SmartQuery SmartQuery
PricingSign Up

Privacy Policy

Last updated: January 14, 2026

Introduction

Welcome to SmartQuery, operated by SmartQuery Ltd, a company registered in England and Wales with company number [SC873991] and registered office at [REDACTED].

We respect your privacy and are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use our website and SmartQuery service (the “Service”).

If you have any questions about this policy or our data practices, please contact us at privacy@smartquery.co.uk.

Information We Collect

We collect and process the following categories of personal data:

  • Account & Contact Information: name, email address, password (hashed), and any other details you provide during registration or account updates.
  • User Content: documents, text, images, PDFs, or other files you upload, together with any metadata associated with them.
  • AI Interaction Data: search queries, prompts you submit to our semantic/AI features, and the results/responses generated (we do not use your content to train third-party foundation models unless you explicitly opt in).
  • Usage & Analytics Data: how you interact with the Service (features used, time spent, navigation paths, etc.).
  • Technical & Device Data: IP address, browser type & version, operating system, device identifiers, approximate location (derived from IP), access times and dates.
  • Payment Information (if applicable): processed securely by our payment provider — we do not store full card details.

We do not intentionally collect special category data (e.g. health, racial or ethnic origin, religious beliefs) unless you deliberately include it in uploaded content — in which case you remain the controller for that processing.

How We Use Your Information

We process your personal data for the following purposes and on the following legal bases:

  • To provide, maintain, and improve the Service
  • To process and store your uploaded content via Ragie and enable semantic search & AI-powered features
  • To extract, chunk, and index content from your documents for search and retrieval
  • To personalise your experience and develop new features
  • To communicate service updates, security notices, or respond to support requests
  • To detect, prevent and investigate fraud, abuse, or security incidents
  • To comply with legal obligations (e.g. responding to data subject rights requests)

Data Storage and Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data at rest and in transit (TLS 1.3+)
  • Secure authentication & authorisation via Supabase
  • Strict access controls and multi-factor authentication for our team
  • Data minimisation and pseudonymisation where possible

Your relational data and authentication information are primarily hosted in Supabase projects configured in EU regions where available. Uploaded documents are processed by Ragie for content extraction and chunking. Vector embeddings are stored with Pinecone. Some AI processing (e.g. LLM inference) occurs with providers in the United States or other jurisdictions.

Third-Party Services & International Transfers

We share data with the following subprocessors (acting as data processors on our instructions):

  • Supabase – Authentication, PostgreSQL database → Privacy Policy | DPA
  • Ragie – Document processing, content extraction, and chunking for semantic search → Privacy Policy
  • Cloudflare – Edge caching, DDoS protection → Privacy Policy
  • Stripe – Payment processing (card data never reaches our servers) → Privacy Policy

Some providers are located outside the UK/EEA (mainly United States). We only make restricted transfers when necessary and ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs
  • Processor’s Data Processing Addendum incorporating standard clauses
  • Transfer Impact Assessments where required

You can request our current subprocessor list or copies of relevant DPAs/SCCs by emailing elilourens123@gmail.com (subject to redaction of confidential information).

Data Retention

We keep personal data only for as long as necessary:

  • Account data — while your account is active + 90 days after deletion (for recovery/legal reasons)
  • User-uploaded content & vectors — until you delete it or your account is deleted (subject to backups)
  • Usage logs & technical data — up to 12–24 months for security & product improvement
  • Legal / billing records — 7 years as required by UK law

After these periods, data is securely deleted or irreversibly anonymised.

Your Rights (UK GDPR)

Under UK GDPR you have the right to:

  • Access your personal data (right of access)
  • Correct inaccurate or incomplete data
  • Request erasure (“right to be forgotten”)
  • Restrict processing in certain circumstances
  • Data portability (receive data in structured format)
  • Object to processing based on legitimate interests or for direct marketing
  • Withdraw consent (where we rely on consent)
  • Lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk)

To exercise these rights, email privacy@smartquery.co.uk or use the account settings / deletion options in the Service. We usually respond within one month (free of charge unless requests are excessive or manifestly unfounded).

Cookies and Similar Technologies

We use essential cookies for authentication and session management. Optional analytics cookies may be used to understand usage patterns (via privacy-friendly tools). You can manage preferences via our cookie banner or your browser settings.

We do not use cookies for behavioural advertising.

Children's Privacy

Our Service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If we become aware that we have collected such data, we will delete it promptly.

Changes to This Policy

We may update this policy from time to time. Material changes will be notified via email or in-app notice. The “Last updated” date at the top shows when it was last revised.

Contact Us

Questions, requests or complaints should be sent to:

SmartQuery Ltd
Email: elilourens123@gmail.com

(We have not appointed a formal Data Protection Officer as we are not legally required to do so, but all privacy matters are handled via the above contact.)