Privacy Policy

Last Updated: 14 March 2026

1. Introduction

Welcome to Octopus AI Ltd. ("Company", "we", "our", or "us"). Octopus AI Ltd. is a company registered in the United Kingdom. We operate an AI assistant platform (the "Service"). This Privacy Policy explains how we collect, use, store, and protect personal data when you:

  • Visit our website
  • Create an account
  • Use our platform
  • Deploy AI assistants using our Service
  • Interact with AI assistants built using our platform

We are committed to protecting your personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • Other applicable data protection laws

If you have questions about this Privacy Policy, please contact:

Email: privacy@asktheoctopus.com

2. Data Controller and Data Processor Roles

For the purposes of UK GDPR:

  • Octopus AI Ltd. acts as a Data Controller for personal data relating to account holders, website visitors, billing information, and business operations.
  • Octopus AI Ltd. acts as a Data Processor when users process personal data through AI assistants built or deployed on our platform.
  • Users deploying AI assistants are responsible for ensuring they have a lawful basis to collect and process personal data through their assistants and for providing appropriate privacy notices to their end users.

3. Information We Collect

3.1 Information You Provide Directly

We may collect:

  • Name
  • Email address
  • Account credentials
  • Company name
  • Billing and payment details
  • Communications with us
  • AI assistant configuration data
  • Prompts, uploaded materials, and related content

3.2 AI Conversation Logs

We store conversation logs generated through AI assistants built and deployed using our platform.

These logs may contain personal data, depending on what end users submit to the AI assistant.

We process and store conversation logs for the following purposes:

  • Providing and maintaining the Service
  • Improving system performance and reliability
  • Monitoring misuse, abuse, or security risks
  • Debugging and technical support
  • Complying with legal obligations

Users deploying AI assistants are responsible for informing their end users that conversations may be stored and processed.

3.3 Information Collected Automatically

We may automatically collect:

  • IP address
  • Device information
  • Browser type and version
  • Usage activity
  • Log data
  • Cookies and tracking technologies

3.4 Information from Third-Party Platforms

If AI assistants built on our platform are deployed on third-party platforms (such as messaging applications, social networks, collaboration tools, or other digital services), we may receive data from those platforms based on permissions granted by the user or end user.

We process such data solely for the purpose of providing our Service and in accordance with applicable platform terms and data protection laws.

4. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Performance of a contract (to provide our Service)
  • Legitimate interests (platform security, system improvement, fraud prevention)
  • Legal obligation (compliance with applicable law)
  • Consent (where required for marketing or cookies)

5. How We Use Personal Data

We use personal data to:

  • Provide and operate the platform
  • Authenticate users
  • Process subscriptions and payments
  • Store and manage AI conversation logs
  • Maintain platform security
  • Improve system performance and reliability
  • Respond to support requests
  • Comply with legal obligations

We do not sell personal data.

6. Sharing of Personal Data

We may share data with:

  • Cloud hosting providers
  • Infrastructure providers
  • Payment processors
  • Analytics providers
  • Professional advisors
  • Law enforcement authorities where legally required

We require all service providers to implement appropriate security and data protection safeguards.

We do not sell, rent, or trade personal data.

7. International Data Transfers

Some of our service providers may be located outside the United Kingdom.

Where personal data is transferred internationally, we implement appropriate safeguards such as:

  • UK International Data Transfer Agreements (IDTA)
  • Standard Contractual Clauses (SCCs)
  • Transfers to jurisdictions recognised as adequate under UK law

8. Data Retention

We retain personal data only for as long as necessary to:

  • Provide the Service
  • Maintain AI conversation logs
  • Fulfil contractual obligations
  • Comply with legal requirements
  • Resolve disputes and enforce agreements

AI conversation logs are retained in accordance with our internal retention policies and may be deleted upon account termination, subject to legal or contractual obligations. Users may request deletion of account-related personal data by contacting privacy@asktheoctopus.com.

9. Data Security

We implement appropriate technical and organisational measures including:

  • Encryption in transit (TLS/SSL)
  • Secure cloud infrastructure
  • Role-based access controls
  • Monitoring and logging
  • Internal data protection procedures

While we take reasonable steps to protect personal data, no system can guarantee absolute security.

10. Your Rights Under UK GDPR

If you are located in the UK or EEA, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of personal data
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent (where applicable)
  • Lodge a complaint with the UK Information Commissioner's Office (ICO)

To exercise your rights, contact:

privacy@asktheoctopus.com

11. Third-Party Services and Links

Our website and platform may contain links to third-party services or integrate with external platforms.

We are not responsible for the privacy practices of third-party services. We encourage users to review the privacy policies of those services before providing personal data.

12. Cookies

We use cookies and similar technologies to:

  • Operate the website
  • Maintain user sessions
  • Analyse performance
  • Improve user experience

Where required under UK law, we obtain consent before placing non-essential cookies.

You can control cookies via your browser settings.

13. Children's Data

Our Service is not directed to individuals under 16 years of age.

We do not knowingly collect personal data from children.

If we become aware that we have collected such data, we will take steps to delete it.

14. Changes to This Policy

We may update this Privacy Policy periodically.

Material changes will be communicated via the website or email.

The latest version will always be available on our website with the updated effective date.

15. Contact Information

Email: privacy@asktheoctopus.com