Privacy Policy

Last updated: 24 November 2025

RareEarthMinerals.ai ("we", "our", "us") provides document-analysis and evidence-verification tools across mineral and industrial supply chains. We are committed to processing personal data lawfully, fairly and transparently, in line with UK GDPR, the Data Protection Act 2018, the Data Use and Access Act 2025, EU GDPR, and other applicable data-protection regimes.

1. Data We Collect

Account Information: name, email address, encrypted password.
Uploaded Documents: PDFs, ESIAs, supplier reports, due-diligence materials, and other files you choose to upload. These remain your property.
Usage Data: page visits, interactions, and basic analytics. We do not use advertising cookies or behavioural tracking.

2. Lawful Basis for Processing

We process personal data under:
• contractual necessity (providing the Evidence Vault)
• legitimate interest (improving service performance)
• consent (optional cookies or notifications)

3. Encryption, Security & Chain-of-Custody

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Uploaded documents receive immutable timestamps and cryptographic hashes to preserve evidential integrity. We do not modify, annotate, or alter your original materials.

4. Access Controls

We operate on a strict read-only basis unless you explicitly authorise regulator, auditor, or retailer access. Permissions are revocable at any time.

5. Personnel Changes & Identity Verification

If credentials are lost or organisational personnel change, we may require formal identity verification (e.g., government ID + written authorisation) before restoring access. This protects evidential integrity and prevents unauthorised access.

6. Data Sharing

We use selected subprocessors for hosting and security. All subprocessors are bound by data processing agreements compliant with UK GDPR/EU GDPR. No data is sold or shared for advertising.

7. Retention

Account data is retained until deletion. Uploaded documents remain until you delete them. Security logs may be retained for up to 90 days unless required longer by law.

8. Your Rights

You may request access, correction, deletion, restriction, data export, or withdrawal of consent at any time by contacting:
privacy@rareearthminerals.ai

9. International Transfers

Where data is transferred internationally (e.g., to subprocessors), we use lawful safeguards such as SCCs, adequacy decisions, or equivalent protections.

10. Changes

We may update this Privacy Policy. Continued use of the Service constitutes acceptance. Material changes will be communicated where feasible.