Privacy Policy
1. Who We Are & Data Controller Identity
Misti AI Ltd ("we", "us", or "our") is the data controller responsible for processing your personal data in connection with the services available at getmistiai.com (the "Service").
Registered address:
11 York Way, London N1C 4AS, United Kingdom
Company registration: Registered in England and Wales
For general privacy inquiries:
Email: [email protected]
Postal: Privacy Team, Misti AI Ltd, 11 York Way, London N1C 4AS, UK
1.1 Data Protection Officer
For matters relating to personal data processing and your data subject rights, contact our Privacy team at [email protected] with subject line "Data Subject Request".
2. Scope of This Policy
This Privacy Policy applies to personal data collected through our website at getmistiai.com and any subdomains, our products and related services, communications between you and us (email, phone), and marketing activities. It does not apply to third-party websites linked from our Service.
3. Personal Data We Collect
3.1 Data You Provide Directly
| Category | Examples | When Collected |
|---|---|---|
| Identity data | First name, last name, job title | Contact forms, demo requests |
| Contact data | Work email address, phone number, company name | Contact forms, demo requests |
| Business data | Facility type, camera count, use case description | Demo request form |
| Communications data | Support emails, inquiry content | Customer interactions |
3.2 Data Collected Automatically
| Category | Examples | Source |
|---|---|---|
| Technical data | IP address, browser type, OS, device type | Server logs, analytics |
| Usage data | Pages visited, session duration, click paths | Analytics cookies |
| Cookie & tracking data | Cookie IDs, referral sources | Cookies — see our Cookie Policy |
3.3 Special Category Data
We do not intentionally collect or process special categories of personal data (Article 9 GDPR / UK GDPR) such as health, biometric data, racial or ethnic origin, or religious beliefs. Our platform is designed to avoid biometric identification. Please do not submit such data through our Service.
4. Legal Bases & Purposes for Processing
Under Article 6 UK GDPR, we rely on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Respond to demo requests and inquiries | Contract performance / Legitimate interests (6(1)(b)/(f)) |
| Send follow-up communications | Legitimate interests (6(1)(f)) |
| Send marketing with consent | Consent (6(1)(a)) |
| Improve our website via analytics | Legitimate interests (6(1)(f)) |
| Fraud prevention and security | Legitimate interests (6(1)(f)) |
| Comply with legal obligations | Legal obligation (6(1)(c)) |
5. Data Sharing & Third-Party Processors
We do not sell your personal data. We share data only with service providers under appropriate contractual safeguards (Data Processing Agreements per Article 28 UK GDPR), including:
- Cloud infrastructure providers (EU data centers for platform data; UK/EU for website data)
- Email service providers for communications
- Analytics providers for website usage analysis
- Legal and professional advisors under confidentiality obligations
- Law enforcement / regulators where required by applicable law
6. International Data Transfers
We are established in the United Kingdom. Some of our processors process data outside the UK/EEA. Wherever personal data is transferred outside the UK, we ensure adequate protection using UK International Data Transfer Agreements (IDTAs), Standard Contractual Clauses (SCCs), or adequacy decisions. Contact us at [email protected] to request details of the safeguards in place.
7. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this policy or as required by law. General principles: inquiry and contact data is retained for 3 years from last interaction; analytics data is retained for 26 months; security and audit logs for 12 months; records required for legal compliance per applicable statutory retention periods.
8. Your Data Subject Rights (UK GDPR & GDPR)
You have the right to: access your personal data (Art. 15); correct inaccurate data (Art. 16); request erasure ("right to be forgotten") (Art. 17); restrict processing (Art. 18); data portability in machine-readable format (Art. 20); object to processing based on legitimate interests (Art. 21); not be subject to solely automated decision-making with significant effects (Art. 22); and withdraw consent at any time.
8.1 How to Exercise Your Rights
Submit a request by email to [email protected] with subject line "Data Subject Request", or by post to: Privacy Team, Misti AI Ltd, 11 York Way, London N1C 4AS, UK. We will respond within 30 days. We may need to verify your identity before processing your request.
8.2 Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk. EU residents may contact their national supervisory authority. We ask that you contact us first so we can try to resolve any concern directly.
9. California Privacy Rights (CCPA / CPRA)
California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. You may request: (a) disclosure of the categories and specific pieces of personal information we have collected; (b) deletion of personal information; (c) correction of inaccurate personal information. To exercise these rights, contact us at [email protected]. We will not discriminate against you for exercising these rights.
10. Data Security
We implement appropriate technical and organisational security measures (Article 32 UK GDPR) to protect your personal data, including: encryption of data in transit (TLS 1.3) and at rest (AES-256); role-based access controls and principle of least privilege; regular security assessments; staff training on data protection. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours (Article 33 GDPR) and notify affected individuals as required.
11. Cookies
We use cookies and similar tracking technologies on our website. For detailed information about the cookies we use and your choices, please see our Cookie Policy.
12. Children's Privacy
Our Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at [email protected] and we will promptly delete it.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by posting a notice on our website and updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
14. Contact Us
- Data Controller: Misti AI Ltd
- Email: [email protected]
- Address: 11 York Way, London N1C 4AS, United Kingdom
- Phone: +44 20 3936 5557
- Website: getmistiai.com