Legal
Privacy Policy
Last updated: March 2026 · ITNextGen Limited
We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
AI Governance Hub is operated by ITNextGen Limited, a company registered in England and Wales. We are the data controller for personal data processed through this website and platform.
Contact us: connect@aigovernancehub.uk
2. What data we collect
We collect the following categories of personal data:
- Account data — name, email address, organisation name, job title
- Usage data — pages visited, features used, session duration (via analytics)
- Payment data — billing details processed securely by Stripe (we do not store card numbers)
- Communications — messages you send us via email or contact forms
- Platform content — AI system records, assessments, and documents you create within the platform
3. How we use your data
- To provide and operate the AI Governance Hub platform
- To process subscription payments and manage your account
- To send service-related communications (account updates, invoices)
- To improve platform features through aggregated, anonymised analytics
- To respond to support requests
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Legal bases for processing
- Contract performance — to fulfil your subscription and platform access
- Legitimate interests — to improve the platform and prevent fraud
- Legal obligation — where required by applicable law
- Consent — for any optional communications (you may withdraw at any time)
5. Data residency
All personal data and platform content is stored within UK and EU jurisdictions. We do not transfer your data to countries outside the UK or European Economic Area without appropriate safeguards in place.
6. Data retention
We retain your personal data for as long as your account is active, plus a reasonable period thereafter for legal and audit purposes. You may request deletion of your data at any time (see Section 7). We will action deletion requests within 30 days.
7. Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request deletion of your data
- Restrict or object to processing
- Data portability (receive your data in a structured, machine-readable format)
- Withdraw consent where processing is based on consent
To exercise any of these rights, email connect@aigovernancehub.uk. We will respond within one calendar month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Cookies
We use essential cookies to maintain your session and a small number of analytics cookies (PostHog) to understand how the platform is used. No advertising or tracking cookies are used. You can disable non-essential cookies via your browser settings.
9. Third-party processors
We use the following sub-processors, each subject to appropriate data processing agreements:
- Supabase — database and authentication (EU region)
- Vercel — application hosting
- Stripe — payment processing
- Resend — transactional email
- PostHog — anonymised usage analytics
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or via an in-platform notice. The "last updated" date at the top of this page will always reflect the most recent revision.
11. Contact
For privacy-related enquiries: connect@aigovernancehub.uk