behalf of enterprise clients (e.g., through AI systems we deploy), OctoX may act as a Data Processor under a separate Data Processing Agreement (DPA).

3. Categories of Personal Data We Collect

3.1 Information You Provide Directly

We may collect:

  • Full name
  • Business email address
  • Company name
  • Job title
  • Telephone number
  • Billing information
  • Project requirements
  • Communications and correspondence
  • Account login credentials (if applicable)

3.2 Enterprise & Client Data

Where clients use OctoX AI systems, we may process:

  • Structured datasets
  • Business analytics data
  • Operational data
  • Customer interaction data
  • Text, audio, or image datasets used for AI model training

In such cases:

  • Clients remain Data Controllers
  • OctoX acts as Data Processor
  • Processing is governed by contract
  • We do not claim ownership of client data

3.3 Automatically Collected Technical Data

When you visit our website, we may collect:

  • IP address
  • Device type
  • Browser type
  • Operating system
  • Pages viewed
  • Time spent on site
  • Referral source
  • Usage analytics

3.4 AI Model Improvement Data

If you interact with AI-powered tools provided by OctoX:

  • Input prompts
  • System responses
  • Usage patterns

may be processed for:

  • Performance optimisation
  • Security monitoring
  • Bias detection
  • System improvement

Where possible, such data is anonymised or pseudonymised.

4. Lawful Bases for Processing

We rely on the following lawful bases under Article 6 UK GDPR:

Contractual Necessity

To perform contracts for AI development, automation deployment, and enterprise services.

Legitimate Interests

To improve AI models, secure our infrastructure, prevent fraud, analyse system performance, and develop new features.

We ensure legitimate interest assessments are conducted.

Consent

Where required (e.g., marketing communications, non-essential cookies).

Legal Obligation

Where required to comply with regulatory or legal requirements.

5. How We Use Personal Data

We use personal data to:

  • Deliver AI and automation services
  • Provide enterprise consulting
  • Communicate regarding projects
  • Process payments
  • Improve AI system performance
  • Monitor security
  • Conduct analytics
  • Send marketing communications (with consent)
  • Comply with legal obligations

We do not sell personal data.

6. Automated Decision-Making & AI Processing

OctoX develops and deploys AI systems that may involve automated processing.

Where our AI systems are used:

  • Processing purposes are contractually defined
  • Clients determine how outputs are used
  • Human oversight can be incorporated
  • Risk assessments may be conducted

We take steps to mitigate bias, ensure fairness, and maintain model transparency where commercially feasible.

7. Data Sharing

We may share personal data with:

  • Cloud hosting providers
  • Infrastructure providers
  • Analytics providers
  • Payment processors
  • Legal and compliance advisors
  • Security providers

All third parties are contractually bound by confidentiality and data protection obligations.

We may disclose data where legally required.

8. International Data Transfers

As an AI and technology company, we may use global infrastructure providers.

Where data is transferred outside the UK or EEA, we ensure:

  • UK International Data Transfer Agreements (IDTA)
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Appropriate security safeguards

9. Data Security

We implement appropriate technical and organisational measures including:

🔒

End-to-end encryption (where applicable)

☁️

Secure cloud infrastructure

🔑

Role-based access controls

🛡️

Multi-factor authentication

📊

Data minimisation practices

🔍

Regular penetration testing

No system is completely secure, but we maintain enterprise-grade safeguards.

10. Data Retention

We retain personal data only as long as necessary to:

  • Fulfil contractual obligations
  • Comply with legal requirements
  • Resolve disputes
  • Improve AI systems (where lawful)

Client data retention periods are defined contractually.

11. Your Data Protection Rights

Under UK GDPR, you have the right to:

Access

Access your personal data

Rectify

Rectify inaccurate data

Erasure

Request erasure ("right to be forgotten")

Restrict

Restrict processing

Object

Object to processing

Portability

Data portability

Withdraw

Withdraw consent

Complain

Lodge a complaint with the ICO

UK Supervisory Authority:

Information Commissioner's Office (ICO)

https://ico.org.uk

We encourage you to contact us first at admin@octox.tech

12. Cookies & Tracking Technologies

OctoX uses cookies for:

  • Essential functionality
  • Security
  • Performance analytics
  • Marketing (with consent)

Users can manage cookie preferences via our consent banner.

A full Cookie Policy may be provided separately.

13. Confidentiality & AI Training Data

Unless explicitly agreed:

  • Client confidential information is not used to train general AI models
  • Data is isolated per contractual agreements
  • Proprietary enterprise data remains protected

Where anonymised datasets are used for model training, they are processed in compliance with applicable law.

14. Children's Data

Our services are intended for enterprise and professional use.

We do not knowingly collect data from children under 16.

15. Third-Party Links

Our website may contain links to third-party websites.

We are not responsible for their privacy practices.

16. Changes to This Policy

We may update this Privacy Policy periodically.

The latest version will always be published on our website with an updated effective date.

17. Contact Information

For privacy-related enquiries:

📧 Email: admin@octox.tech

🌐 Website: octox.co.uk