Privacy policy

This Privacy Policy explains how Eddric Ltd ("Eddric", "we", "us") collects, uses, stores, and protects your personal data when you use the Eddric platform at eddric.com.

We are the data controller for the personal data described in this policy.

• Email: info@eddric.ai
• Registered address: London, England, United Kingdom

Eddric was formerly trading as CogniReach.

We collect the minimum personal data necessary to operate your account and deliver the services.

a) Account data

• Name, email, organisation name and role
• Password (stored as a salted hash — never plaintext)

b) Usage data

• Pages and features used within the platform
• Login timestamps
• Browser, OS, and device information
• IP address (security monitoring only)

c) Communication data

• Contact form submissions and support correspondence

d) Data we do not collect

• No personal data of end consumers through Campaign Intelligence
• No special-category personal data
• Competitor monitoring targets publicly available advertising data, not individuals

We process your personal data for the following purposes and legal bases:

We will never sell your personal data. We do not use it for profiling or automated decision-making that produces legal effects concerning you.

Eddric uses machine-learning models for sentiment classification, fit prediction, and account summarisation.

• No personal data of end consumers is sent to any external model.
• No proprietary client data — fund data, customer lists, portfolio information — is ever transmitted to an external model.
• All model interactions are recorded in the audit trail with timestamp, model used, input summary, and output classification.
• Data isolation is enforced at the tenant level. No tenant can access another tenant's data, configurations, or outputs.

We share personal data only in the following limited circumstances:

a) Infrastructure providers Trusted sub-processors that host and operate the platform — cloud database, email delivery, authentication. All data hosted in EU regions under contractual safeguards.

b) Legal requirements Where required by law, regulation, legal process, or enforceable government request.

c) Business transfers In the event of a merger, acquisition, or sale of assets, data may transfer to the successor entity. We will notify you of any such transfer.

We do not share data with advertisers, data brokers, or any third party for marketing purposes.

Data is stored primarily in eu-west-1. Where data transfers outside the UK or EEA, we apply Standard Contractual Clauses approved by the UK ICO, rely on adequacy decisions where available, and use encryption in transit and at rest.

Request details of safeguards for a specific transfer by contacting info@eddric.ai.

• Encryption — TLS 1.2+ in transit, AES-256 at rest.
• Access control — Role-based, least-privilege, scoped per tenant.
• Authentication — Salted password hashing, email verification, password reset flows.
• Audit logging — Immutable, append-only.
• Infrastructure — Enterprise-grade cloud with continuous monitoring.
• Incident response — Documented procedures for detection, response, and reporting.

If you find a security vulnerability, report it to info@eddric.ai immediately.

After the period ends, data is permanently deleted or irreversibly anonymised.

Under the UK GDPR you have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.

To exercise any of these, contact info@eddric.ai. We respond within 30 days. You also have the right to lodge a complaint with the UK ICO at ico.org.uk.

The platform is a business-to-business service. It is not directed at children under 18 and we do not knowingly collect data from children.

Material changes will be communicated by email and in-platform notification at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Eddric Ltd Email: info@eddric.ai London, United Kingdom