Privacy Policy
1. Introduction
We at Thesmia.ai (“we”, “us”) value your privacy and are committed to protecting your personal data. This Policy explains how we collect, use, store, and share personal data, as well as your rights under UK GDPR.
2. Data we collect
-
From you: name, email, employer.
-
Automatically: IP address, device info, usage logs, cookies.
3. Legal bases for processing
-
Performance of contract to access Thesmia.ai.
-
Legitimate interests platform improvements and feedback.
-
Consent for Marketing Communications.
-
Legal obligations for compliance and audits.
4. How we use your data
-
To deliver HR‑tech services.
-
For service improvement and product development.
-
To communicate service updates and marketing (with consent).
-
For legal, tax, and compliance purposes.
5. Who we share data with
-
Processors: HubSpot, Outseta, Stripe.
-
Sub‑processors, under contract.
-
Law enforcement or regulators where legally required.
6. International transfers
We may transfer data outside the UK/EEA. We’ll ensure appropriate safeguards such as:
-
UK‑approved standard contractual clauses, or
-
Transfers to countries with adequacy decisions.
7. Retention
We retain data as long as necessary to:
-
Fulfil contract obligations,
-
Meet legal/accounting requirements, and
-
Protect our legal rights.
8. Your rights
You may:
-
Access, correct, delete your data,
-
Restrict or object to processing,
-
Receive your personal data from HubSpot,
-
Withdraw consent,
-
Lodge a complaint with the ICO: https://ico.org.uk/.
9. Security
We use industry-standard technical and organisational measures to protect your data.
10. Breach notifications
If there’s a serious data breach, we’ll:
-
Investigate and contain it,
-
Inform the ICO within 72 hours,
-
Notify affected parties if there’s a high risk to their rights.
11. Changes to this Policy
We may update this Policy. We’ll publish changes with a revised “Last updated” date.
Contact: emma@thesmia.ai
Updated: 4th July 2025