Privacy Policy

BEYLA UK LTD is a company registered in England and Wales with its registered office at 128 City Road, London, EC1V 2NX. For the purposes of UK data protection law, BEYLA is the controller of personal data that we collect about visitors to our website, prospects, customers, Authorised Users of the Service, job applicants, suppliers and other business contacts. When we process personal data in Customer Data on behalf of a customer, we do so as a processor under our Data Processing Addendum.

• Who we are: BEYLA UK LTD, based at 128 City Road, London, EC1V 2NX.
• What we collect: account information, usage data, content you submit, communications, device/technical data, and business information.
• Why: to provide and improve the Service, to keep it secure, to communicate with you, to meet legal obligations, and to develop our AI models.
• Where: we operate the Service from the UK. Data may be transferred globally (for example to the EEA and United States) using approved safeguards.
• Your rights: you can access, correct, delete, restrict, port or object to processing of your personal data, and complain to the ICO.
• Contact: privacy@beyla.ai

1.1 This policy applies to personal data we collect about:

• visitors to beyla.ai and any related websites, applications, social media pages and marketing channels (the “Sites”);
• prospective and current customers and their Authorised Users who register for or use the BEYLA Service (including its BETA form);
• attendees of our events, webinars or community forums;
• suppliers, partners, advisers and other business contacts; and
• job applicants and other individuals who contact us.

1.2 If you are a customer of a BEYLA customer (for example, your business uses BEYLA to interact with us) and we process your personal data on that customer’s behalf, the customer is the controller. Please refer to their privacy notice.

2.1 We collect the following categories of personal data:

Identity and contact data

Name, email address, phone number, job title, employer, company name, business address, country.

Account and credential data

Username, authentication credentials (hashed), multi-factor authentication data, API keys and access tokens (we never see your passwords in plain text).

Business and commercial data

Company registration details, VAT number, role within your organisation, subscription plan, billing records and transaction history.

Content and Customer Data

Content you upload, type, paste, transcribe, or otherwise submit to the Service, including prompts, documents, financial records, communications, and files. Most of this is processed on behalf of a customer; see our DPA.

Usage, device and technical data

IP address, device identifiers, browser type and version, operating system, language preferences, referring URLs, pages viewed, actions taken, timestamps, telemetry, error logs and performance metrics.

Marketing and preferences

Communication preferences, marketing consents, responses to surveys and interactions with our content.

Identity verification and compliance data

Business verification data, sanctions and adverse-media screening results, records of compliance checks, and information we are required to hold under applicable law.

Cookies and similar technologies

See our Cookie Policy for detail on cookies and similar technologies used on our Sites.

• Directly from you: when you register an account, complete a form, contact us, subscribe to marketing, apply for a job or attend an event.
• Automatically: when you use the Sites or Service, through cookies, SDKs, server logs and similar technologies.
• From third parties: including our service providers, public registries (Companies House), sanctions and credit-reference data sources, identity verification providers, social media platforms, and referrers.

Under the UK GDPR we must have a lawful basis for processing personal data. We rely on the following bases depending on the purpose:

• Providing the Service (accounts, authentication, core functionality, support) — identity and contact, account and credential, content and Customer Data, usage data — Performance of a contract; legitimate interests (operating the Service).
• Billing, invoicing and collection of Fees — identity, contact, business, commercial — Performance of a contract; legal obligation.
• Identity and business verification, KYC, sanctions and fraud prevention — identity, business, compliance — Legal obligation; legitimate interests (fraud prevention, regulatory readiness).
• Securing, monitoring and defending the Service — usage, technical, content — Legitimate interests (security, integrity of service).
• Improving, operating and securing the Service, and developing BEYLA’s own models, agents and features (including, where appropriate, using de-identified or aggregated Customer Data) — usage data; de-identified or aggregated Customer Data — Legitimate interests (operating and improving the Service; building and training BEYLA’s own models to deliver a better, safer Service).
• Protecting the hive — detecting and responding to risk, abuse, fraud, error or harm affecting BEYLA, our members or the wider community — usage, technical, content, identity and account — Legitimate interests (safety and integrity of the Service and its members); legal obligation (where applicable).
• Customer communications (service notices, onboarding, incident response) — identity, contact, account — Performance of a contract; legitimate interests.
• Marketing and insights (newsletters, product updates) — identity, contact, marketing — Consent (where required); legitimate interests (for existing customers under soft-opt-in).
• Meeting legal and regulatory obligations — any as required — Legal obligation.
• Establishing, exercising or defending legal claims — any as relevant — Legitimate interests; legal obligation.
• Corporate transactions (M&A, restructuring) — any as relevant — Legitimate interests (running our business).

4.2 Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You have the right to object at any time; see section 10.

4.3 We do not rely on automated decision-making that produces legal or similarly significant effects for you under Article 22 UK GDPR. The Service may use AI to assist with workflows, summaries, predictions and recommendations, but a human within your organisation is expected to review and make decisions.

5.1 We share personal data with the following categories of recipients:

• Service providers and sub-processors such as cloud and hosting providers, AI model providers, analytics providers, customer-support tools, email and messaging providers, identity verification and KYC providers, payment processors, and security services.
• Integrations you enable such as accounting systems, banking connections (open banking providers), communication platforms and other tools. When you connect these, you authorise the sharing.
• Advisers including accountants, auditors, insurers and lawyers.
• Regulators, courts, and public authorities where required by law or to establish, exercise or defend legal claims.
• Business partners who help us develop, market or operate the Service. These are subject to appropriate confidentiality and data protection terms.
• In connection with corporate transactions such as a merger, acquisition or sale of assets, in which case personal data may be disclosed to prospective buyers, advisers and successor entities.

A current list of our named sub-processors is published at /legal/subprocessors. We also provide this list on request by emailing privacy@beyla.ai.

5.3 We do not sell personal data.

6.1 BEYLA provides the Service from the United Kingdom, but our systems, team and partners are global. Personal data may therefore be transferred to, and processed in, countries outside the UK, including the European Economic Area (EEA), the United States and other jurisdictions.

6.2 Where we transfer personal data outside the UK, we rely on appropriate safeguards, which may include:

• UK adequacy regulations or adequacy decisions (where a country is recognised as providing adequate protection);
• the UK International Data Transfer Addendum (IDTA) or the UK Addendum to the EU Standard Contractual Clauses;
• EU Standard Contractual Clauses (where applicable); or
• other safeguards permitted under UK GDPR (for example binding corporate rules).

6.3 You can request a copy of the relevant safeguards by emailing privacy@beyla.ai (with appropriate redactions for confidentiality).

7.1 We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, tax, regulatory or reporting requirements, and to establish, exercise or defend legal claims.

7.2 Typical retention periods are:

• Account and Service data: for the term of your relationship with us, plus up to 6 years after deletion or termination.
• Customer Data (as processor): for the term plus 30 days to enable export, after which it is deleted in the ordinary course (see our DPA).
• Billing, tax and accounting records: at least 6 years after the relevant tax year.
• Marketing data: until you unsubscribe or for up to 3 years of inactivity, whichever is earlier.
• Security, audit and backup logs: typically 12 to 24 months.
• De-identified or aggregated data: we may retain this indefinitely because it no longer identifies you.

8.1 We implement technical and organisational measures designed to protect personal data against accidental loss, unauthorised access, disclosure, alteration or destruction. These include encryption in transit and (where appropriate) at rest, role-based access controls, multi-factor authentication, logging and monitoring, secure development practices, vendor due diligence and employee training.

8.2 No system is completely secure. Please help us keep your data safe by using strong unique passwords, enabling multi-factor authentication, keeping your devices updated and reporting suspected issues to security@beyla.ai.

9.1 BEYLA is building an Agentic Business and Finance Operating System powered by a digital hive-mind of collective intelligence that learns and adapts for the benefit of its members. The Service uses AI and machine-learning technologies, including third-party models, to deliver this experience. Here’s our position on your data and AI:

• No training of third-party models on your data. We do not transmit Customer Data to our LLM or other service providers for the training of their models. We contract with our AI providers on a “no-training” basis. BEYLA does not sell Customer Data.
• Refining BEYLA’s own processes and models. We may use Customer Data (including, where appropriate, after de-identification, aggregation or other data-minimisation steps) to refine and enhance how BEYLA works, and as the member community grows, to design, develop and train BEYLA’s own proprietary models. Our goal is simple: a better, smarter, safer Service for every member of the hive.
• Protecting the hive. We also use Customer Data to detect and respond to risk, abuse, fraud, error or harm affecting BEYLA, our members or the wider community. This “hive protection” is integral to running the Service and keeping members safe.
• Outputs are not advice. Always apply human judgement before acting on any Output.
• Memory and context. To deliver a genuinely context-aware experience, the Service retains and reuses relevant Customer Data across sessions for the same account. You can delete or reset memory via Service settings or by contacting us.
• Your choices. You can ask us to exclude de-identified or aggregated data derived from your Customer Data from BEYLA’s product-development and internal-analytics uses by emailing privacy@beyla.ai. Hive-protection and security uses, and Usage Data needed to operate, secure, bill for or support the Service, are core to running BEYLA and cannot be opted out of.

10.1 Under UK data protection law you have the following rights (subject to conditions and exceptions):

• Access — to a copy of the personal data we hold about you.
• Rectification — to correct inaccurate or incomplete data.
• Erasure — to ask us to delete your personal data in certain circumstances.
• Restriction — to ask us to restrict processing in certain circumstances.
• Portability — to receive certain data in a portable format.
• Object — to processing based on legitimate interests or for direct marketing.
• Withdraw consent — where we rely on consent, at any time, without affecting prior lawful processing.
• Complain — to the UK Information Commissioner’s Office (ico.org.uk). We’d appreciate the chance to resolve any concerns first.

10.2 To exercise your rights, contact privacy@beyla.ai. We may need to verify your identity and respond within statutory timeframes (usually one month).

11.1 The Service is not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact privacy@beyla.ai.

12.1 This Privacy Policy is a transparency notice about how we handle personal data, rather than a contract between us. We may update it from time to time. The latest version is always published on our website with its effective date. Where changes are material, we will let you know by email or in-product notice. We encourage you to review this policy periodically so you stay informed.

BEYLA UK LTD — 128 City Road, London, EC1V 2NX, United Kingdom.

Email: privacy@beyla.ai

Security: security@beyla.ai

Supervisory authority: Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF — ico.org.uk.