Privacy Policy

Red Flags Ai

Our Privacy Policy was last updated on 29.08.2025.

This Privacy Policy governs the manner in which the website collects, uses, maintains and discloses information collected from users (each, a 'User') of the website ('Site'). This privacy policy applies to the Site and all products and services offered by Red Flags Ai Ltd.


Company: Red Flags Ai Ltd (“Red Flags Ai”, “we”, “us”, “our”)
Website: www.redflags-ai.com

Introduction

Red Flags Ai MVP Due Diligence Analyst GPT (“we”, “our”, “us”) is a due diligence assistant for evaluating companies and individuals in physical commodities. We are committed to protecting your privacy and handling your data securely, transparently, and in compliance with UK and EU data protection laws.

By using our Services, you acknowledge and agree to this Privacy Policy.

Information We Collect

We may collect and process the following types of information:

a) Information You Provide

  • Account details (name, email, phone, billing address).

  • Company information (name, address, country, directors, contact persons).

  • Uploaded documents (e.g., LOI, FCO, SPA contracts). COMING SOON

b) Information Collected Automatically

  • IP address, browser type, device information, operating system.

  • Usage activity (pages visited, time spent, actions performed).

  • Cookies and similar technologies (see Section 10).

c) Information from Third Parties

  • WHOIS records, sanctions databases, public corporate registries.

  • Open-source data relevant to due diligence

d) Transactional data: Purchases, credits, and billing information handled securely by our payment processor, Mollie & PayPal.

How We Use Your Information

We use your information for the following purposes:

  • Extracting company and individual details from uploaded documents.

  • Service Delivery: Generating due diligence reports based on your inputs and uploaded documents.

  • Account Management: Creating and managing accounts, credits, subscriptions, and billing.

  • Verification & Compliance: Checking against sanctions lists, fraud databases, and other compliance checks.

  • Security: Monitoring activity for fraud, misuse, or security threats.

  • Cross-checking: Public registries, watchlists, and third-party APIs (Interpol, FBI, Google Street View, IPinfo, and others).

  • Service Improvement: Training and improving our models with anonymised data only.

  • Legal Compliance: Meeting legal, regulatory, or law enforcement requirements.

  • Providing you with usage insights and report history.

We do not use your information for marketing unless you have explicitly opted in.

Legal Bases for Processing

We rely on the following lawful bases:

  • Contractual necessity (processing required to provide the Services).

  • Legal obligation (complying with anti-fraud, sanctions, or tax requirements).

  • Legitimate interests (preventing fraud, enhancing security, improving Services).

  • Consent (for marketing communications where applicable).

Third-Party Providers

To deliver our service securely and effectively, we rely on a small number of trusted third-party providers. These providers act as data processors or data sources, depending on their role.

  • Automation & Integrations – We use services such as n8n (automation engine), Airtable (credit ledger), and other trusted processors. These services process limited account information (e.g., account ID, credit balance, report ID) under our instructions only.

  • Payment Processing – Purchases are handled securely by Mollie. We do not store or process your full payment card details; Mollie processes these on our behalf in compliance with PSD2 and data protection laws.

  • Data Sources & APIs – Reports may use data retrieved from trusted external providers, including Interpol, FBI, Google Street View, and IPinfo. These services are used to cross-check information against public registries, watchlists, and infrastructure data.

  • Hosting & Infrastructure – We also rely on secure cloud hosting, storage, and monitoring services. These providers may process personal data only as necessary to support the platform.

  • We carefully vet all third-party providers and require them to maintain appropriate safeguards to protect your data.

    We may update our list of subprocessors from time to time. You can request the most current list of subprocessors by contacting us at contact@redflags-ai.com.

Data Storage and Retention

  • Uploaded documents and generated reports are stored securely for 12 months unless deletion is implemented by the user earlier.

  • After 12 months, uploaded documents and generated reports are automatically deleted unless the user requests earlier removal. Anonymised data may be retained for internal analytical purposes.

  • Transactional and financial data may be retained for up to 6 years to comply with tax and legal obligations.

  • We maintain audit logs of system access and report generation for security purposes.

Disclosure of Information

We may share data only with trusted third parties necessary to provide the Services, including:

  • Cloud hosting & database providers (secure infrastructure).

  • API providers (Google Maps, WHOIS, sanctions databases).

  • Payment processors (Systeme.io, Mollie, PayPal).

  • Email services (MailChimp).

We may also disclose information where required to:

  • Comply with legal obligations.

  • Respond to lawful requests by public authorities.

  • Protect the rights, property, or safety of Red Flags Ai, our users, or others.

Data Security

We implement industry-standard technical and organisational safeguards, including:

  • Encryption in transit (TLS) and at rest.

  • Role-based access controls (staff only see what they need).

  • Regular penetration testing and vulnerability scanning.

  • Continuous monitoring of systems and data flows.

  • Anonymisation of sensitive data when used for internal improvement.

However, no system is 100% secure. You acknowledge that information shared online carries some inherent risks.

International Transfers

If personal data is transferred outside the UK/EEA, we will ensure safeguards such as:

  • UK-approved Standard Contractual Clauses.

  • Transfers to jurisdictions with adequacy decisions.

Your Rights

You have the following rights under UK GDPR:

  • Access – request a copy of the data we hold.

  • Rectification – correct inaccurate or incomplete data.

  • Erasure – request deletion (subject to legal retention).

  • Restriction – request we limit processing.

  • Portability – request data in machine-readable format.

  • Objection – object to processing based on legitimate interests.

  • Withdraw Consent – withdraw at any time for consent-based processing.

Requests should be sent to contact@redflags-ai.com.

Cookies and Tracking

We use cookies and tracking technologies for:

  • Essential functions (login, secure sessions).

  • Analytics (understanding how users use the platform).

  • Marketing (only where consent is given).

You can control or disable cookies via your browser, but some features may not function correctly.

Children’s Privacy

Our Services are intended for business users only and not for individuals under 18. We do not knowingly collect information from minors in a business context.

Data Breach Procedure

In the event of a personal data breach:

  • In the event of a personal data breach posing a risk to individuals’ rights and freedoms, we will notify the supervisory authority within 72-hours, and affected users without undue delay.

  • We will provide details of the breach, potential impact, and steps taken to mitigate risks.

Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website with a new “Effective Date.” Continued use of the Services indicates acceptance.

Contact Us

For any questions or to exercise your rights:

📧 contact@redflags-ai.com

Red Flags Ai Ltd

Home | Plans & Pricing | Contact | Terms & Conditions | Legal

All Rights Reserved 2025 | Red Flags Ai Ltd