Skip to main content

1. Who We Are

InsightMesh Limited ("InsightMesh", "we", "us", or "our") is a company registered in England and Wales. Our registered address is 82A James Carter Road, Mildenhall, IP28 7DE, United Kingdom.

We are the data controller for personal data collected through our website (insightmesh-ai.com) and in the course of our sales, marketing, and support activities. Where we process personal data contained within customer enterprise data on behalf of our clients, we act as a data processor under a separate Data Processing Agreement — that processing is governed by those agreements and is not the subject of this notice.

This Privacy Policy explains how we collect, use, store, and share your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to website visitors, prospective customers, and contacts at existing client organisations.

Our privacy contact is: support@insightmesh-ai.com

2. Personal Data We Collect

We collect the following categories of personal data:

Website visitors

  • IP address and approximate location derived from it
  • Browser type, device type, and operating system
  • Pages visited, time on page, and referring URL
  • Cookie identifiers (see Section 9)

Enquiries and marketing contacts

  • Name, job title, and company name
  • Business email address and telephone number
  • The content of any message you send us
  • Information you share during sales calls or demonstrations

Customer account contacts

  • Name, job title, and contact details of individuals at client organisations
  • Billing and invoicing details
  • Records of support requests and communications
  • Platform usage logs and audit trails associated with named accounts

We collect this data directly from you (via contact forms, email, calls, or sign-up), automatically when you visit our website, and occasionally from publicly available sources such as LinkedIn or company websites in the course of business development.

3. How We Use Your Data and Our Legal Basis

We only process personal data where we have a lawful basis to do so under Article 6 of the UK GDPR.

Purpose Legal Basis
Responding to your enquiries and providing our services Contract / Pre-contractual steps
Managing your account, billing, and support Contract / Legal obligation
Sending service communications (updates, security notices) Contract / Legitimate interests
Sending marketing communications to existing business contacts Legitimate interests (B2B soft opt-in, PECR)
Sending marketing communications to new prospects Consent (where required) or Legitimate interests
Website analytics and performance improvement Legitimate interests
Security monitoring and fraud prevention Legitimate interests
Compliance with legal obligations (tax, audit, court orders) Legal obligation

Where we rely on legitimate interests, we have carried out a balancing test and are satisfied that our interests do not override your fundamental rights. You may request details of our balancing assessment by contacting us at support@insightmesh-ai.com.

Where we rely on consent, you have the right to withdraw it at any time by contacting us or using the unsubscribe link in any marketing email. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

4. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our standard retention periods are:

  • Contract and account data: Duration of the contract, plus 6 years after termination (consistent with the Limitation Act 1980 for legal claims).
  • Financial and invoicing records: 6 years (HMRC requirement).
  • Marketing and prospect data: Until you opt out, or 2 years from last meaningful contact.
  • Security and access logs: 12 months.
  • Website analytics data: 14 months.
  • Customer Data processed as a processor: Deleted or returned within 30 days of contract termination, as set out in the relevant Data Processing Agreement.

5. Who We Share Your Data With

We do not sell your personal data. We may share it with the following categories of recipients, solely to the extent necessary:

  • Cloud infrastructure providers — our platform and website are hosted on secure cloud infrastructure (such as Microsoft Azure or equivalent). These providers are bound by data processing agreements and act on our instructions.
  • AI model providers — where our platform uses third-party large language model APIs to deliver services to clients, we disclose this in our Data Processing Agreement with each client. We contractually require that such providers do not use customer data for model training without explicit written consent.
  • CRM and marketing platforms — to manage our business contacts and communications.
  • Professional advisors — legal, accounting, and insurance advisors, subject to confidentiality obligations.
  • Regulatory authorities and law enforcement — where required by applicable law or a valid court order. We will notify you where we are legally permitted to do so.
  • Business purchasers — in the event of a merger, acquisition, or sale of our business, your data may be transferred as part of that transaction, subject to equivalent privacy protections.

6. International Data Transfers

Your data is primarily processed within the United Kingdom and the European Economic Area (EEA). The UK has granted adequacy status to all EEA countries, and the European Commission renewed its adequacy decisions for the UK in December 2025 — meaning transfers in both directions are permitted without additional safeguards.

Where we use service providers located outside the UK and EEA (for example, in the United States), we ensure appropriate safeguards are in place, such as:

  • An International Data Transfer Agreement (IDTA) approved by the ICO, or
  • The UK Addendum to EU Standard Contractual Clauses, or
  • The UK-US Data Bridge certification framework where applicable.

You may request details of the specific safeguards in place for any international transfer by contacting us at support@insightmesh-ai.com.

7. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right to be informed — this Privacy Policy fulfils this right.
  • Right of access — you may request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one calendar month.
  • Right to rectification — you may ask us to correct inaccurate or incomplete data. We will respond within one month.
  • Right to erasure — you may request that we delete your personal data where it is no longer necessary for the purposes collected, where you have withdrawn consent, or where processing is unlawful. This right is not absolute — we may be required to retain certain data by law or for legitimate business purposes.
  • Right to restriction — you may ask us to suspend processing while you contest accuracy or object to processing.
  • Right to data portability — where processing is based on consent or contract and is carried out by automated means, you may receive your data in a structured, machine-readable format.
  • Right to object — you have an absolute right to object to direct marketing at any time. You may also object to processing based on legitimate interests; we will cease unless we can demonstrate compelling legitimate grounds that override your interests.
  • Rights related to automated decision-making — we do not make decisions about you solely by automated means that produce legal or similarly significant effects without human review.

To exercise any of these rights, please contact us at support@insightmesh-ai.com. There is no charge for making a request. We will verify your identity before processing your request.

8. Your Right to Complain to the ICO

If you are unhappy with how we have handled your personal data, please contact us first at support@insightmesh-ai.com so we can attempt to resolve your concern.

You also have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters:

  • Website: www.ico.org.uk
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Helpline: 0303 123 1113

9. Cookies

Our website uses cookies — small text files stored on your device when you visit. We use the following categories:

  • Strictly necessary cookies: Required for the website to function (session management, security). These cannot be disabled.
  • Analytics cookies: First-party cookies that help us understand how visitors use our website (pages viewed, time on site, errors). Under the Data (Use and Access) Act 2025, first-party analytics cookies used solely for statistical purposes may be set without prior consent provided a free opt-out is available. No personal profiling is carried out.
  • Preference cookies: Store your settings such as display preferences across visits.

We do not use advertising or cross-site tracking cookies. You can manage or delete cookies through your browser settings at any time. Disabling analytics cookies will not affect your ability to use the website.

10. How We Keep Your Data Secure

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure. These include encryption in transit (TLS) and at rest, strict access controls, regular security reviews, and personnel training.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it, and will inform affected individuals without undue delay where the risk is assessed as high.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will publish the revised version on this page with an updated effective date. For material changes, we will provide notice by email to relevant contacts or via a notice on our website at least 30 days before the change takes effect.

12. Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact us: