Acuity Education – Privacy Notice

Effective date: 2nd June 2025

We respect your privacy. This Privacy Notice explains how Acuity AI Education Ltd (“Acuity”, “we”, “us”, “our”) collects, uses and safeguards information about identifiable individuals (“Personal Data”) when you visit https://acuity.education or use any of our related applications, products or services (together, the “Services”).

1 Who we are & how to reach us

Acuity AI Education Ltd is a company registered in England and Wales.
Questions, requests or concerns regarding this notice or our handling of Personal Data can be sent to privacy@acuity.education.

2 The information we collect

a. Cookies & similar technologies
We use first- and third-party cookies and tracking scripts to operate the Services, analyse traffic and personalise your experience. You can control cookies through your browser settings. See our separate Cookie Notice for details.

b. Scraped content from your online publications and websites
We cache for 24 hours after each report the data from your website(s) if you are a customer and ask for it to be examined for compliance. This involves producing an offline duplicate for us to analyse.

3 How and why we use Personal Data

Purpose Lawful basis (UK GDPR Art. 6)

Deliver, secure and administer the Services; process payments and renewals

Contract – necessary to perform our agreement with you or your organisation. Troubleshoot, monitor and improve product performance; train and evaluate our AI models solely for Acuity products

Legitimate interests – to keep the platform reliable and continually improve it. Respond to enquiries, send product updates, conduct surveys and provide support

Legitimate interests or Consent (for optional marketing) Conduct research, compile analytics and produce aggregated statistics that no longer identify individuals

Legitimate interests Detect and prevent fraud, abuse and security incidents

Legitimate interests Comply with legal obligations, regulatory requests or court orders

Legal obligation

No sale or ad-targeting: We do not sell Personal Data and we do not share it for cross-site behavioural advertising.

4 When we share data

We only disclose Personal Data:

  • Service providers – cloud hosting, payment processors, email platforms, analytics vendors—each under a contract that limits use to our instructions.

  • Group companies – to offer integrated solutions or consolidated invoicing, in line with this notice.

  • Corporate events – if Acuity undergoes a merger, acquisition or asset sale, data may transfer to the successor entity.

  • Legal reasons – when required to meet legal duties, enforce our terms, protect users’ safety or investigate wrongdoing.

A current list of sub-processors is available on request.

5 International transfers

Acuity primarily stores data in the UK and EEA. Where we transfer data outside these regions (e.g. to a US-based cloud provider) we rely on an approved mechanism such as the UK Addendum to the EU Standard Contractual Clauses or an adequacy decision.

6 Retention

We keep Personal Data only as long as needed for the purposes set out above:

  • Customer Data (Account Data, User-Supplied Content) – at least 12 months after the later of (i) your last content generation or (ii) the end of a time-bound subscription; then it is deleted or irreversibly anonymised unless law requires longer storage.

  • Back-ups & audit logs – retained for fixed security and compliance periods, then purged automatically.

  • Marketing records – until you unsubscribe or two years after your last interaction, whichever is sooner.

7 Your rights

Under UK/EU data-protection law you can, in certain circumstances:

  1. Access the Personal Data we hold about you;

  2. Rectify inaccurate or incomplete data;

  3. Erase data or restrict its processing;

  4. Object to processing based on legitimate interests or direct marketing;

  5. Port data you provided to us in a structured, machine-readable format;

  6. Withdraw consent at any time where processing relies on consent.

To exercise any of these rights, email privacy@acuity.education. We may need to verify your identity and, for complex requests, we have up to one month (extendable by a further two months) to respond. You can also complain to the UK Information Commissioner’s Office (www.ico.org.uk) or your local supervisory authority.

8 Security

We employ industry-standard administrative, technical and organisational safeguards—encryption in transit and at rest, access controls, penetration testing and employee training—to protect data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9 Controller vs. processor roles

  • Controller – We act as a data controller for information we collect for our own business (e.g. billing, product improvement, marketing).

  • Processor – When you load data belonging to your organisation into the platform, we process it strictly on your organisation’s instructions. Your organisation is the controller for that data.

10 Links to third-party sites

The Services may contain links or widgets pointing to sites we don’t operate. Their privacy practices are governed by their own notices; we are not responsible for their content.

11 Changes to this notice

We may amend this Privacy Notice periodically. We will post the revised version here and update the “Effective date” above. Material changes may also be notified by email or in-product message.

Need more information?
Email privacy@acuity.education and we’ll be happy to help.