Legal

Privacy Policy

Last updated: 24 May 2026  ·  Effective: 24 May 2026

1. Who We Are

Regnor ("we", "us", "our") is a sole-trader business providing Optimisation as a Service — a consulting service in which we build operational simulators from client data and deploy autonomous AI agents to find optimal parameters. We operate under the trading name Regnor and can be contacted at romil@regnor.systems.

For the purposes of UK and EU data protection law, Regnor is the data controller for personal data collected through this website and through the enquiry process. For client operational data shared during an engagement, Regnor acts as a data processor on behalf of the client (the data controller).

2. Scope of This Policy

This Privacy Policy applies to all personal data we collect and process in connection with:

This policy does not apply to third-party websites linked from our site. We are not responsible for the privacy practices of those sites.

3. Data We Collect

3.1 Enquiry and Contact Data

When you submit an enquiry through our website, we collect:

We collect only what is necessary to respond to your enquiry and assess whether an engagement is appropriate.

3.2 Website Usage Data

When you visit our website, our hosting infrastructure (Vercel) may automatically record standard server log data, including:

This data is collected for security and infrastructure purposes only. We do not use it to build profiles or track individuals across sessions.

3.3 Client Operational Data

During an engagement, clients share operational data — such as sales history, inventory records, pricing data, cost structures, schedules, or route data — for the purpose of building a simulator. This data may contain personal data (for example, employee schedules or customer transaction records). See Section 6 for how we handle this data.

3.4 Communications Data

If you contact us by email or other means, we retain records of that correspondence, including your contact details and the content of your messages, for the duration of our relationship and for a reasonable period thereafter.

We process personal data only where we have a lawful basis to do so under the UK GDPR and the Data Protection Act 2018. The legal bases we rely on are:

5. How We Use Your Data

We use the personal data we collect for the following purposes:

We do not use your personal data for marketing, advertising, profiling, automated decision-making, or any purpose beyond those listed above. We do not sell, rent, or trade personal data.

6. Client Operational Data

Operational data shared by clients for the purpose of an engagement is treated with the highest level of confidentiality and security. Specifically:

6.1 Purpose Limitation

Client data is used solely for the purpose of building the simulator, running optimisation experiments, and producing the agreed deliverables. It is not used for any other purpose, including improving our own tools or training models for other clients.

6.2 Security

Client data is encrypted at rest using AES-256 encryption. All data transmission occurs over HTTPS/TLS. Access is restricted to the individual conducting the engagement. No client data is stored on shared or public infrastructure.

6.3 Data Processing Agreement

Where client data contains personal data (for example, employee records or customer transaction data), we enter into a Data Processing Agreement (DPA) with the client before the engagement begins. The DPA sets out the subject matter, duration, nature, and purpose of the processing, the type of personal data involved, and the obligations of both parties under applicable data protection law.

6.4 Deletion

All client operational data — including raw data files, intermediate working files, and any copies — is permanently deleted from all systems within 90 days of delivery of the final engagement report. Clients may request earlier deletion at any time. We will confirm deletion in writing upon request.

6.5 No Third-Party Sharing

Client data is never shared with third parties under any circumstances, including subcontractors, cloud AI providers, or analytics platforms. All processing is performed locally or on infrastructure under our direct control.

7. Data Sharing and Third Parties

We do not sell, rent, or share personal data with third parties for their own purposes. We may share data in the following limited circumstances:

In all cases, we share only the minimum data necessary and require any recipients to maintain appropriate security and confidentiality standards.

8. International Transfers

We are based in the United Kingdom. Our website is hosted on Vercel, which operates infrastructure in multiple regions including the United States and Europe. Where personal data is transferred outside the UK or European Economic Area, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions as applicable.

Client operational data is processed and stored within the UK or EEA only, unless explicitly agreed otherwise in the Statement of Work.

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our standard retention periods are:

You may request deletion of your personal data at any time (subject to legal retention obligations) by contacting us at romil@regnor.systems.

10. Security Measures

We take the security of personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or destruction. These measures include:

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where required by law.

11. Cookies and Tracking

Our website does not use tracking cookies, advertising cookies, or third-party analytics platforms (such as Google Analytics). We do not use any technology to track you across websites or build advertising profiles.

Our website may use strictly necessary session-related browser storage for functional purposes (such as maintaining form state). No personal data is stored in cookies.

Our hosting provider (Vercel) may set technical cookies necessary for the operation of the hosting infrastructure. These are strictly necessary and do not track individuals for marketing purposes.

12. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

To exercise any of these rights, contact us at romil@regnor.systems. We will respond within one calendar month. We may need to verify your identity before processing your request.

Supervisory Authority

If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

13. Children's Privacy

Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of our website or services after changes are posted constitutes acceptance of the updated policy. If you do not agree with the changes, you should discontinue use of our services and contact us to request deletion of your data.

15. Contact and Complaints

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related enquiries within 5 business days and to all formal data subject requests within one calendar month.