How Dataiera collects, uses, shares and protects personal data, the legal bases we rely on under the EU and UK GDPR, and the rights available to you under European and US privacy laws.
Last updated: 2 June 2026
Dataiera ("Dataiera", "we", "us" or "our") provides agentic commerce infrastructure to merchants, schemes, acquirers, PSPs and fintechs. For the personal data described in this policy, Dataiera is the data controller unless stated otherwise.
You can reach our privacy team at privacy@dataiera.com. Our postal address and data-protection contacts are set out in section 16.
This policy covers personal data we handle as a controller: visitors to our website, prospects and customers, people who contact us or request a demo, applicants, and business contacts at partner organisations. It does not govern how our customers use their own commerce agents; those merchants are responsible for their own privacy notices to their end customers.
We do not seek to collect special-category data through our website and ask that you do not send it to us unsolicited.
Where the EU or UK GDPR applies, we rely on one or more of the following legal bases:
We may transfer personal data outside the UK/EEA. Where we do, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an adequacy decision, together with additional measures where necessary. You can request a copy of the safeguards we use via the contacts in section 16.
We keep personal data only for as long as necessary for the purposes described here, including to meet legal, accounting or reporting requirements. When it is no longer needed, we securely delete or anonymise it. Retention periods vary by data type and context.
We maintain technical and organisational measures appropriate to the risk, including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, tenant isolation and monitoring. Our payment processing is PCI DSS Level 1 certified. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and regulators of incidents where required.
Subject to conditions in the law, you have the right to: access; rectification; erasure; restriction; data portability; and to object to processing (including direct marketing). Where we rely on consent, you may withdraw it at any time without affecting prior processing.
To exercise these rights, contact privacy@dataiera.com. You also have the right to lodge a complaint with your supervisory authority in the UK, the Information Commissioner's Office (ICO); in the EU, your local data protection authority.
If you are a resident of California or another US state with a comprehensive privacy law (including Virginia, Colorado, Connecticut, Utah, Texas and others), you may have the right to: know and access the personal information we hold; correct it; delete it; obtain a portable copy; and opt out of the "sale" or "sharing" of personal information and of targeted advertising. We do not discriminate against you for exercising these rights.
We do not sell personal information for money and do not knowingly sell or share the personal information of anyone under 16. To exercise your rights, or to opt out of sale/sharing and targeted advertising, email privacy@dataiera.com with the subject line "US Privacy Request". We will verify your request and may allow an authorised agent to act on your behalf. You may appeal a decision by replying to our response.
Where your browser sends a recognised opt-out preference signal (such as Global Privacy Control), we treat it as a valid opt-out of sale/sharing for that browser.
Our website does not make decisions producing legal or similarly significant effects about you based solely on automated processing. Where our platform uses AI models to power commerce agents on behalf of customers, that processing is carried out under our customers' instructions as a processor and is governed by the applicable Data Processing Agreement.
Our website and services are intended for businesses and are not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice.
Our privacy team is happy to help with any request or question.
Email privacy@dataiera.com →