Privacy Policy

AICS Ltd ("AICS", "we", "us", "our") operates the website and application at app.aics.solutions. We are registered in the United Kingdom. Our contact address is United Kingdom. For data enquiries, contact us at info@aics.solutions.

We are committed to protecting your personal data and complying with the UK GDPR and the Data Protection Act 2018. We act as the data controller in respect of the personal data we collect through the service.

• Account data: Email address and password (stored as a one-way hash; we never see your plaintext password) when you register.
• Profile data: Full name, phone number, and postal address if you choose to provide them to improve scan coverage.
• Scan data: Email addresses and usernames you submit for breach checks. These are hashed or anonymised before being sent to our data providers (see §5).
• Usage data: IP addresses, browser type, pages visited, and timestamps, collected automatically for security and service operation.
• Payment data: Billing transactions are handled entirely by our secure payment processor. We receive only a customer reference and subscription status; we never see or store full card numbers.

We do not knowingly collect data from persons under the age of 18. If you are under 18, please do not use the service. If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly.

We use your data to:

• Provide and operate the AICS breach monitoring service
• Check your email addresses and usernames against breach and security intelligence databases
• Send you scan results, security alerts, and service-related emails
• Process your membership or one-time purchase via our secure payment processor
• Prevent fraud, abuse, and unauthorised access, and maintain the security of our systems
• Improve and develop the service based on aggregated, anonymised usage patterns
• Comply with our legal obligations

We do not sell, rent, or trade your personal data to third parties for any commercial purpose. We do not use your data for advertising or profiling.

• Contract performance: Processing necessary to provide the service you have registered for or purchased.
• Legitimate interests: Security monitoring, fraud prevention, abuse detection, and service improvement, provided these interests are not overridden by your rights.
• Consent: Where you have opted in to optional communications. You may withdraw consent at any time by contacting us or using account settings.
• Legal obligation: Where processing is required by UK law (e.g., financial record-keeping).

We do not use solely automated decision-making that produces legal or similarly significant effects in relation to you.

We share the minimum necessary data with carefully selected sub-processors who provide infrastructure and specialist services required to operate AICS. Each sub-processor is contractually bound to process data only as directed by AICS and to maintain appropriate technical and organisational security measures.

• Our secure infrastructure provider: authentication, database hosting, and data storage within UK/EU infrastructure.
• Our payment processor: secure payment processing. The processor's own privacy policy applies to payment data; we receive only a customer reference and subscription status.
• Our breach intelligence provider: we send a privacy-preserving hash of your email address to check for breach records. Your full email address is never transmitted.
• Our dark web database provider: deeper dark web searches, conducted only with your explicit consent as part of paid scans.
• Our transactional email provider: for sending scan results, security alerts, and account notifications.

We do not share your data with any other third party except where required by law or a valid court order, in which case we will notify you to the extent permitted by law.

• Account data is retained while your account is active and for 90 days following account deletion.
• Scan results are retained for the lifetime of your account to provide access to scan history.
• Usage and log data is retained for up to 12 months for security and operational purposes.
• Payment records are retained as required by UK tax and financial regulation (typically 7 years).

We review and purge unnecessary data at least annually.

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Rectification of inaccurate or incomplete data
• Erasure ("right to be forgotten"): request account and data deletion via your Account page or by emailing us
• Restriction of processing in certain circumstances
• Data portability: receive your data in a machine-readable format
• Object to processing based on legitimate interests
• Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, contact us at info@aics.solutions. We will respond within one calendar month. We may need to verify your identity before fulfilling a request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.

Your data is stored and processed within the United Kingdom and the European Economic Area (EEA). We do not transfer personal data to countries outside of jurisdictions covered by UK adequacy regulations or equivalent safeguards without first ensuring appropriate protections are in place (such as standard contractual clauses or binding corporate rules).

We use strictly necessary cookies only, specifically session authentication cookies required for the service to function securely. These cookies do not track you across other websites and do not require your consent under UK PECR.

We do not deploy analytics, advertising, or tracking cookies without your explicit consent. If we introduce any non-essential cookies in future, we will update this policy and obtain your consent before deploying them.

We implement industry-standard technical and organisational measures to protect your personal data, including encrypted connections (TLS/HTTPS), one-way password hashing, role-based access controls, and regular security reviews. No system is completely secure, and we cannot guarantee absolute security. We encourage you to use a strong, unique password and to enable two-factor authentication on your AICS account.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR.

We may update this policy from time to time to reflect changes in our practices or applicable law. Material changes will be notified by email or via a prominent notice in the application at least 14 days before the change takes effect. The "Last updated" date at the top of this page indicates when the most recent revision was made. Continued use of the service after the effective date of any changes constitutes your acceptance of the updated policy.

For any privacy queries or to exercise your data rights, contact us at info@aics.solutions.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.