IntellixCore Ltd · 167–169 Great Portland Street, 5th Floor, London, W1W 5PF
Effective Date: 23 June 2026
This Privacy Policy explains how IntellixCore Ltd ("IntellixCore", "we", "us" or "our") collects and uses personal data in connection with our websites, the IntellixCore Agentic Workforce Platform, IntellixTax, other standalone AI Agents and Agentic Workers, subscriptions and free trials, enterprise licensing and deployments, demonstrations, events, Bootcamps, workshops, consulting, support and related services (together, the "Services"). IntellixCore Ltd is registered in England and Wales under company number 15072784. Our registered office and correspondence address for privacy matters is 167–169 Great Portland Street, 5th Floor, London, W1W 5PF. You can contact us at info@intellixcore.com. This Policy should be read with our Terms of Use, any applicable product-specific notice, order form, data processing agreement or other written contract. A product-specific notice may provide additional information about a particular Agent, including its data sources, retention period, hosting arrangements and approved uses of data. If there is a conflict, the more specific notice or signed contract will apply to that processing activity.
Our data protection role depends on the processing activity: IntellixCore is generally the controller of personal data used to administer accounts, subscriptions, billing, communications, security, service analytics, events, enquiries, feedback and our own business operations because we determine why and how that data is used. Where a business customer submits personal data about its clients, employees or other individuals through a Service and determines the purposes of that processing, the customer will generally be the controller and IntellixCore will act as its processor. That processing is governed by the applicable contract and, where required, a data processing agreement. In some circumstances, IntellixCore or another party may act as an independent controller for a specific purpose. We will identify that position in the relevant notice or contract where appropriate. Nothing in this Policy changes the allocation of roles agreed in a signed data processing agreement or other written contract.
AI Agents process the prompts, instructions, documents and other information submitted by users to generate requested outputs. Inputs and outputs may contain personal data. Users must only submit personal data where they have the necessary authority and lawful basis and must comply with their own professional, confidentiality and data protection obligations. 3.1 Client and confidential information Do not include client-identifiable, confidential or sensitive information unless your organisation and the relevant data owner have authorised its use. Where reasonably possible, anonymise or pseudonymise information before submitting it. You are responsible for ensuring that notices have been provided to affected individuals where required. Where a User is subject to professional or ethical standards, including Professional Conduct in Relation to Taxation (PCRT) where applicable, the User is responsible for ensuring that the submission and processing of client information through an Agent complies with those standards. 3.2 Model training and service improvement IntellixCore does not use Customer Data, prompts, uploaded documents or Outputs to train or fine-tune general-purpose AI models unless the owner or authorised controller of that data has expressly approved that use. Any approved use will be documented and limited to the agreed purpose. Product-specific notices may explain whether anonymised, aggregated or otherwise approved data is used to evaluate or improve a particular Service. We may use technical telemetry, security logs and aggregated or anonymised usage information to operate, secure, measure and improve the Services, provided that such information does not identify an individual or disclose Customer Data. 3.3 No solely automated significant decisions by IntellixCore IntellixCore does not use personal data collected under this Policy to make solely automated decisions about individuals that produce legal or similarly significant effects. Customers must not use the Services as the sole basis for significant decisions without meaningful human review and compliance with applicable law. Further restrictions are set out in our Terms of Use.
4.1 Account and subscription data • Name, business email address, telephone number, organisation, job title and professional role. • Account identifiers, authentication records, preferences, subscription tier, orders, invoices, payment status and customer-support history. • Records showing acceptance of the Terms of Use, Privacy Policy and applicable product terms, including date, time, version and related technical audit information. 4.2 Agent, Platform and Customer Data • Prompts, queries, instructions, uploaded files and other Inputs. • Outputs, conversation history, workflow records, review or approval records and user feedback. • Agent configurations, workflow data, permissions, integrations and business data submitted through enterprise deployments. • Usage information, including features used, activity times, token or usage volumes, error records and performance information. 4.3 Website, marketing and event data • Information submitted through contact, demonstration, assessment, Scorecard, white-paper, event and registration forms. • Professional interests, marketing preferences, campaign engagement and records of opt-outs or objections. • Information supplied when attending Bootcamps, immersive workshops, webinars, meetings or other events. 4.4 Technical and device data • IP address, browser and device type, operating system, approximate location derived from IP address, session identifiers, security logs and authentication data. • Website pages viewed, referral source, clickstream, session duration and interaction data collected through cookies or similar technologies, subject to applicable consent requirements. 4.5 Data obtained from other sources • Information provided by your employer, organisation, administrator or an authorised user. • Information from business partners, implementation partners, event organisers, payment providers and connected services. • Publicly available professional information, including business websites, professional directories and platforms such as LinkedIn, where permitted by law and the relevant platform terms. 4.6 Special category and criminal offence data Our standard Services are not designed to require special category data or criminal offence data. You should not submit such data unless its use is necessary, authorised and supported by an appropriate legal condition. A product-specific notice or enterprise agreement may impose additional restrictions.
The table below summarises our principal purposes and lawful bases when IntellixCore acts as controller. More than one lawful basis may apply depending on the circumstances. Provide accounts, subscriptions, trials, Agents, Platform access, events and contracted Services — Performance of a contract; steps requested before entering a contract Process prompts and Inputs and return Outputs — Performance of a contract; legitimate interests in providing and operating the requested Service Billing, payment administration and financial records — Performance of a contract; legal obligation; legitimate interests in managing our business Authentication, security, fraud prevention, misuse detection, audit and incident response — Legitimate interests in protecting users, customers, IntellixCore and the Services; legal obligation where applicable Customer support, service messages, maintenance notices and operational communications — Performance of a contract; legitimate interests in supporting customers and administering the Services Request and analyse feedback, reviews, surveys and user research — Legitimate interests in understanding customer experience and improving our Services Tell customers and professional contacts about other IntellixCore Agents, Platform products, events and services that may be relevant — Legitimate interests for corporate subscribers and professional B2B communications; consent or the PECR soft opt-in where required Website analytics, performance measurement and service improvement — Consent for non-essential cookies where required; legitimate interests for essential, security and aggregated analytics Product development using aggregated, anonymised or expressly approved data — Legitimate interests; consent or another documented lawful basis where personal data is used Comply with law, regulation, court orders, professional obligations and legal claims — Legal obligation; legitimate interests in establishing, exercising or defending legal rights Corporate transactions, financing, restructuring or sale of business assets — Legitimate interests in managing and developing our business, subject to appropriate safeguards
We may contact subscribers, authorised users and professional contacts to: • ask for feedback about their experience, invite participation in user research or request a review; • provide information about new features, improvements and service developments; and • promote other IntellixCore Agents, Platform products, events or services that we reasonably believe may be relevant to their professional role or organisation. We will comply with applicable UK GDPR and Privacy and Electronic Communications Regulations requirements. Corporate subscribers may receive relevant business-to-business electronic marketing on the basis of our legitimate interests. For sole traders, certain partnerships and other individual subscribers, we will rely on consent or the existing-customer soft opt-in where legally available. Every marketing message will identify IntellixCore and provide a clear way to opt out. You can object to direct marketing or withdraw consent at any time by using the unsubscribe link in a message, changing available communication preferences or contacting info@intellixcore.com. We may retain a minimal suppression record to ensure we respect your request. Operational messages concerning your Account, security, billing, changes to the Services or contractual matters are not marketing and may continue while your Account or contract remains active.
Standalone Agents may have different functions, data sources, retention periods and technical arrangements. Before using an Agent, review the notice shown at registration, login or within the Agent interface. That notice forms part of this Policy for the relevant Service. 7.1 IntellixTax IntellixTax is intended for professional users. Subject to any updated notice displayed within the Service: • queries, Inputs, Outputs and conversation history may be retained for up to 60 days from the relevant session; • users may delete available conversation history through the sidebar or other deletion control; • an Account holder may request earlier deletion, subject to legal, security, backup and dispute-preservation requirements; and • users should anonymise or pseudonymise client information unless their organisation and the relevant data owner have authorised its use. 7.2 Future standalone Agents A future Agent may apply a different retention period or data-use model. The applicable period and any approved use of Customer Data will be stated in its product-specific notice. We will not assume permission to train or fine-tune general-purpose models using Customer Data merely because a user accesses an Agent.
Enterprise customers may use managed cloud, hybrid, private-cloud, customer-controlled or on-premise deployments. Hosting location, data residency, subprocessors, retention, integrations and security responsibilities are determined by the selected deployment and the applicable written contract. Where IntellixCore processes personal data on behalf of an enterprise customer, we will process it on documented instructions and in accordance with the applicable data processing agreement. The customer is responsible for establishing its lawful basis, providing required privacy information, managing data subject requests and configuring the Service consistently with its legal and professional obligations, except to the extent the contract assigns a responsibility to IntellixCore.
We may share personal data only where necessary and subject to appropriate safeguards with: • cloud, hosting, infrastructure, AI model, database, communications, analytics, security, payment, CRM, customer-support and event-service providers; • professional advisers, auditors, insurers and financing providers; • implementation partners, systems integrators and subcontractors involved in delivering contracted Services; • your organisation, Account administrator or other authorised users where required to administer the Service; • regulators, courts, law-enforcement bodies or other authorities where required or permitted by law; and • a prospective buyer, investor or successor in connection with a genuine corporate transaction, subject to confidentiality and data protection controls. Third-party providers may process data as our processors, subprocessors or independent controllers depending on their role. Before a provider is used for a production Service, IntellixCore assesses the provider and, where appropriate, implements contractual, technical and organisational controls proportionate to the Service and the data involved. These controls may include configuring available data-retention and model-training settings, restricting provider access, applying approved deployment options, and establishing appropriate transfer, security, deletion and incident-notification arrangements. The precise safeguards depend on the provider, Service, deployment and customer requirements; they are not assumed to apply automatically merely because a provider is selected. A subprocessor list or additional information may be made available where appropriate or required by contract. We do not sell personal data.
We use approved cloud and service providers and may offer UK data residency where specified for a particular Service or deployment. We do not state that every item of personal data is necessarily processed only in the UK. Some providers, support functions or connected services may process personal data outside the UK. Where UK personal data is transferred internationally and the destination is not covered by UK adequacy regulations, we use an appropriate transfer mechanism, such as the UK International Data Transfer Agreement, the UK Addendum to approved standard contractual clauses or another lawful safeguard, together with supplementary measures where required. Enterprise-specific commitments are set out in the relevant contract or product notice.
We retain personal data only for as long as reasonably necessary for the relevant purpose, including to provide the Services, comply with legal and accounting duties, resolve disputes, maintain security and establish or defend claims. Principal retention periods are: • Agent Inputs, Outputs and conversation history: the period stated in the applicable product-specific notice. IntellixTax currently uses the period described in section 7.1. • Account and subscription records: for the duration of the Account or contract and ordinarily up to six years afterwards where needed for tax, accounting, contractual or legal purposes. • Invoices and transaction records: ordinarily six years after the end of the relevant financial period or longer where required by law. • Website enquiries, event registrations and business-development records: ordinarily for up to 24 months after the last meaningful interaction, unless an active relationship, consent, objection or legal requirement justifies longer retention. • Marketing contact data: while we have a lawful reason to communicate, until an objection or withdrawal of consent, and thereafter a minimal suppression record for as long as needed to respect that choice. • Security, authentication and technical logs: for a period proportionate to the security and audit purpose, ordinarily between 30 days and 24 months unless an incident, investigation or contract requires longer retention. • Feedback, reviews and research records: for as long as useful to the stated research or improvement purpose, normally in identifiable form for no longer than 24 months unless otherwise agreed. Deleting content from an active Account or interface removes it from normal user access, but may not immediately remove all copies from security logs, fraud-prevention records, transaction records, encrypted backups, legal-hold records or suppression lists. Residual copies may remain for limited periods where technically necessary or legally required. They will remain protected and will not be restored to active use except where reasonably necessary for disaster recovery, security, legal compliance, the establishment or defence of legal claims, or to respect an objection or opt-out.
We apply technical and organisational measures appropriate to the nature and risk of the processing. Depending on the Service and deployment, these may include encryption in transit and at rest, role-based access controls, authentication controls, logical separation, logging, monitoring, vulnerability management, security testing, backup and incident-response procedures. No system is completely secure. Users must protect their credentials, use approved devices and networks, follow their organisation's policies and notify us promptly of suspected unauthorised access or security incidents.
We use strictly necessary cookies and similar technologies for login, security, preferences and core functionality. Subject to consent requirements, we may also use analytics, performance, advertising or retargeting technologies. Our cookie banner or cookie notice provides current details and lets users manage non-essential choices. Withdrawing consent does not affect processing already carried out lawfully.
Depending on the circumstances and applicable law, you may have rights to: • be informed about our use of personal data; • request access to personal data; • request correction of inaccurate or incomplete data; • request erasure of data; • request restriction of processing; • object to processing based on legitimate interests and object at any time to direct marketing; • receive certain data in a portable format; • withdraw consent at any time where processing is based on consent; and • request safeguards relating to qualifying solely automated decisions. These rights are not absolute and exemptions may apply. We may need to verify your identity and clarify the scope of a request. Where IntellixCore acts only as processor, we may refer the request to the relevant customer-controller or assist that customer in responding. To exercise a right, email info@intellixcore.com. You may also complain to the UK Information Commissioner's Office. We would appreciate the opportunity to address your concern first, but this does not affect your right to contact the regulator.
The Services are intended for business and professional users aged 18 or over. They are not directed to children, and we do not knowingly permit individuals under 18 to create Accounts. If we become aware that we have collected a child's personal data contrary to this restriction, we will take appropriate steps to delete or otherwise lawfully address it.
We may update this Policy to reflect changes in law, our Services, technology, providers or business practices. The current version will be published with its effective date. Where a change is material, we will take reasonable steps to notify affected users, for example through the Website, Account interface or email. A change to this Policy does not retrospectively create consent or authorise a materially different use of personal data where further notice or consent is legally required.
If you wish to complain about how we have handled your personal data, please contact us at info@intellixcore.com. We will acknowledge your complaint within 30 days, investigate it appropriately and provide a response without undue delay. You may also complain to the Information Commissioner's Office, although we encourage you to contact us first so that we have an opportunity to address your concerns.
Privacy enquiries, rights requests and complaints may be sent to: Email: info@intellixcore.com Post: Data Protection Officer, IntellixCore Ltd, 167–169 Great Portland Street, 5th Floor, London, W1W 5PF Data Protection Officer: Mike Greig · info@intellixcore.com
Committed to Your Privacy — Contact info@intellixcore.com with any questions.