Alit

Alit

Login

Privacy Policy

Privacy Policy

Privacy Policy

Last Updated: April 2026

Last Updated: April 2026

Last Updated: April 2026

ALIT LTD (Company Number: 16957485) Registered Office: 84 Albert Hall Mansions, Kensington Gore, London, England, SW7 2AQ


Introduction

Alit Ltd ("Alit", "we", "us", "our") is the data controller responsible for your personal data. We are committed to protecting the privacy and security of the information you share with us.


This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website, applications, and AI-powered services (collectively, the "Service"). It applies to all users of the Service, including individuals acting on behalf of organisations.


This policy should be read alongside our Terms 0f Service.

For any questions about this policy or your personal data, contact us at: legal@getalit.ai


1. Data Controller and Data Processor Roles

Alit acts in two capacities depending on the type of data involved:


As data controller: Alit determines the purposes and means of processing for account registration data, usage data, and other information collected to operate and improve the Service.


As data processor: When you upload documents, contracts, or financial data to the Service for analysis, Alit processes that data on your behalf and in accordance with your instructions. In this capacity, Alit acts as a data processor (or sub-processor where you are processing data on behalf of your own clients). Where a separate Data Processing Agreement is in place, its terms govern this processing.


2. Information We Collect

Information you provide

  • Account registration details (name, email address, organisation name, role)

  • Documents and data uploaded for analysis (contracts, financial data, accounting scenarios)

  • Queries, inputs, and interactions with the Service

  • Feedback, correspondence, and support requests


Information collected automatically

  • Device and browser type

  • IP address

  • Usage data (feature usage, session timestamps, error logs)

  • Essential cookies required for the Service to function (see Section 10)


Information we do not collect

  • We do not collect personal data from individuals under 18

  • We do not collect special category data (health, biometric, political, religious data) unless you include it in uploaded documents, in which case it is processed solely to provide the Service


3. How We Use Your Information

  • Providing the Service (account management, AI-powered analysis, output generation): uses registration data, uploaded documents, and queries. Lawful basis: contractual necessity.

  • Maintaining security, preventing abuse, and detecting fraud: uses IP address, usage data, and device information. Lawful basis: legitimate interest.

  • Improving and developing the Service (anonymised, aggregated analytical insights from usage patterns): uses anonymised usage patterns only, no client-specific content. Lawful basis: legitimate interest.

  • Responding to support requests and communications: uses contact details and correspondence. Lawful basis: contractual necessity.

  • Complying with legal or regulatory obligations: uses data as required. Lawful basis: legal obligation.

  • Sending service-related communications (e.g. maintenance notices, security alerts): uses email address. Lawful basis: legitimate interest.


Important: Alit does not use your uploaded data, including contracts, scenarios, memos, or other client materials, to train or fine-tune AI models. Your documents and inputs are never incorporated into any model training pipeline. Where we derive insights to improve our reasoning capabilities, these are limited to anonymised, non-identifiable patterns of platform usage (such as which accounting standards are commonly invoked or how decision points are structured) and contain no client-specific content.


4. Data Sharing and Sub-processors

We do not sell your personal data.


We share data only with trusted third-party service providers who process data on our behalf and under our instructions. All sub-processors are bound by appropriate contractual obligations regarding data protection and confidentiality.

Current sub-processors

  • Amazon Web Services (AWS) - Cloud hosting, data storage (S3), serverless compute (Lambda), messaging (SQS), database (DynamoDB). Location: EU/UK regions.

  • OpenAI - Large language model inference for AI-powered analysis. Location: United States.

  • Google Firebase - User authentication. Location: United States.


Where data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, including the UK International Data Transfer Agreement or Standard Contractual Clauses, as applicable.


We may also disclose data where required by law, regulation, or court order.


We will notify you of any material changes to our sub-processor list by updating this policy and, where a Data Processing Agreement is in place, in accordance with its terms.


5. Data Retention

We retain data only as long as necessary for the purposes for which it was collected:

  • Account registration data: retained for the duration of your account plus 12 months after account closure.

  • Uploaded documents and analysis outputs: retained for the duration of your account; deleted within 30 days of account closure or earlier on request.

  • Usage and analytics logs: 24 months from collection.

  • Support correspondence: 24 months from resolution.


After the applicable retention period, data is securely deleted or anonymised.

You may request earlier deletion of your data at any time (see Section 7).


6. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest

  • Role-based access controls

  • Infrastructure hosted within AWS with appropriate security configurations

  • Regular review of security practices


No system is entirely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.


7. Your Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

Right of access - You may request a copy of the personal data we hold about you.

Right to rectification - You may request correction of inaccurate or incomplete data.

Right to erasure - You may request deletion of your personal data, subject to any legal obligations requiring us to retain it.

Right to restrict processing - You may request that we limit how we use your data in certain circumstances.

Right to data portability - You may request a copy of your data in a structured, commonly used, machine-readable format.

Right to object - You may object to processing based on legitimate interest. We will cease processing unless we can demonstrate compelling legitimate grounds.

Right to withdraw consent - Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at: legal@getalit.ai

We will respond to requests within one month. In complex cases, we may extend this by a further two months, and will notify you if so.

If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: https://ico.org.uk

  • Telephone: 0303 123 1113


8. International Data Transfers

Some of our sub-processors (OpenAI, Google Firebase) are based in the United States. Where personal data is transferred outside the United Kingdom, we rely on:

  • The UK International Data Transfer Agreement (IDTA)

  • Standard Contractual Clauses (SCCs) approved by the relevant authority

  • Any applicable adequacy decisions


We take reasonable steps to ensure that your data receives an equivalent level of protection to that provided within the United Kingdom.


9. Use by Minors

The Service is designed for professional and commercial use only. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.


10. Cookies

The Service uses only essential cookies required for basic functionality (such as session management and authentication). We do not use third-party analytics, advertising, or tracking cookies.


You can manage cookie settings through your browser. Disabling essential cookies may affect your ability to use the Service.


If we introduce additional cookies in the future, we will update this section and, where required, obtain your consent before deploying them.


11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by placing a notice on the Service prior to the changes taking effect.

The "Last Updated" date at the top of this policy indicates when it was most recently revised. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.


12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how your data is handled, please contact us at:

Alit Ltd 84 Albert Hall Mansions, Kensington Gore, London, England, SW7 2AQ Email: legal@getalit.ai

Copyright © 2026 Alit Ltd
All rights reserved

Copyright © 2026 Alit Ltd
All rights reserved