Privacy Policy
- Who We Are
- Scope of This Policy
- Data We Collect
- Legal Basis for Processing
- How We Use Your Data
- Client Operational Data
- Data Sharing and Third Parties
- International Transfers
- Data Retention
- Security Measures
- Cookies and Tracking
- Your Rights
- Children's Privacy
- Changes to This Policy
- Contact and Complaints
1. Who We Are
Regnor ("we", "us", "our") is a sole-trader business providing Optimisation as a Service — a consulting service in which we build operational simulators from client data and deploy autonomous AI agents to find optimal parameters. We operate under the trading name Regnor and can be contacted at romil@regnor.systems.
For the purposes of UK and EU data protection law, Regnor is the data controller for personal data collected through this website and through the enquiry process. For client operational data shared during an engagement, Regnor acts as a data processor on behalf of the client (the data controller).
2. Scope of This Policy
This Privacy Policy applies to all personal data we collect and process in connection with:
- Visits to our website at regnor.systems and any subdomains
- Enquiries submitted through our optimisation enquiry form
- Email and other direct communications with us
- Client engagements, including data shared for the purpose of building simulators and delivering optimisation results
This policy does not apply to third-party websites linked from our site. We are not responsible for the privacy practices of those sites.
3. Data We Collect
3.1 Enquiry and Contact Data
When you submit an enquiry through our website, we collect:
- Your full name
- Your email address
- Your organisation name (optional)
- Your data availability status (whether you have historical operational data)
- The optimisation domain(s) you are interested in
- Any additional information you choose to provide in the message field
We collect only what is necessary to respond to your enquiry and assess whether an engagement is appropriate.
3.2 Website Usage Data
When you visit our website, our hosting infrastructure (Vercel) may automatically record standard server log data, including:
- Your IP address (anonymised where possible)
- Browser type and version
- Operating system
- Pages visited and time spent on each page
- Referring URL (the page you came from)
- Date and time of access
This data is collected for security and infrastructure purposes only. We do not use it to build profiles or track individuals across sessions.
3.3 Client Operational Data
During an engagement, clients share operational data — such as sales history, inventory records, pricing data, cost structures, schedules, or route data — for the purpose of building a simulator. This data may contain personal data (for example, employee schedules or customer transaction records). See Section 6 for how we handle this data.
3.4 Communications Data
If you contact us by email or other means, we retain records of that correspondence, including your contact details and the content of your messages, for the duration of our relationship and for a reasonable period thereafter.
4. Legal Basis for Processing
We process personal data only where we have a lawful basis to do so under the UK GDPR and the Data Protection Act 2018. The legal bases we rely on are:
- Legitimate interests — for processing enquiry data to respond to your request and assess fit; for retaining communications records; for website security and infrastructure logging. We have assessed that our legitimate interests are not overridden by your rights and freedoms.
- Contract performance — for processing data necessary to deliver an engagement you have contracted us for, including building and running the simulator.
- Legal obligation — where we are required to retain or disclose data to comply with applicable law.
- Consent — where we have explicitly asked for and received your consent. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
5. How We Use Your Data
We use the personal data we collect for the following purposes:
- To respond to your enquiry and assess whether an engagement is appropriate for your situation
- To scope, deliver, and follow up on a consulting engagement
- To communicate with you about your enquiry or engagement
- To maintain records of our business activities as required by law
- To ensure the security and proper functioning of our website and infrastructure
- To comply with legal obligations, including tax and accounting requirements
We do not use your personal data for marketing, advertising, profiling, automated decision-making, or any purpose beyond those listed above. We do not sell, rent, or trade personal data.
6. Client Operational Data
Operational data shared by clients for the purpose of an engagement is treated with the highest level of confidentiality and security. Specifically:
6.1 Purpose Limitation
Client data is used solely for the purpose of building the simulator, running optimisation experiments, and producing the agreed deliverables. It is not used for any other purpose, including improving our own tools or training models for other clients.
6.2 Security
Client data is encrypted at rest using AES-256 encryption. All data transmission occurs over HTTPS/TLS. Access is restricted to the individual conducting the engagement. No client data is stored on shared or public infrastructure.
6.3 Data Processing Agreement
Where client data contains personal data (for example, employee records or customer transaction data), we enter into a Data Processing Agreement (DPA) with the client before the engagement begins. The DPA sets out the subject matter, duration, nature, and purpose of the processing, the type of personal data involved, and the obligations of both parties under applicable data protection law.
6.4 Deletion
All client operational data — including raw data files, intermediate working files, and any copies — is permanently deleted from all systems within 90 days of delivery of the final engagement report. Clients may request earlier deletion at any time. We will confirm deletion in writing upon request.
6.5 No Third-Party Sharing
Client data is never shared with third parties under any circumstances, including subcontractors, cloud AI providers, or analytics platforms. All processing is performed locally or on infrastructure under our direct control.
7. Data Sharing and Third Parties
We do not sell, rent, or share personal data with third parties for their own purposes. We may share data in the following limited circumstances:
- Infrastructure providers — our website is hosted on Vercel, which processes server logs as part of normal hosting operations. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.
- Legal requirements — we may disclose personal data if required to do so by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect our legal rights or the safety of others.
- Business transfers — in the unlikely event of a business sale or transfer, personal data may be transferred as part of that transaction. We would notify affected individuals before any such transfer.
In all cases, we share only the minimum data necessary and require any recipients to maintain appropriate security and confidentiality standards.
8. International Transfers
We are based in the United Kingdom. Our website is hosted on Vercel, which operates infrastructure in multiple regions including the United States and Europe. Where personal data is transferred outside the UK or European Economic Area, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions as applicable.
Client operational data is processed and stored within the UK or EEA only, unless explicitly agreed otherwise in the Statement of Work.
9. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our standard retention periods are:
- Enquiry data — retained for 12 months from the date of submission, or for the duration of any resulting engagement plus 12 months, whichever is longer
- Client operational data — deleted within 90 days of delivery of the final engagement report
- Communications records — retained for 3 years from the date of last contact
- Financial and contractual records — retained for 7 years as required by UK tax law
- Website server logs — retained for up to 90 days by our hosting provider
You may request deletion of your personal data at any time (subject to legal retention obligations) by contacting us at romil@regnor.systems.
10. Security Measures
We take the security of personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or destruction. These measures include:
- Encryption of data at rest (AES-256) and in transit (TLS 1.2 or higher)
- Access controls limiting data access to authorised individuals only
- Secure deletion of data at the end of the retention period
- Regular review of security practices
- No storage of client data on shared, public, or third-party AI infrastructure
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and will notify affected individuals without undue delay where required by law.
11. Cookies and Tracking
Our website does not use tracking cookies, advertising cookies, or third-party analytics platforms (such as Google Analytics). We do not use any technology to track you across websites or build advertising profiles.
Our website may use strictly necessary session-related browser storage for functional purposes (such as maintaining form state). No personal data is stored in cookies.
Our hosting provider (Vercel) may set technical cookies necessary for the operation of the hosting infrastructure. These are strictly necessary and do not track individuals for marketing purposes.
12. Your Rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:
- Right of access — you have the right to request a copy of the personal data we hold about you
- Right to rectification — you have the right to request correction of inaccurate or incomplete personal data
- Right to erasure — you have the right to request deletion of your personal data, subject to legal retention obligations
- Right to restriction — you have the right to request that we restrict processing of your personal data in certain circumstances
- Right to data portability — where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format
- Right to object — you have the right to object to processing based on legitimate interests; we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests
- Rights related to automated decision-making — we do not carry out automated decision-making or profiling that produces legal or similarly significant effects
To exercise any of these rights, contact us at romil@regnor.systems. We will respond within one calendar month. We may need to verify your identity before processing your request.
If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
13. Children's Privacy
Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
Continued use of our website or services after changes are posted constitutes acceptance of the updated policy. If you do not agree with the changes, you should discontinue use of our services and contact us to request deletion of your data.
15. Contact and Complaints
For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:
- Email: romil@regnor.systems
- Website: regnor.systems
We aim to respond to all privacy-related enquiries within 5 business days and to all formal data subject requests within one calendar month.