Privacy Policy

1) Who is the controller

Controller: Cold AI Ltd (trading as Warm AI)
Email: support@getwarmai.com

If we act as your processor for data you upload into the Services, our processing is governed by our DPA with you.

2) Scope

This Policy covers personal data we process as controller, including website visits, product accounts, support, marketing, and sales interactions. It does not cover processing we perform strictly on your instructions as processor.

3) What we collect

• Account and contact data: name, email, role, company, billing data.
• Usage and device data: IP address, browser/OS, pages viewed, timestamps, referrers, product events, security telemetry.
• Support data: messages, tickets, call notes.
• Marketing preferences and communications.
• Content you submit: prompts, files, or data you choose to provide.

We do not intentionally collect special category data. Do not submit such data unless we have agreed appropriate safeguards.

4) Why we collect it and legal bases

• Provide and secure the Services: authentication, routing, performance, fraud prevention, incident detection, customer support. Legal bases: contract performance, legitimate interests, legal obligations.
• Improve and develop: features, quality, and security. Legal basis: legitimate interests.
• Billing and account administration: Legal bases: contract performance and legal obligations.
• Communicate with you: updates, security notices, service messages. Legal bases: contract performance and legitimate interests.
• Marketing: where permitted. Legal bases: consent for electronic marketing, or legitimate interests for B2B with opt-out.
• Compliance: legal requests and enforcement of rights. Legal basis: legal obligations and legitimate interests.

5) Cookies and similar technologies

We use cookies, local storage, and similar technologies for essential functionality, performance, and security. Some cookies are set by Cloudflare to keep the service secure and reliable.

Key examples: __cf_bm, cf_clearance and related Cloudflare cookies used to manage traffic, mitigate bots, and apply WAF challenges. Session and preference cookies for login and settings.

6) Cloudflare

We use Cloudflare as a reverse proxy, CDN, DDoS/WAF, and bot management provider. Cloudflare processes limited traffic data and security telemetry as our processor. Cloudflare uses EU Standard Contractual Clauses with the UK Addendum for international transfers.

7) Sharing your data

We share personal data only with:

• Processors: hosting, email, CRM, analytics, payment, security providers including Cloudflare.
• Professional advisers and auditors under confidentiality.
• Authorities if required by law.

We do not sell personal data.

8) International transfers

Where data is transferred outside the UK/EEA, we use appropriate safeguards such as the EU SCCs with the UK Addendum, plus transfer risk assessments where required.

9) Retention

We keep data only as long as needed. Typical periods:

• Account and billing records: 6 years after account closure.
• Product logs and security telemetry: 30 to 180 days.
• Support tickets: up to 2 years after closure.
• Marketing data: until opt-out or after inactivity period.

10) Your rights (UK GDPR)

You have the right to request access, rectification, erasure, restriction, portability, and to object to certain processing. Where processing is based on consent, you can withdraw consent at any time. To exercise these rights, contact support@getwarmai.com. You also have the right to complain to the UK Information Commissioner's Office (ICO).

11) Children

Our Services are for business use and not directed to children. Do not use the Services if you are under 18.

12) Security

We apply layered security measures including encryption in transit, role-based access control, secret management, logging and monitoring, vulnerability management, regular reviews, and Cloudflare's edge protections.

13) Automated decision-making

We do not make solely automated decisions with legal or similarly significant effects. Our AI features generate content and recommendations under your direction.

14) Marketing

You can opt out of marketing emails at any time using the unsubscribe link or by emailing support@getwarmai.com. We may still send service and security notices.

15) Changes to this Policy

We may update this Policy to reflect changes to our practices or the law. We will post updates with a new "Last updated" date and, where material, provide notice.