Your privacy at ismee.
How we collect, use, store and protect your information — and the rights you have over it.
Last updated: 7 July 2026
1. Who we are
ismee.ai ("ismee", "we", "us") provides a platform that helps organisations create trusted virtual versions of their people and knowledge. This policy explains how we handle personal data across our website (ismee.ai), our help centre (support.ismee.ai) and our product (app.ismee.ai).
ismee.ai is currently operated as a research preview. A formal legal entity is being established; the registered company name and business address of the data controller will be added here before general availability. For any privacy question or request, please use our contact form or email us.
Where you use ismee as part of an organisation, that organisation is typically the controller of the knowledge and content it uploads, and we act as its processor for that content (see section 9).
2. The information we collect
Information you give us
- Account & workspace details — your name, email address, organisation name, sector and role.
- Knowledge you add — the documents, files and text you upload so your assistant can answer from them. These may contain personal data you choose to include.
- Questions & conversations — the messages you and your team send to the assistant, and its answers.
- Anything you send us — for example via our contact or beta sign-up forms.
Information we collect automatically
- Usage & audit data — actions taken in the product, kept for security, accountability and to improve the service.
- Technical data — such as IP address, device/browser type and log data, used to run and secure the service.
3. How we use your information
- To provide and operate the service — including generating answers grounded in your own knowledge.
- To create, secure and administer your account and workspace.
- To keep the service secure and detect, prevent and investigate abuse or misuse.
- To respond to your enquiries and provide support.
- To improve and develop the product (using aggregated or de-identified data where practical).
- To send service and administrative messages (for example email verification and workspace-approval emails).
- To comply with our legal obligations.
4. Our legal bases (UK GDPR)
- Performance of a contract — to provide the service you or your organisation have signed up for.
- Legitimate interests — to secure, maintain and improve the service, and to communicate with you, balanced against your rights.
- Consent — where we ask for it (for example certain communications); you can withdraw it at any time.
- Legal obligation — where we're required to process data by law.
5. The AI provider and how it handles your data
The intelligence behind ismee is provided by OpenAI's API Platform — not the consumer ChatGPT app. Based on OpenAI's current published terms for the API:
- Data sent through the API is not used to train OpenAI's models by default.
- OpenAI may retain API inputs and outputs for up to 30 days to run the service and detect abuse, then deletes them (unless legally required to keep them).
- The API Platform is SOC 2 Type 2 certified, with encryption in transit and at rest.
Please note these reflect OpenAI's published terms and may change; see our Data & compliance page for more.
6. Who we share your data with (sub-processors)
We don't sell your data. We use a small number of trusted providers to run the service:
| Provider | Purpose | Location |
|---|---|---|
| OpenAI | AI model that generates answers | US |
| Neon | Database (accounts, knowledge records, logs) | EU (London) |
| Render | Application hosting | EU (Frankfurt) |
| Backblaze B2 | Object storage for uploaded files and images | US |
| Resend | Transactional email (verification, invitations) | US/EU |
We may also share data where required by law, or in connection with a business transfer, and with professional advisers under confidentiality.
7. International transfers
Our application and primary database are hosted in the EU. Some processing takes place in the US — currently our object storage (uploaded files and images) and our AI provider. Where personal data is transferred outside the UK/EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement / Addendum, EU Standard Contractual Clauses, or an adequacy decision, together with our providers' own commitments. We're working towards full EU data residency.
8. How long we keep it
We keep personal data for as long as your account or workspace is active, and for a reasonable period afterwards to meet legal, security and operational needs, after which we delete or anonymise it. Data held by our AI provider is subject to its short retention window (see section 5). Backups are retained for a limited period.
9. If you use ismee as part of an organisation
If your organisation provides ismee to you, it controls the knowledge and content in its workspace and decides who can access it. For that content we act as the organisation's processor and handle it under our agreement with them. Please direct requests about that content to your organisation's administrator. A Data Processing Agreement is available to customers on request.
10. Security
We take security seriously. Measures include encryption in transit and at rest, strict tenant isolation (each organisation's data is kept separate), role-based access controls, email verification, and audit logging. No system is perfectly secure, but we work to protect your data and to respond quickly to any issue.
11. Your rights
Under UK GDPR you have the right to access, correct, delete, restrict or object to the processing of your personal data, to data portability, and to withdraw consent where we rely on it. To exercise any of these, contact us or email us. You also have the right to complain to the UK's Information Commissioner's Office (ICO) at ico.org.uk.
12. Cookies
Our product uses essential cookies needed to sign you in and keep your session secure. Our marketing site does not currently use non-essential or advertising cookies. If this changes, we'll update this policy and seek consent where required.
13. Children
ismee is a business tool and is not directed at children. It is not intended for anyone under 18, and we don't knowingly collect their data.
14. Changes to this policy
We may update this policy from time to time. We'll change the "last updated" date above and, for material changes, take reasonable steps to let you know.
15. Contact us
Questions or requests about your data? Use our contact form, or email us.