Privacy Policy (UK GDPR)
Effective: 2025-09-10
Controller: Ryan Roberts: Behavioural & Intelligence Services ("RBIS"). Contact: Contact@RBISIntelligence.com. Address: PO Box, Bournemouth, Dorset, BH2 5RR, England.
What we collect
- Identity/contact
- Content you submit
- Usage/telemetry
- Comms metadata
- Preferences
Purposes & lawful bases
| Purpose | Examples | Basis |
|---|
| Provide & improve | Intake, triage, QA | Contract; Legitimate interests |
| Comms | Updates, support | Contract; Legitimate interests |
| Marketing | Opt-in newsletters | Consent; Legitimate interests (B2B) |
| Security | MFA, RBAC, logs | Legitimate interests; Legal obligation |
Special category data: processed only if deliberately provided and necessary (Art.9(2)(a)/(g)). Transfers: adequacy or safeguards (IDTA/SCCs). Rights include access, rectification, erasure. ICO: ico.org.uk.
Terms of Service
Effective: 2025-09-10
We are not a law firm and do not provide legal advice. Outputs support — not substitute — qualified legal advice. England & Wales law; courts of England & Wales.
- Acceptable use: no unlawful content; no reverse engineering/testing without consent
- IP: you own your content; licence to process for service provision
- Liability: no indirect/consequential loss; cap = greater of £500 or 12-month fees; mandatory rights preserved
- Suspension/termination for breach, risk, or legal obligation
Mutual Confidentiality Agreement (Short Form)
Effective: 2025-09-10
Use only for agreed purpose; protect with reasonable care; restrict access; no disclosure without consent except to processors under written terms; return/delete on request; 5-year term (trade secrets survive).
Data Retention & Deletion Policy
| Category | Default | Notes |
|---|
| Enquiries/cases/docs | 24 months | Extend if active or on legal hold |
| Telemetry | 18 months | Aggregations may persist |
| Statutory records | Up to 6 years | Tax/accounting/limitations |
Deletion: app-level purge; processor deletion via API/tickets; cryptographic erasure where supported.
Security Statement & Chain of Custody
- TLS ingress • encryption at rest • RBAC • MFA • least-privilege
- Vendor due diligence; DPAs/IDTA/SCCs
- Incident response with user notification where required (ICO within 72h when applicable)
Zero-Day Risk Clause: if a zero-day or upstream processor breach occurs, RBIS executes a documented response plan including notification, integrity verification, and remediation.
Cookie Policy
Non-essential cookies run only with consent. Manage in your browser; clearing local storage resets the banner.
Claims, Testimonials & Marketing Accuracy
- Claims include scope/assumption notes
- Usage numbers dated and backed by records
- Testimonials: permissions and disclosures
Data Processing Addendum (Controller ↔ Processor)
- Process on documented instructions
- Confidential personnel; least-privilege; MFA
- Assist with rights/DPIAs where proportionate
- Delete/return data at end; allow audits on notice