Privacy Policy
Last Updated: 12/3/2025
This Privacy Policy describes how OSINTO.ai collects, uses, and protects your personal information.
Effective Date: Dec 2025
Thanks for using OSINTO.ai — our mission is to build and provide a living knowledge environment for Security, Resilience and Defence stakeholders, to promote global Risk & Resilience Management capability via a secure, trusted platform for sharing and sourcing business, operational, and threat intelligence, market insights and associated risk mitigation solutions and opportunities.
This Privacy Policy explains how we collect, use, and protect your personal data when you access or use our websites, software, browser extensions, chat, AI summaries, and related services (collectively, the “Services”). OSINTO.ai acts as the Data Controller for the personal data collected through the Services, meaning we determine the purposes and means of processing your data.
1. What Information We Collect and Why We collect only the personal data necessary to enable you to register, engage with the platform, communicate securely, and comply with legal obligations.
This includes:
● Account Information: Your name, email address, company name, and login credentials.
● Usage Data: Information about your activities on the platform, such as messages posted, groups joined, and interactions with content.
● Technical Data: Device information (like IP address, browser type), and data from cookies and similar technologies to improve and secure the Services.
● Communications Data: Content of your messages, chats, and summaries generated or sent by the platform.
● Billing Data: If applicable, payment information required to process subscriptions or purchases.
We do not collect or store sensitive personal data such as physical addresses, phone numbers, or contact lists unless you explicitly provide them. We do not knowingly collect personal data from individuals under the age of 18, as our services are not directed at children.
2. Legal Bases for Processing Your Data We process your data based on the following legal grounds:
● Performance of Contract: To provide and maintain your account and the Services, including enabling your access to the platform, facilitating communications, and delivering AI summaries and other features as described.
● Consent: For optional communications such as marketing emails, which you can opt out of at any time, and for the use of non-essential cookies.
● Legitimate Interests: To improve, protect, and secure the platform, including fraud prevention and abuse detection. Our legitimate interests include:
o Enhancing the security and functionality of the Services.
o Detecting and preventing fraud, unauthorized access, and other malicious activities.
o Understanding how users interact with our platform to improve user experience and develop new features.
o Conducting analytics and research to optimize our service delivery.
o Ensuring the integrity and stability of our systems.
o Managing our business operations effectively. We ensure that these interests do not override your fundamental rights and freedoms.
● Legal Compliance: To comply with applicable laws and respond to lawful government or judicial requests.
3. How We Use Your Information We use your data to:
● Provide and personalize the Services you use.
● Enable collaboration, sharing, and communications within the intelligence forum.
● Maintain security and detect unauthorized or abusive behaviour.
● Comply with legal requirements and protect our rights.
● Send service-related notices and optional marketing communications (only with your consent).
● Generate AI summaries and insights from communications data to enhance the utility of the platform's intelligence sharing capabilities. When we use AI to process forum content for summaries, we want to be clear that while we exclude direct personal identifiers, the content itself, such as unique opinions, experiences, or specific details you share, may still constitute personal data. This is because such information can indirectly relate to or help identify you within the context of your contributions. We process this data to provide valuable insights and improve the service, always in accordance with this policy. We do not use your individual communications data to train public-facing AI models without explicit, separate consent.
4. Sharing Your Data We do not sell your personal data.
We may share your information with:
● Service Providers: Trusted third-party partners who help us operate and improve the Services (e.g., hosting, security, payment processing). They access your data only to perform specific tasks and must comply with our data protection standards and contractual obligations.
● Other Users: Information you choose to make visible to others within the platform, such as your name and profile details, to facilitate collaboration and communication.
● Legal Authorities: When required by law or to protect safety, prevent fraud, or enforce our rights.
5. Your Rights and Controls Under GDPR and other privacy laws, you have the right to:
● Access: Request a copy of the personal data we hold about you.
● Correction: Update or correct inaccurate or incomplete information.
● Erasure: Delete your personal data, subject to certain legal or operational limitations.
● Restriction: Limit the use of your data in specific situations.
● Data Portability: Receive your data in a commonly used, machine-readable format.
● Object: Object to certain data processing, including marketing communications.
You can exercise these rights by contacting us at [email protected]. You can also manage your communications preferences via links provided in our emails.
6. Data Retention We retain your personal data only as long as necessary to provide the Services and fulfil legal obligations.
If you delete your account, we will securely erase your data within 30 days, except where retention is required by law or for legitimate business purposes (such as dispute resolution).
7. Security of Your Data We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, or misuse, including:
● Encryption of data in transit and at rest where applicable.
● Regular security assessments and vulnerability testing.
● Two-factor authentication options to secure your account.
● Monitoring for abusive or suspicious behaviour to protect our community.
● Access controls to ensure data is only accessed by authorized personnel on a need-to-know basis.
8. Cookies and Tracking Technologies We use cookies and similar technologies to:
● Remember your preferences and login details.
● Analyse usage to improve and secure the platform.
● Provide relevant marketing content (with your consent).
You can control cookie settings through your browser, but disabling cookies may limit some functionalities. For a detailed explanation of the types of cookies we use, their purpose, and how to manage your preferences, please refer to our separate Cookie Policy.
9. International Data Transfers Your data may be processed and stored in the UK and other countries where OSINTO.ai or its service providers operate.
● Transfers to the UK: The European Commission has adopted an adequacy decision for the UK, meaning personal data can be transferred from the European Economic Area (EEA) to the UK without needing additional specific safeguards, as the UK's data protection laws are considered to provide an adequate level of protection.
● Transfers to other countries outside the UK or European Economic Area (EEA): When transferring data to countries without an adequacy decision, we use legally approved safeguards such as Standard Contractual Clauses (SCCs) to ensure your data remains protected. These clauses require data importers to adhere to EU/UK data protection standards. We also conduct transfer impact assessments where required, to ensure that the laws in the recipient country do not undermine the protections provided by the SCCs.
10. Handling Government Requests We respect your privacy and apply principles of transparency and user protection when responding to government or law enforcement requests for data. We will challenge overly broad or unlawful requests where possible and notify you unless prohibited by law.
11. Changes to This Policy We may update this Privacy Policy from time to time. If we make material changes affecting your rights, we will notify you via email or prominent notice on the platform.
12. Contact Us If you have questions or concerns about this Privacy Policy or your data, please contact our Data Protection Officer at:
Data Protection Officer OSINTO.ai [email protected]
You also have the right to lodge a complaint with your local data protection authority. For UK residents, this is the Information Commissioner's Office (ICO). For EEA residents, you can find your local authority on the European Data Protection Board (EDPB) website.
Thank you for trusting OSINTO.ai with your information. We are committed to protecting your privacy and maintaining your trust.
Thanks for using OSINTO.ai — our mission is to build and provide a living knowledge environment for Security, Resilience and Defence stakeholders, to promote global Risk & Resilience Management capability via a secure, trusted platform for sharing and sourcing business, operational, and threat intelligence, market insights and associated risk mitigation solutions and opportunities.
This Privacy Policy explains how we collect, use, and protect your personal data when you access or use our websites, software, browser extensions, chat, AI summaries, and related services (collectively, the “Services”). OSINTO.ai acts as the Data Controller for the personal data collected through the Services, meaning we determine the purposes and means of processing your data.
1. What Information We Collect and Why We collect only the personal data necessary to enable you to register, engage with the platform, communicate securely, and comply with legal obligations.
This includes:
● Account Information: Your name, email address, company name, and login credentials.
● Usage Data: Information about your activities on the platform, such as messages posted, groups joined, and interactions with content.
● Technical Data: Device information (like IP address, browser type), and data from cookies and similar technologies to improve and secure the Services.
● Communications Data: Content of your messages, chats, and summaries generated or sent by the platform.
● Billing Data: If applicable, payment information required to process subscriptions or purchases.
We do not collect or store sensitive personal data such as physical addresses, phone numbers, or contact lists unless you explicitly provide them. We do not knowingly collect personal data from individuals under the age of 18, as our services are not directed at children.
2. Legal Bases for Processing Your Data We process your data based on the following legal grounds:
● Performance of Contract: To provide and maintain your account and the Services, including enabling your access to the platform, facilitating communications, and delivering AI summaries and other features as described.
● Consent: For optional communications such as marketing emails, which you can opt out of at any time, and for the use of non-essential cookies.
● Legitimate Interests: To improve, protect, and secure the platform, including fraud prevention and abuse detection. Our legitimate interests include:
o Enhancing the security and functionality of the Services.
o Detecting and preventing fraud, unauthorized access, and other malicious activities.
o Understanding how users interact with our platform to improve user experience and develop new features.
o Conducting analytics and research to optimize our service delivery.
o Ensuring the integrity and stability of our systems.
o Managing our business operations effectively. We ensure that these interests do not override your fundamental rights and freedoms.
● Legal Compliance: To comply with applicable laws and respond to lawful government or judicial requests.
3. How We Use Your Information We use your data to:
● Provide and personalize the Services you use.
● Enable collaboration, sharing, and communications within the intelligence forum.
● Maintain security and detect unauthorized or abusive behaviour.
● Comply with legal requirements and protect our rights.
● Send service-related notices and optional marketing communications (only with your consent).
● Generate AI summaries and insights from communications data to enhance the utility of the platform's intelligence sharing capabilities. When we use AI to process forum content for summaries, we want to be clear that while we exclude direct personal identifiers, the content itself, such as unique opinions, experiences, or specific details you share, may still constitute personal data. This is because such information can indirectly relate to or help identify you within the context of your contributions. We process this data to provide valuable insights and improve the service, always in accordance with this policy. We do not use your individual communications data to train public-facing AI models without explicit, separate consent.
4. Sharing Your Data We do not sell your personal data.
We may share your information with:
● Service Providers: Trusted third-party partners who help us operate and improve the Services (e.g., hosting, security, payment processing). They access your data only to perform specific tasks and must comply with our data protection standards and contractual obligations.
● Other Users: Information you choose to make visible to others within the platform, such as your name and profile details, to facilitate collaboration and communication.
● Legal Authorities: When required by law or to protect safety, prevent fraud, or enforce our rights.
5. Your Rights and Controls Under GDPR and other privacy laws, you have the right to:
● Access: Request a copy of the personal data we hold about you.
● Correction: Update or correct inaccurate or incomplete information.
● Erasure: Delete your personal data, subject to certain legal or operational limitations.
● Restriction: Limit the use of your data in specific situations.
● Data Portability: Receive your data in a commonly used, machine-readable format.
● Object: Object to certain data processing, including marketing communications.
You can exercise these rights by contacting us at [email protected]. You can also manage your communications preferences via links provided in our emails.
6. Data Retention We retain your personal data only as long as necessary to provide the Services and fulfil legal obligations.
If you delete your account, we will securely erase your data within 30 days, except where retention is required by law or for legitimate business purposes (such as dispute resolution).
7. Security of Your Data We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, or misuse, including:
● Encryption of data in transit and at rest where applicable.
● Regular security assessments and vulnerability testing.
● Two-factor authentication options to secure your account.
● Monitoring for abusive or suspicious behaviour to protect our community.
● Access controls to ensure data is only accessed by authorized personnel on a need-to-know basis.
8. Cookies and Tracking Technologies We use cookies and similar technologies to:
● Remember your preferences and login details.
● Analyse usage to improve and secure the platform.
● Provide relevant marketing content (with your consent).
You can control cookie settings through your browser, but disabling cookies may limit some functionalities. For a detailed explanation of the types of cookies we use, their purpose, and how to manage your preferences, please refer to our separate Cookie Policy.
9. International Data Transfers Your data may be processed and stored in the UK and other countries where OSINTO.ai or its service providers operate.
● Transfers to the UK: The European Commission has adopted an adequacy decision for the UK, meaning personal data can be transferred from the European Economic Area (EEA) to the UK without needing additional specific safeguards, as the UK's data protection laws are considered to provide an adequate level of protection.
● Transfers to other countries outside the UK or European Economic Area (EEA): When transferring data to countries without an adequacy decision, we use legally approved safeguards such as Standard Contractual Clauses (SCCs) to ensure your data remains protected. These clauses require data importers to adhere to EU/UK data protection standards. We also conduct transfer impact assessments where required, to ensure that the laws in the recipient country do not undermine the protections provided by the SCCs.
10. Handling Government Requests We respect your privacy and apply principles of transparency and user protection when responding to government or law enforcement requests for data. We will challenge overly broad or unlawful requests where possible and notify you unless prohibited by law.
11. Changes to This Policy We may update this Privacy Policy from time to time. If we make material changes affecting your rights, we will notify you via email or prominent notice on the platform.
12. Contact Us If you have questions or concerns about this Privacy Policy or your data, please contact our Data Protection Officer at:
Data Protection Officer OSINTO.ai [email protected]
You also have the right to lodge a complaint with your local data protection authority. For UK residents, this is the Information Commissioner's Office (ICO). For EEA residents, you can find your local authority on the European Data Protection Board (EDPB) website.
Thank you for trusting OSINTO.ai with your information. We are committed to protecting your privacy and maintaining your trust.