Skip to main content
D
Deputise
← Back to Learn

Privacy Policy

How Deputise handles personal data and protects user privacy.

Privacy Policy

Deputise Ltd

Your privacy is important to us. This Privacy Policy explains how Deputise Ltd collects, uses, discloses, and protects your personal information when you use our website at https://deputise.ai and the Deputise platform (collectively, the "Service").

This policy applies to all visitors, registered users, and customers of the Service.

Effective date: March 1, 2026 Last updated: March 15, 2026

1. Who We Are

We are Deputise Ltd, a company registered in England and Wales with company number 17082681, with our registered address at:

71-75 Shelton Street Covent Garden London WC2H 9JQ

For the purposes of applicable data protection legislation, Deputise Ltd is the data controller of personal information collected through the Service when you interact with us directly (e.g. creating an account, visiting our website). Where you use the Service through an organisation, we may act as a data processor on behalf of that organisation.

For questions about this Privacy Policy, contact us at: Email: privacy@deputise.ai

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, and password when you register
  • Profile information: any additional details you choose to add to your account
  • Payment information: billing details processed through our third-party payment provider (we do not store full payment card details)
  • Communications: messages you send to us via email, support channels, or feedback forms
  • User-generated content: data, prompts, configurations, instructions, and any other content you provide to or through AI agents on the platform, including content you make available to other users through the marketplace

2.2 Information Collected Automatically

  • Log data: IP address, browser type and version, pages visited, time and date of visit, time spent on pages, referring URL, and other diagnostic data
  • Device data: device type, operating system, and unique device identifiers
  • Usage data: features used, interactions with the platform, agent configurations, and transaction records
  • Cookies and similar technologies: see Section 10 below

2.3 Information from Third Parties

We may receive information about you from third-party services you connect to the platform (e.g. OAuth providers used for authentication), or from publicly available sources.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service delivery: to provide, operate, maintain, and improve the Deputise platform
  • Account management: to create and manage your account, authenticate your identity, and process transactions
  • Communication: to respond to your enquiries, provide customer support, and send service-related notices
  • Marketplace facilitation: to enable transactions between users, including connecting agent creators with agent consumers, and managing reviews, ratings, and dispute resolution
  • Safety and trust: to detect, prevent, and address fraud, abuse, security incidents, and violations of our terms
  • Analytics and improvement: to understand how users interact with the Service, identify trends, and improve our platform
  • Legal compliance: to comply with applicable laws, regulations, legal processes, or governmental requests
  • Marketing: with your consent, to send promotional communications about our products and services (you may opt out at any time)

3.1 AI Model Training

We do not use your personal data to train AI models. We may use strictly anonymised data to:

  • Improve how assistants work, through analysis of failures and functional gaps
  • Work with AI providers to improve their models, where we can help identify improvements

Personal data is never shared as part of this process.

4. Legal Bases for Processing (UK GDPR / EU GDPR)

We process your personal information only where we have a lawful basis to do so:

  • Performance of a contract: where processing is necessary to provide the Service to you under our Terms of Service
  • Legitimate interests: where processing is necessary for our legitimate interests (such as improving our Service, ensuring security, and preventing fraud), provided those interests are not overridden by your rights
  • Consent: where you have given explicit consent for a specific processing activity (e.g. marketing communications). You may withdraw consent at any time
  • Legal obligation: where processing is necessary to comply with a legal obligation to which we are subject

5. How We Share Your Information

We do not sell your personal information. We may share your information with:

  • Service providers and sub-processors: third-party vendors who assist us in operating the Service, including hosting, payment processing, analytics, email delivery, and AI inference providers. These providers are contractually obligated to process your data only as instructed by us and in accordance with this policy. For a full list, see our Sub-Processors page
  • Other platform users: where you choose to share assistants, certain profile and assistant information will be visible to other users.
  • Professional advisors: lawyers, auditors, and insurers where necessary for the provision of professional services
  • Law enforcement and regulators: where required by law, regulation, legal process, or governmental request, or where necessary to protect our rights, property, or safety, or the rights, property, or safety of others
  • Business transfers: in connection with any merger, acquisition, restructuring, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change

6. International Transfers of Personal Information

Your personal information may be stored and processed in the United Kingdom, the European Economic Area (EEA), the United States, or any other country in which we or our sub-processors maintain facilities.

Where we transfer personal information outside of the UK or EEA, we ensure appropriate safeguards are in place, including:

  • Transfers to countries with an adequacy decision from the UK Secretary of State or the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK International Data Transfer Agreement (IDTA)
  • Other legally recognised transfer mechanisms

The UK benefits from an EU adequacy decision. Where we transfer data from the EU/EEA to the UK, this is covered by that adequacy finding.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Account data: retained for the duration your account is active, and deleted or anonymised within 30 days of account deletion
  • Transaction data: retained for up to 7 years after the transaction to comply with financial and tax reporting obligations
  • Log and analytics data: retained for up to 24 months
  • Marketing preferences: retained until you withdraw consent or unsubscribe

When personal information is no longer required, we will securely delete or anonymise it.

8. Data Security

We implement commercially reasonable technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS) and at rest, access controls, regular security assessments, and incident response procedures.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

9. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

9.1 Rights Under UK GDPR and EU GDPR

  • Access: request a copy of the personal information we hold about you (Data Subject Access Request)
  • Rectification: request correction of inaccurate or incomplete personal information
  • Erasure: request deletion of your personal information in certain circumstances
  • Restriction: request that we restrict processing of your personal information
  • Portability: request a copy of your personal information in a structured, commonly used, machine-readable format
  • Objection: object to processing based on legitimate interests or for direct marketing purposes
  • Automated decision-making: not be subject to decisions based solely on automated processing that produce legal or similarly significant effects on you
  • Withdraw consent: where processing is based on consent, withdraw that consent at any time

To exercise any of these rights, contact us at privacy@deputise.ai. We will respond within 30 calendar days.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

UK — Information Commissioner's Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Tel: 0303 123 1113 Website: www.ico.org.uk

EU — your local Data Protection Authority A list of EU DPAs is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en

9.2 Rights Under U.S. State Privacy Laws

Residents of states with comprehensive privacy laws (including California, Colorado, Connecticut, Virginia, Texas, Oregon, Montana, Delaware, Iowa, Minnesota, Nebraska, New Hampshire, New Jersey, Tennessee, Maryland, Indiana, Kentucky, Rhode Island, Utah, and others as enacted) may have additional rights, including:

  • Right to know what personal information we collect, use, and disclose
  • Right to delete personal information we hold about you
  • Right to correct inaccurate personal information
  • Right to opt out of the sale of personal information, targeted advertising, or profiling that produces legal or similarly significant effects
  • Right to non-discrimination for exercising your privacy rights

We do not sell personal information as defined under applicable U.S. state privacy laws.

Do Not Track: We do not currently respond to browser "Do Not Track" signals. Where required by applicable state law, we honour Global Privacy Control (GPC) or other universal opt-out mechanisms as a valid opt-out signal.

California-Specific Disclosures (CCPA/CPRA)

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email, IP address, account ID), commercial information (transaction records, purchase history), internet/electronic network activity (usage data, log data), and inferences drawn from the above.

We collect and use these categories for the business purposes described in Section 3. We do not sell or share (as defined by the CCPA) personal information for cross-context behavioural advertising.

To exercise your rights, contact us at privacy@deputise.ai with the subject line "Privacy Rights Request".

9.3 Rights Under Canadian Privacy Law (PIPEDA)

If you are a Canadian resident, you have the right to:

  • Access personal information we hold about you
  • Request correction of inaccurate personal information
  • Withdraw consent for collection, use, or disclosure of your personal information (subject to legal and contractual restrictions)

Requests will be fulfilled within 30 days. If we cannot resolve your concern, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

9.4 Rights Under Australian Privacy Act

If you are an Australian resident, you have rights under the Privacy Act 1988 (Cth) to access and correct your personal information. Some third-party providers may not be bound by the Australian Privacy Principles; by using the Service, you acknowledge that where information is shared with such providers, they may not be accountable under the Privacy Act.

10. Cookies and Similar Technologies

We use cookies and similar tracking technologies to operate and improve the Service. These include:

  • Strictly necessary cookies: required for the Service to function (e.g. authentication, session management)
  • Analytics cookies: help us understand how the Service is used (e.g. page views, feature usage)
  • Preference cookies: remember your settings and preferences

You can manage cookie preferences through your browser settings or through any cookie consent mechanism we provide on the Service. Disabling certain cookies may affect the functionality of the Service.

11. Children's Privacy

The Service is not directed at individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@deputise.ai and we will take steps to delete it.

12. AI Transparency and the EU AI Act

Deputise operates as a marketplace platform where users can create, publish, and interact with AI-powered agents. In accordance with transparency obligations under the EU AI Act (Regulation (EU) 2024/1689):

  • Disclosure of AI interaction: when you interact with an AI agent on the platform, you will be informed that you are interacting with an AI system
  • Content labelling: where AI-generated content is produced through the platform, it will be identified as such where required by applicable law
  • Risk classification: we do not deploy AI systems classified as high-risk or prohibited under the EU AI Act. The platform facilitates the use of general-purpose AI models provided by third-party AI providers. We require agent creators on the platform to comply with all applicable AI regulations, including the EU AI Act, through our Acceptable Use Policy
  • Human oversight: users retain control over their AI agent configurations and interactions. Users are responsible for reviewing AI-generated outputs before relying on them for consequential decisions

13. Third-Party Links

The Service may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

14. Business Transfers

If Deputise Ltd is acquired, merges with another entity, or enters bankruptcy, your personal information may be transferred as part of that transaction. We will provide notice before your personal information becomes subject to a different privacy policy.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted at this URL. If changes are material, we will notify you by email or through the Service before they take effect.

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, contact us at:

Deputise Ltd 71-75 Shelton Street Covent Garden London WC2H 9JQ

Email: privacy@deputise.ai