top of page

Legal & Data Responsibility Statement

At index AI Ltd, we are committed to protecting your data, respecting your privacy, and operating transparently in every region where we work. Our services are designed with global compliance in mind, including adherence to major data protection regulations such as:

  • The General Data Protection Regulation (GDPR) (EU/EEA)

  • The UK GDPR and Data Protection Act 2018 (United Kingdom)

  • The California Consumer Privacy Act (CCPA) (United States)

  • Other applicable regional and industry-specific privacy regulations

 

We operate as both a data processor and data controller, depending on the services we provide and the contractual agreement in place. We do not access, process, or transfer any client data without consent, and all engagements are governed by strict confidentiality and data security protocols.

All data assessments, scans, or cleanup projects are performed in compliance with applicable privacy laws and best practices, including:

  • Clear client authorisation and scoping prior to any scan or analysis

  • No transfer of data outside approved jurisdictions without client consent

  • Secure access controls and encrypted environments for all tools and reports

  • Minimal data retention: we do not store your data unless specifically agreed

  • Optional Data Processing Agreements (DPAs) available for all engagements

 

We are happy to work with your legal, IT, or compliance teams to ensure any engagement meets your organisation’s internal standards and regulatory obligations.

If you have questions about our compliance practices, privacy terms, or data handling policies, please contact us directly at: legal@index-ai.com

bottom of page