Dataiera
Legal

Our Privacy Policy

How Dataiera collects, uses, shares and protects personal data, the legal bases we rely on under the EU and UK GDPR, and the rights available to you under European and US privacy laws.

Last updated: 2 June 2026

This policy explains our practices as a business. Where Dataiera processes personal data on behalf of a customer (for example, end-customer data flowing through a merchant's commerce agent), we act as a processor and that processing is governed by our Data Processing Agreement with that customer. This policy is not legal advice; please seek your own where needed.

1. Who we are

Dataiera ("Dataiera", "we", "us" or "our") provides agentic commerce infrastructure to merchants, schemes, acquirers, PSPs and fintechs. For the personal data described in this policy, Dataiera is the data controller unless stated otherwise.

You can reach our privacy team at privacy@dataiera.com. Our postal address and data-protection contacts are set out in section 16.

2. Scope of this policy

This policy covers personal data we handle as a controller: visitors to our website, prospects and customers, people who contact us or request a demo, applicants, and business contacts at partner organisations. It does not govern how our customers use their own commerce agents; those merchants are responsible for their own privacy notices to their end customers.

3. Data we collect

Information you give us
Name, work email, phone, company, role and anything you include when you contact us, book a demo, subscribe or apply for a role.
Information collected automatically
Device and browser type, IP address, approximate location, pages viewed, referral source and interactions, gathered via cookies and similar technologies (see section 6).
Information from third parties
Business contact and enrichment data from partners and public sources, and security signals (e.g. anti-fraud and CAPTCHA providers).

We do not seek to collect special-category data through our website and ask that you do not send it to us unsolicited.

4. How and why we use data

  • To respond to enquiries, provide demos and manage our relationship with you.
  • To provide, secure, maintain and improve our website and services.
  • To send service and, where permitted, marketing communications (you can opt out at any time).
  • To detect, prevent and investigate fraud, misuse and security incidents.
  • To comply with legal, regulatory, accounting and reporting obligations.

6. Cookies & tracking

We use strictly necessary cookies to run the site, plus, with your consent where required, analytics and preference cookies. Our contact form uses Google reCAPTCHA to prevent abuse, which is subject to Google's privacy policy and terms.

You can control cookies through your browser settings and, where offered, our cookie banner. Some US laws treat certain analytics/advertising cookies as a "sale" or "sharing" of personal information; see section 12 for how to opt out.

7. Sharing & service providers

We share personal data only as needed with: service providers and processors (hosting, analytics, communications, CRM, security); professional advisers; and authorities where required by law. We may also share data in connection with a merger, acquisition or reorganisation, subject to this policy.

We do not sell personal data for money. Where our use of analytics or advertising technologies constitutes "selling" or "sharing" under US state laws, we honour opt-out rights as described in section 12.

8. International data transfers

We may transfer personal data outside the UK/EEA. Where we do, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an adequacy decision, together with additional measures where necessary. You can request a copy of the safeguards we use via the contacts in section 16.

9. Data retention

We keep personal data only for as long as necessary for the purposes described here, including to meet legal, accounting or reporting requirements. When it is no longer needed, we securely delete or anonymise it. Retention periods vary by data type and context.

10. Security

We maintain technical and organisational measures appropriate to the risk, including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, tenant isolation and monitoring. Our payment processing is PCI DSS Level 1 certified. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and regulators of incidents where required.

11. Your rights (EU / UK GDPR)

Subject to conditions in the law, you have the right to: access; rectification; erasure; restriction; data portability; and to object to processing (including direct marketing). Where we rely on consent, you may withdraw it at any time without affecting prior processing.

To exercise these rights, contact privacy@dataiera.com. You also have the right to lodge a complaint with your supervisory authority in the UK, the Information Commissioner's Office (ICO); in the EU, your local data protection authority.

12. US state privacy rights

If you are a resident of California or another US state with a comprehensive privacy law (including Virginia, Colorado, Connecticut, Utah, Texas and others), you may have the right to: know and access the personal information we hold; correct it; delete it; obtain a portable copy; and opt out of the "sale" or "sharing" of personal information and of targeted advertising. We do not discriminate against you for exercising these rights.

We do not sell personal information for money and do not knowingly sell or share the personal information of anyone under 16. To exercise your rights, or to opt out of sale/sharing and targeted advertising, email privacy@dataiera.com with the subject line "US Privacy Request". We will verify your request and may allow an authorised agent to act on your behalf. You may appeal a decision by replying to our response.

Where your browser sends a recognised opt-out preference signal (such as Global Privacy Control), we treat it as a valid opt-out of sale/sharing for that browser.

13. AI & automated decision-making

Our website does not make decisions producing legal or similarly significant effects about you based solely on automated processing. Where our platform uses AI models to power commerce agents on behalf of customers, that processing is carried out under our customers' instructions as a processor and is governed by the applicable Data Processing Agreement.

14. Children's privacy

Our website and services are intended for businesses and are not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

15. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice.

16. Contact us

Privacy team
privacy@dataiera.com
Postal address
Dataiera, London AI Hub, 140 Goswell Road, London EC1V 7DY, United Kingdom
Supervisory authority (UK)
Information Commissioner's Office (ICO): ico.org.uk

Questions about your data?

Our privacy team is happy to help with any request or question.

Email privacy@dataiera.com →