Privacy Policy

1. Introduction

This Privacy Policy explains how 01AI LTD (“we”, “us”, “our”, “the Company”) collects, uses, stores, and protects personal data when you visit our website app.01ltd.com (the “Website”), use our client login area, or otherwise interact with us. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Data Protection Acts 1988 to 2018, and all applicable Irish and European data protection legislation.

Our services are provided to businesses and organisations. However, in the course of our business activities, we collect and process personal data belonging to natural persons, including employees, directors, and representatives of our client organisations, sole traders, individuals who contact us through the Website, and individuals who apply for employment or other opportunities with us.

2. Data Controller

The data controller responsible for your personal data is: 01AI LTD (CRO 811501), registered in Ireland. Registered Office: Ground Floor, 71 Lower Baggot Street, Dublin, D02 P593. Email: privacy@01ltd.com

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

• Website browsing data: IP address (anonymised, two bytes masked), browser type, operating system, referral source, pages visited, and duration of visit. This data is collected without cookies using Matomo Analytics in cookieless mode (see Section 6).
• Registration data: company name and business email address, collected during self-service account creation.
• Contact and enquiry data: name, email address, telephone number, company name, job title, and any information you provide when contacting us.
• Business contact data: professional details of employees, directors, or representatives of client organisations and business partners.
• Client login area data: username, email address, encrypted password, login timestamps, session data, and information submitted within the client login area.
• Transactional and contractual data: billing information, invoicing details, correspondence, and records relating to the provision of our services.
• Recruitment and job applicant data: CV, cover letter, qualifications, employment history, references, and other information provided as part of an application process.
• Data from third parties: publicly available sources (CRO filings, LinkedIn), third-party business intelligence providers, and referrals.

We do not intentionally collect any special categories of personal data (such as data revealing racial or ethnic origin, political opinions, health data, or biometric data).

4. Legal Bases for Processing

We process your personal data only where we have a lawful basis under Article 6 GDPR:

• Consent (Art. 6(1)(a)): for the use of client data to train or improve our AI models (explicit opt-in required; see Section 5A), talent pool participation, and any future non-essential cookies. Our website analytics operate without cookies and without consent under the CNIL analytics exemption (see Section 6). You may withdraw consent at any time.
• Performance of a contract (Art. 6(1)(b)): to provide access to the client login area and deliver the services you or your organisation have engaged us to provide.
• Legitimate interests (Art. 6(1)(f)): for Website security, fraud prevention, service improvement, managing business relationships, processing job applications, and cookieless website analytics (Matomo) where no cookies or personal identifiers are used.
• Legal obligation (Art. 6(1)(c)): where we are required by law to process or retain certain data, including for tax, accounting, or regulatory compliance purposes.

5. How We Use Your Personal Data

• To operate, maintain, and provide the functionality of the Website and client login area
• To respond to your enquiries and communicate with you
• To fulfil our contractual obligations to clients and manage business relationships
• To send administrative communications such as service updates and security alerts
• To analyse website usage and improve performance using cookieless, anonymised analytics
• To train, test, and improve our artificial intelligence models and services (see Section 5A below)
• To evaluate job applications and manage recruitment processes
• To comply with applicable legal and regulatory obligations
• To protect our rights, property, and safety, and those of our users and the public

5A. Use of Data for AI Training and Improvement

As an artificial intelligence company, we may process certain data submitted through our client login area (such as text inputs, prompts, support queries, and feedback) to train, test, and fine-tune our AI algorithms. Where possible, we take steps to aggregate, de-identify, or anonymise this data before it is used for model training.

Legal basis: explicit consent (Art. 6(1)(a)). We will never use your data for AI model training without your prior, explicit, affirmative opt-in. This consent is collected separately from any other terms and can be withdrawn at any time.

By default, no client data is used for training. If you choose to opt in, you can withdraw consent at any time by adjusting your account settings or contacting us at privacy@01ltd.com. Withdrawal will not affect data that has already been fully anonymised prior to your request.

For paying clients under a Master Services Agreement (MSA), AI training data usage is governed exclusively by the terms of that agreement.

6. Website Analytics

We use Matomo, an open-source analytics platform self-hosted on our own European infrastructure (Paris, France). Matomo operates in cookieless mode for all public visitors: no cookies are placed on your device and no consent banner is required.

Technical configuration:

• Cookies: disabled (disableCookies() in the JavaScript tracker)
• IP anonymisation: 2 bytes masked (e.g. 192.168.xxx.xxx)
• User identification: disabled for anonymous visitors
• Session tracking: daily hash reset (no long-term profiling)
• Cross-site tracking: disabled
• Data sharing: none (all data remains under our exclusive control)
• Data retention: maximum 25 months, reviewed periodically

This configuration qualifies for the analytics exemption under CNIL (France), AEPD (Spain), Garante (Italy), and AP (Netherlands) guidance. For German visitors, we provide an opt-out mechanism below.

Legal basis: legitimate interest (Article 6(1)(f)), specifically cookieless, anonymised analytics for service improvement. No personal identifiers are collected.

Opt-out: If you wish to opt out of anonymised analytics tracking, you may enable the “Do Not Track” setting in your browser. Our Matomo installation honours this preference. You may also use the opt-out form below:

For cookies used in our authenticated client area (session cookies for login), please refer to our Cookie Policy.

6A. Identity and Account Management

Authentication on our platform is handled by Keycloak, a self-hosted open-source identity management system running on our EU infrastructure. Keycloak processes the following personal data:

• Email address
• Hashed password (bcrypt; we never store plaintext passwords)
• Account role and permissions
• Company name (provided during registration)
• Login timestamps and session tokens

Legal basis: contractual necessity (Article 6(1)(b)); you cannot access the platform without authentication.

We collect only the minimum fields required. We do not collect phone numbers, physical addresses, or location data during registration.

Inactive accounts are retained for a maximum of 24 months. You may request full account deletion at any time by contacting privacy@01ltd.com. Deleting your account will also anonymise any associated records in our analytics system.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to any third party. We may share your personal data with: service providers and processors (website hosting, IT support, email services, analytics) bound by data processing agreements; professional advisers (solicitors, accountants, auditors) where necessary; regulatory and legal authorities where required by law; and authorised persons within your organisation where you are a contact person at a client organisation.

8. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). In the event of any transfer outside the EEA, we ensure appropriate safeguards are in place as required by the GDPR, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

9. Data Retention

• Website browsing data (anonymised): maximum 25 months, reviewed periodically. No consent required, as data is cookieless and anonymised.
• Registration and account data: duration of account plus 24 months of inactivity before automatic deletion
• Contact and enquiry data: 2 years from your last communication, unless a contractual relationship arises
• Business contact data: duration of our business relationship plus 2 years thereafter
• Client login area data: duration of our contractual relationship plus 6 years thereafter
• Transactional and contractual data: minimum 6 years following end of the contractual relationship
• Recruitment data (unsuccessful applications): 12 months following conclusion of the recruitment process, unless you consent to longer retention

10. Data Security

We implement appropriate technical and organisational measures including encryption of data in transit (SSL/TLS), secure password hashing, access controls limiting personal data access to authorised personnel, regular security reviews, and secure hosting within the EEA. While we take all reasonable precautions, no method of transmission over the internet is completely secure.

11. Your Rights Under the GDPR

• Right of access (Art. 15): obtain confirmation of processing and a copy of your data
• Right to rectification (Art. 16): request correction of inaccurate or incomplete data
• Right to erasure (Art. 17): request deletion where there is no compelling reason for continued processing
• Right to restriction of processing (Art. 18): request restriction of processing in certain circumstances
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format
• Right to object (Art. 21): object to processing based on legitimate interests
• Right to withdraw consent: withdraw consent at any time without affecting prior lawful processing
• Right not to be subject to automated decision-making (Art. 22): not to be subject to solely automated decisions producing significant legal effects

To exercise any of these rights, please contact us at privacy@01ltd.com. We will respond within one month. We may ask you to verify your identity before processing your request.

12. Complaints

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Data Protection Commission (DPC), 21 Fitzwilliam Square South, Dublin 2, D02 RD28 (www.dataprotection.ie, info@dataprotection.ie, +353 (0)1 765 0100 / 1800 437 737). We would appreciate the opportunity to address your concerns before you approach the DPC.

13. Third-Party Links

Our Website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. The inclusion of a link does not imply endorsement by 01AI LTD.

14. Children's Privacy

Our Website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child, we will delete it promptly.

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Ireland. Any disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the Irish courts.