Privacy Policy
Last updated: 28 April 2026.
Eidolon AI ("we", "us", "our") is committed to privacy by architecture — not by promise. This page explains what data the platform-level marketing site collects, what each product does, and how to exercise your rights under UK GDPR and equivalent regimes.
1. The marketing site
The page you are reading lives at https://eidolonai.co.uk/ and is served as static HTML. We do not run analytics on this site. We do not set cookies. There are no third-party trackers. Page views are not attributed to individuals.
2. Per-product privacy
Each Eidolon product has a different relationship with your data. The summary:
| Product | Where the data lives | Notes |
|---|---|---|
| Personal | Local DuckDB on your device | Zero bytes sent to cloud. Privacy section on Personal page. |
| Nursery | UK-hosted Postgres, schema-isolated per nursery | Eidolon AI is the Data Processor; the nursery is the Data Controller. Nursery privacy. |
| Research (SaaS) | UK/EU-hosted Postgres, tenant-isolated | Tenant-managed. Hybrid local-first option keeps PDFs & analysis on your machine. |
| Clinic / Care | UK/AU-hosted, schema-isolated per organisation | NSW HRIPA + UK GDPR compliant; CT/PT sovereignty rules apply. |
| ABS | AU-hosted (arcturuservices.com.au) | Separate deployment; see ABS's own privacy policy. |
3. What we never do
- We do not sell your data.
- We do not use your data to train shared models.
- We do not silently change your data residency.
- We do not retain your data after you ask us to delete it (subject to legal retention obligations only).
4. Your rights
Under UK GDPR (and the equivalent under Australian Privacy Principles for AU users) you have the right to access, correct, port, and erase personal data we process about you. Email privacy@eidolonai.co.uk. We respond within 30 days; for urgent requests within 7.
5. Lawful basis
For the marketing site: legitimate interest (running a public website). For the products: the lawful basis is set per-product — typically contract (B2B SaaS), contract or legitimate interest (Personal, after purchase), and explicit consent for any optional processing (e.g., photo-to-observation features). Each product's settings page documents the lawful basis live.
6. International transfers
Personal runs on your device — no transfer. Institutional products keep data inside the customer's chosen jurisdiction (UK, EU, AU). When we use sub-processors (e.g., Stripe for billing), data is transferred under Standard Contractual Clauses where required.
7. Updates to this policy
We update this page when our practices change. Material changes are notified to logged-in customers and (where relevant) to billing contacts. The "last updated" date at the top of this page is authoritative.
8. Contact
Privacy enquiries: privacy@eidolonai.co.uk
General contact: /contact