Skip to main content

Privacy Policy

Last updated: 10 March 2026

1. Who we are

PathFinder AI is operated by Smart Path IT Ltd, a company registered in England and Wales. Our registered address is available on request at [email protected].

For GDPR purposes, Smart Path IT Ltd is the data controller for personal data collected through pathfinderai.co.uk and the PathFinder AI platform.

2. Data we collect

We collect the following categories of data:

  • Account information: Name, email address, and company name provided during registration.
  • Incident data: Incident descriptions, metadata, and associated information submitted to the platform by your organisation.
  • Usage data: How you interact with the platform, including pages visited, features used, and session duration.
  • Technical data: IP address, browser type, and device information collected automatically.

3. How we use your data

  • To provide and operate the PathFinder AI platform.
  • To generate AI-powered incident scoring, recommendations, and pattern detection for your organisation.
  • To communicate with you about your account, trials, and service updates.
  • To improve our product based on aggregated, anonymised usage patterns.

We do not sell your data. We do not use your incident data to train AI models for other customers. Your data is isolated per organisation.

4. Legal basis for processing

We process personal data under the following lawful bases under UK GDPR:

  • Contract performance: Processing necessary to deliver the service you signed up for.
  • Legitimate interest: Product improvement using anonymised, aggregated data.
  • Consent: Marketing communications (opt-in only).

5. Data storage and security

All data is stored in UK data centres. We use encryption in transit (TLS 1.2+) and at rest. Access to production systems is restricted by role-based access controls.

Customer incident data is isolated per organisation using multi-tenant architecture with strict data boundaries. One customer’s data is never accessible to another.

6. Data retention

Account data is retained for the duration of your subscription plus 30 days. Incident data retention depends on your plan (30 days for Starter, 90 days for Professional, unlimited for Enterprise). You can request deletion of all data at any time.

7. Third-party services

We use the following third-party services:

  • Cloudflare: CDN and DDoS protection.
  • Google Analytics: Website usage analytics (anonymised).
  • Microsoft Clarity: Session replay and heatmaps for UX improvement.

No third-party service has access to your incident data.

8. Cookies

We use essential cookies for site functionality and analytics cookies for usage tracking. You can disable analytics cookies in your browser settings. Essential cookies are required for the platform to operate.

9. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Request erasure of your data.
  • Object to processing.
  • Data portability.
  • Lodge a complaint with the ICO (ico.org.uk).

10. Contact

For any privacy-related queries, contact us at [email protected].

← Back to home