See Contona in action with our live demo
www.contona.ai | Last updated: February 2026
Introduction
Effective Date: 01st Jan 2026, Contona Inc, trading as Contona.ai is an AI-powered SaaS platform operated by Contona AI Limited, a company registered in England and Wales (collectively referred to as "Contona", "we", "us" or "our" in this policy).
We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store and share personal data when you visit www.contona.ai, create an account, or use our platform and services. Please read it carefully. By using the Site, you agree to the collection and use of information in accordance with this policy.
For the purposes of applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Contona AI Limited is the data controller of your personal data.
Definitions
In this policy, the following terms have the meanings set out below:
Account – the account you register and create on the Contona platform.
Cookies – small text files placed on your device when you visit our Website, as further described in the Cookies section below.
Data Protection Laws – the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended), and any successor legislation.
Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation performed on Personal Data, including collection, storage, use, disclosure or deletion.
Services – the Contona.ai AI platform, including all features, tools, APIs and integrations made available to you.
Website – our website at www.contona.ai and any associated sub-domains.
You / User – any individual who accesses the Website or uses the Services, and who is not employed by or contracted to Contona.
Personal Data We Collect
We may collect and process the following categories of Personal Data:
Data you provide to us
Identity data: your name, username or similar identifier.
Contact data: your email address, telephone number and business address.
Account data: login credentials, profile information, preferences and settings.
Content data: any text, prompts, files, images or other materials you input into or upload to the Services.
Communications data: messages, support requests and feedback you send to us.
Payment data: billing details and redacted payment card information (processed securely by our payment provider).
Data collected automatically
Technical data: IP address, browser type and version, operating system, device identifiers.
Usage data: pages visited, features used, time and frequency of access, click-path data, session duration.
Cookie data: information collected via cookies and similar tracking technologies (see Cookies section).
Please avoid including third-party personal data in prompts or file uploads unless strictly necessary for your use of the Services.
How We Collect Your Data
We collect Personal Data through the following means:
Directly from you, when you register for an account, use the Services, contact us for support, complete surveys, or subscribe to marketing communications.
Automatically, through your use of the Website and Services via cookies, server logs and similar technologies.
From third parties, such as identity and authentication providers (e.g. Google sign-in), payment processors and analytics partners.
How We Use Your Personal Data
We use your Personal Data for the following purposes, each supported by a lawful basis under UK GDPR:
Provision of Services (Contractual necessity)
To create and manage your Account.
To provide, operate and maintain the Contona platform and AI features.
To process payments and manage billing.
To provide customer support and respond to your enquiries.
Improvement and Development (Legitimate interests)
To analyse usage patterns and improve the performance, security and functionality of the Services.
To conduct internal research and development activities.
To generate aggregated and anonymised insights about platform usage.
Marketing and Communications (Legitimate interests or Consent)
To send you product updates, newsletters and marketing communications (where you have opted in or where we have a legitimate interest to do so as an existing customer).
To personalise communications and advertise our Services to new and existing users.
Legal and Compliance (Legal obligation / Legitimate interests)
To comply with legal and regulatory obligations, including tax and accounting requirements.
To detect, prevent and investigate fraud, security incidents and misuse of the Services.
To bring or defend legal claims and assert legal rights.
Who We Share Your Data With
We do not sell your Personal Data. We may share it with the following parties only to the extent necessary for the purposes described above:
Group companies and affiliates – to support the operation and development of our business.
Service providers and processors – third parties who host, operate or support our infrastructure (e.g. cloud hosting, analytics, payment processing, email delivery). All processors are bound by written Data Processing Agreements and required to maintain appropriate security standards.
AI model providers – where you use AI-powered features, your input data may be processed by third-party model providers subject to appropriate contractual safeguards.
Professional advisors – including lawyers, accountants and auditors, on a confidential basis.
Regulatory and law enforcement authorities – where required by law, court order or to protect the rights and safety of others.
Prospective buyers – in connection with a merger, acquisition or sale of all or part of our business, subject to appropriate confidentiality obligations.
International Data Transfers
Some of our third-party service providers are based outside the UK and the European Economic Area (EEA). Where we transfer Personal Data internationally, we ensure an adequate level of protection is in place by relying on one or more of the following safeguards:
An adequacy decision by the UK Government or European Commission in respect of the destination country.
Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs) approved by the relevant authority.
Other appropriate technical and organisational measures required by Data Protection Laws.
How Long We Keep Your Data
We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. In practice:
Account and service data is retained for the duration of your account, and for a reasonable period thereafter to allow for disputes and legal claims (typically up to 6 years).
Customer support records are retained for 2 years following your last interaction with us.
Financial and accounting records are retained for the period required under applicable accounting legislation (typically 6 years in the UK).
Marketing data is retained until you unsubscribe or withdraw consent.
Even after deletion, data may persist on backup or archival media for a limited period for legal and security purposes.
How We Keep Your Data Secure
We implement appropriate technical and organisational measures to protect your Personal Data against accidental loss, unauthorised access, disclosure, alteration or destruction. These measures include:
Held securely on state-of-the-art servers.
Access controls, role-based permissions and multi-factor authentication.
Regular security assessments and monitoring.
Staff training on data protection and information security.
The security of your personal information is important to us, and will ensure that the recorded data, including any personal information, is protected correctly following the current safety standards. But remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security due to the nature of the internet not being 100% secure.
Contona.ai is listed on the UK Data Protection Public Register, number ………….., at the Information Commissioner's Office.
As a Data Controller, Contona.ai complies fully with the Data Protection Act.
For more information about the information we hold, please email us at privacy@contona.ai.
Your Rights
Under UK GDPR, you have the following rights in relation to your Personal Data:
Right of access – to request a copy of the Personal Data we hold about you.
Right to rectification – to request that inaccurate or incomplete data is corrected.
Right to erasure – to request deletion of your Personal Data where we no longer have a lawful basis to retain it.
Right to restriction – to request that we limit our Processing of your data in certain circumstances.
Right to data portability – to receive your data in a structured, commonly used, machine-readable format.
Right to object – to object to Processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent – where we rely on consent as our lawful basis, you may withdraw it at any time without affecting the lawfulness of prior Processing.
To exercise any of these rights, please contact us at: privacy@contona.ai. We will respond within one calendar month. We may need to verify your identity before acting on your request.
If you are not satisfied with how we handle your request or your Personal Data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). Further information is available at www.ico.org.uk.
Cookies
Our Website uses cookies and similar technologies to improve your experience and to help us understand how the platform is used. We use the following types of cookies:
Strictly necessary cookies – essential for the operation of the Website and Services (e.g. authentication, session management). These are used on the basis of contractual necessity and cannot be disabled.
Analytical / performance cookies – allow us to measure and analyse how visitors use the Website, helping us improve its content and navigation (e.g. Google Analytics). Used on the basis of legitimate interests or consent.
Functional cookies – remember your preferences and settings to personalise your experience. Used on the basis of consent.
Marketing cookies – used by us and third parties to deliver relevant advertising and track campaign performance. Used on the basis of consent.
When you first visit the Website, you will be presented with a cookie consent banner. You may accept or decline non-essential cookies at any time by adjusting your preferences. Please note that disabling certain cookies may affect the functionality of the Services.
You can also control cookies through your browser settings. For more information, visit www.aboutcookies.org or www.allaboutcookies.org.
Links to Third-Party Websites
The Website may contain links to third-party websites, plug-ins and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
Changes to This Policy
We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any changes will be posted on this page with an updated date at the top. Where changes are material, we will notify you by email or via a prominent notice within the platform. Your continued use of the Services following notification constitutes acceptance of the updated policy.
Contact Us
If you have any questions, concerns or requests relating to this Privacy Policy or how we handle your Personal Data, please contact us:
Email: privacy@contona.ai
Website: www.contona.ai
Post: Contona AI Limited, [Registered Address], England
You may also contact the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached:
Website: www.ico.org.uk
Helpline: 0303 123 1113
