We use cookies to improve your experience. By using our site, you agree to our use of cookies. Learn more.

Privacy Policy

Last updated: 1 April 2026

Instro AI Solutions Limited ("Instro", "we", "us", or "our") is committed to protecting your privacy and safeguarding personal data.

This Privacy Policy explains how we collect, use, store, share and protect personal data when you use our website, submit an enquiry, request a demo or report, access trial software, or use Instro products and services.

Instro AI Solutions Limited

Company No. 15347917

Registered Office: 30 The Street, Upper Sheringham, Sheringham, England, NR26 8AD

Enterprise Security Summary

  • Your data is not used to train AI models without explicit consent.
  • Data is hosted in GDPR-compliant infrastructure, typically within the UK or EU.
  • Data is encrypted in transit and at rest.
  • Access is restricted through role-based controls and least-privilege principles.
  • Customer data environments are logically separated across storage, database and AI processing layers.
  • We use trusted hosting, infrastructure and AI service providers under commercial terms designed to prevent unauthorised reuse of customer data.
  • We apply security monitoring, vulnerability management and regular security testing.
  • Where required, enhanced isolation, dedicated environments and additional governance controls can be scoped separately.

1. Who this policy applies to

This Privacy Policy applies to personal data relating to:

  • visitors to our website;
  • individuals who contact us or submit website forms;
  • people who request demo access, reports, trials, consultations or calls;
  • users of Instro software and related services; and
  • representatives of customers, prospects, suppliers and partners.

2. The personal data we collect

Depending on how you interact with us, we may collect:

2.1 Information you provide directly

  • name;
  • work email address;
  • phone number;
  • company name;
  • job title;
  • website URL;
  • account credentials;
  • form submissions, messages and enquiry details; and
  • onboarding or implementation information you provide to us.

2.2 Information collected through product or website use

  • usage and interaction logs;
  • chatbot or software queries and responses;
  • technical identifiers and device/browser information;
  • account activity and service access records;
  • system configuration and integration data; and
  • website analytics and cookie-related information, where applicable.

2.3 Information from third parties

We may receive business contact details, company information, or implementation-related data from your organisation, trusted service providers, or publicly available business sources where lawful.

We do not intentionally collect special category personal data unless this has been expressly agreed and is necessary for a defined service purpose.

3. How we use personal data

We use personal data to:

We do not sell personal data.

  • provide and operate our website, products and services;
  • respond to enquiries and requests;
  • deliver sample reports, demos, trials and consultations;
  • create and administer user accounts;
  • manage onboarding, implementation and support;
  • monitor performance, reliability and security;
  • improve service quality, usability and relevance;
  • maintain records of enquiries, contracts, service usage and customer communications;
  • comply with legal and regulatory obligations; and
  • send relevant business-to-business marketing communications where permitted by law or where you have provided consent.

4. Lawful bases for processing

Depending on the context, we rely on one or more of the following lawful bases:

4.1 Legitimate interests

We may process personal data where necessary for our legitimate interests, including:

  • responding to business enquiries;
  • providing requested information, demos, reports and software access;
  • managing business relationships;
  • administering and improving our services;
  • maintaining security, preventing misuse and investigating incidents;
  • keeping records of enquiries and commercial interactions; and
  • conducting proportionate business-to-business follow-up in connection with relevant products or services.

4.2 Contract

We process personal data where necessary to perform a contract with you or your organisation, or to take steps at your request before entering into a contract.

4.3 Consent

We rely on consent where required, including where we ask you to opt in to receive marketing communications or where we seek express agreement for a specific use of data.

4.4 Legal obligation

We may process personal data where necessary to comply with legal, regulatory, accounting or reporting obligations.

5. How we use your data when you submit website forms

When you submit a form, request a report, book a demo, start a trial, contact us through the website, or otherwise provide your details online, we use the information you provide to respond to your request and provide the relevant service or follow-up.

This may include your name, work email address, phone number, company name, job title, website URL, and any other information you choose to submit.

We use this information to:

  • process and respond to your request;
  • provide the report, demo, trial, meeting or service you asked for;
  • communicate with you about your enquiry;
  • maintain records of enquiries, requests and interactions;
  • improve our website journeys, products and services; and
  • where you have agreed, or where otherwise permitted by law, contact you about relevant Instro products, services, updates, events, case studies and offers.

5.1 Sample report and business intelligence requests

If you request a sample report, insight report, business intelligence output or similar demo content, we may use your details to:

  • generate or prepare the requested output;
  • send it to you;
  • contact you about your request;
  • follow up on whether it was useful; and
  • discuss whether the relevant Instro product or service may be suitable for your organisation.

5.2 Demo bookings, discovery calls and consultation requests

If you book a demo, consultation or discovery call, we may use your data to:

  • arrange and confirm the meeting;
  • understand your requirements;
  • prepare for the discussion;
  • communicate with you before and after the meeting; and
  • follow up on products, use cases or services discussed.

5.3 Product enquiries, API enquiries and contact forms

If you submit a product, API or general enquiry, we may use your data to:

  • respond to your message;
  • assess which product or service is relevant;
  • direct your enquiry internally to the right team; and
  • follow up on the request.

5.4 Trial sign-up, account creation and onboarding

If you sign up for a trial, request software access, create an account, or submit onboarding information, we may use your data to:

  • create and administer your account or trial;
  • provide access to the requested service;
  • send service, onboarding and support communications;
  • verify account activity and manage usage;
  • monitor adoption, engagement and service performance; and
  • provide support and follow-up.

5.5 AI Action Plan, workshop and advisory enquiries

If you enquire about an AI Action Plan, workshop, implementation planning or advisory support, we may use your data to:

  • understand your business context and requirements;
  • contact you to discuss your enquiry;
  • arrange meetings or workshops;
  • prepare scoping notes, proposals or follow-up materials; and
  • communicate relevant next steps.

5.6 Marketing follow-up

Where you have consented, or where we otherwise have a lawful basis to do so, we may send you relevant information about Instro products, services, updates, events, case studies or offers.

You can stop marketing communications at any time by:

  • clicking the unsubscribe link in a marketing email; or
  • contacting us using the details in this Privacy Policy.

5.7 Retention of website enquiry data

We keep personal data collected through website forms only for as long as reasonably necessary for the purposes for which it was collected, including responding to your enquiry, providing the requested service, maintaining appropriate business records, and meeting legal or regulatory requirements.

Where an enquiry does not progress, we will review and delete or anonymise the data when it is no longer needed. Where you have opted in to marketing, we may retain your contact details until you unsubscribe or ask us to stop.

6. AI processing and third-party providers

To provide Instro functionality, relevant data may be processed using trusted third-party infrastructure, hosting, communications, analytics and AI service providers.

We select service providers based on operational, security and compliance considerations. Where third-party AI services are used, we aim to do so under commercial terms designed to restrict unauthorised reuse of customer data and to ensure data is processed only for the purpose of delivering the requested service.

Where third-party systems are integrated into customer solutions, those systems may also be subject to their own privacy policies and contractual terms.

7. Data storage and security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

7.1 Hosting and infrastructure

Customer and website data is hosted using secure, GDPR-compliant infrastructure. This may include cloud hosting, databases, storage services and supporting application services selected to meet operational and security requirements.

7.2 Data location and transfers

We aim to store data within the UK or EU where possible. If a transfer outside the UK or EU is necessary, we will implement appropriate safeguards in accordance with applicable data protection law.

7.3 Encryption

We use encryption in transit and at rest, including:

  • TLS 1.2 or higher for data in transit; and
  • AES-256 or equivalent standards for data at rest where supported by the relevant infrastructure.

7.4 Access controls

We restrict access to personal data to authorised personnel and approved processors on a need-to-know basis. Measures include:

  • role-based access controls;
  • least-privilege principles;
  • authentication controls;
  • periodic access review; and
  • audit logging where appropriate.

7.5 Environment and application security

We apply measures such as:

  • logical separation of customer environments where applicable;
  • secure network configuration and private service controls;
  • system monitoring and alerting;
  • vulnerability management; and
  • controlled deployment and change practices.

7.6 Security testing and incident management

We maintain processes for identifying, assessing and responding to security risks and incidents. These may include vulnerability scanning, security testing, patching, logging and incident response procedures.

7.7 Data provenance and auditability

Where relevant to the product or implementation, Instro may maintain traceability across data ingestion, processing and output stages to support greater transparency, control and auditability.

8. Data retention and deletion

We retain personal data only for as long as necessary for the purposes for which it was collected, including service delivery, security, record-keeping, contractual performance, legal compliance and dispute resolution.

Where data is processed under a customer contract, retention periods may also be governed by that contract.

Upon valid request, expiry of retention periods, or termination of the relevant service, data will be deleted, anonymised, or otherwise securely disposed of in accordance with our retention practices and any applicable contractual commitments.

Where contract terms specify a deletion period, we will apply that period unless a longer retention period is required by law.

9. Employee confidentiality, training and awareness

We take steps to ensure that personnel with access to personal data understand their responsibilities. This includes:

  • confidentiality obligations;
  • data handling procedures;
  • security and privacy awareness measures; and
  • internal processes for escalation and incident reporting.

10. Cookies and analytics

Our website may use cookies and similar technologies to support functionality, security, analytics and user experience.

Where required, we will request consent for non-essential cookies. For more detail, please see our Cookie Policy.

11. Children's privacy

Our website and services are not directed at children under the age of 16, and we do not knowingly collect personal data from them.

12. Your rights

Under applicable data protection law, you may have the right to:

  • access your personal data;
  • request correction of inaccurate or incomplete data;
  • request erasure of personal data in certain circumstances;
  • restrict processing in certain circumstances;
  • object to processing based on legitimate interests;
  • object to direct marketing at any time;
  • request transfer of your data, where applicable; and
  • withdraw consent where processing is based on consent.

How to exercise your rights

To exercise these rights, contact us using the details below.

You also have the right to complain to the Information Commissioner's Office if you believe your data protection rights have been infringed.

13. Compliance and accountability

Instro maintains compliance records and data protection governance measures appropriate to the size and nature of the business. This may include privacy reviews, contractual controls with processors, incident procedures and risk assessments.

Instro AI Solutions Limited is registered with the UK Information Commissioner's Office under registration number ZB852431.

14. Third-party websites and links

Our website may contain links to third-party websites, scheduling tools, social platforms or partner services. We are not responsible for the privacy practices of those third parties. Please review their privacy policies separately.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements or operational practices. The latest version will always be published on our website with the updated effective date.

16. Contact details

For privacy-related queries or to exercise your rights, please contact:

Data Protection Contact

Email: info@instro.ai

Postal address: Instro AI Solutions Limited, 30 The Street, Upper Sheringham, Sheringham, England, NR26 8AD