Privacy Policy
Effective Date: 31 August 2025 | Last Updated: 31 August 2025
1. Definitions
For purposes of this Privacy Policy:
- Applicable Data Protection Laws means the UK General Data Protection Regulation (“UK GDPR”), the EU General Data Protection Regulation (“EU GDPR”), the UK Data Protection Act 2018, and the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), and all other relevant laws to the extent applicable.
- Personal Data has the meaning in Article 4(1) GDPR (any information relating to an identified or identifiable natural person) and “personal information” as defined under Cal. Civ. Code §1798.140.
- Processing has the meaning in Article 4(2) GDPR and includes any operation performed on Personal Data (e.g., collection, storage, use, disclosure, deletion), whether or not by automated means.
- Controller and Processor have the meanings in Articles 4(7) and 4(8) GDPR respectively.
2. Scope and Applicability
This Privacy Policy governs the Processing of Personal Data by Adoura.ai in the context of providing its services globally. By using Adoura.ai’s services, you acknowledge that your Personal Data will be processed in accordance with this Policy and Applicable Data Protection Laws.
3. Categories of Personal Data Collected
Adoura.ai may collect the following categories of Personal Data. We do not collect special categories of data within the meaning of GDPR Article 9.
GDPR / General Categories
- Identifiers & Account Data: email address.
- Payment Information: processed exclusively by Stripe; Adoura.ai does not store full payment card details.
- Technical Data: device information, IP address, cookies, browser type.
- Usage Data: account activity and session information necessary for service functionality.
CCPA/CPRA Categories (Disclosure Map)
| Category | Examples | Collected? | Business Purpose(s) | Disclosed To | Sold/Shared? |
|---|---|---|---|---|---|
| Identifiers | Email, device IDs, IP | Yes | Account, security, service delivery | Stripe; Google (technical/analytics) | No |
| Commercial Information | Transactions (via Stripe) | Yes (via Stripe) | Payment processing, fraud prevention | Stripe (processor) | No |
| Internet/Network Activity | Session logs, cookies | Yes | Service functionality, security | Google (technical/analytics) | No |
| Geolocation | Precise location | No | — | — | No |
| Inferences | Profiles, preferences | No | — | — | No |
| Sensitive Personal Information | e.g., health, biometrics | No | — | — | No |
4. Purposes and Legal Bases for Processing (GDPR Art. 6)
Personal Data is processed solely for the purposes set out below, relying on the indicated legal bases:
- Service Delivery & Contractual Necessity (Art. 6(1)(b)): account creation, service provision, and payment processing.
- Legal Obligations (Art. 6(1)(c)): compliance with applicable laws, including fraud prevention and financial recordkeeping.
- Legitimate Interests (Art. 6(1)(f)): ensuring service integrity, security, and improvements (balanced against data subject rights and freedoms).
Adoura.ai does not use Personal Data for targeted advertising or profiling and does not engage in automated decision-making within the meaning of GDPR Article 22.
5. Sources of Personal Data
- Directly from you: when you register, manage your account, or complete payments.
- Automatically: via essential cookies and session tracking required for functionality and security.
- From processors: Stripe (payments) and Google (technical/analytics) acting under written contracts.
6. Disclosure of Personal Data
Personal Data may be disclosed as follows:
- Payment Processing: Stripe, to process transactions securely. Adoura.ai does not store full card data.
- Technology/Analytics: Google, to support technical and analytic functionality necessary for the services.
- Legal/Compliance: to competent authorities where required by law, court order, or regulatory obligation.
- Business Transfers: to a successor entity in connection with a merger, acquisition, or corporate restructuring, subject to appropriate safeguards.
No sale or sharing: Adoura.ai does not sell or share Personal Data as those terms are defined under the CCPA/CPRA.
7. International Data Transfers & Safeguards
Personal Data is stored on secure servers in the European Union. Where transfers outside the UK/EEA occur (e.g., to certain processors), Adoura.ai implements safeguards in compliance with GDPR Chapter V, including where applicable:
- European Commission Standard Contractual Clauses (SCCs);
- UK Addendum to the SCCs;
- Reliance on adequacy regulations/decisions where available.
8. Retention of Personal Data
Adoura.ai retains Personal Data no longer than necessary for the purposes described in this Policy or as required by law:
- Account & Payment Data: retained until account deletion, subject to legal recordkeeping obligations.
- Technical Logs/Cookies: retained for up to twelve (12) months before anonymisation.
- Fraud/Security Data: retained for up to five (5) years where necessary for investigation and prevention.
Upon expiry of the applicable period, data is securely deleted or irreversibly anonymised.
9. Data Subject Rights (GDPR)
Subject to limitations under the GDPR, you may exercise the following rights:
- Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Portability (Art. 20), and Objection (Art. 21).
Submit requests to privacy@corelabsgroup.co.uk. We will respond within one (1) month; this may be extended by up to two (2) further months for complex or numerous requests, in which case you will be notified of the extension and reasons. We may require reasonable information to verify your identity before acting on your request.
10. Data Subject Rights (CCPA/CPRA)
California residents may exercise the following rights, subject to statutory exceptions:
- Right to Know (categories and specific pieces of Personal Data collected, used, or disclosed);
- Right to Delete Personal Data;
- Right to Correct inaccurate Personal Data;
- Right to Opt-Out of Sale/Sharing of Personal Data (Adoura.ai does not sell or share Personal Data);
- Right to Non-Discrimination for exercising rights.
Submit requests to privacy@corelabsgroup.co.uk. We will verify your request (including authorised agent requests) consistent with CCPA/CPRA and respond within applicable timeframes.
11. Security Measures
Adoura.ai implements appropriate technical and organisational measures pursuant to GDPR Article 32, including (without limitation): encryption in transit and at rest, access controls on a need-to-know basis, firewalls, monitoring, and regular backups.
12. Automated Decision-Making and Profiling
Adoura.ai does not engage in automated decision-making or profiling that produces legal or similarly significant effects concerning individuals within the meaning of GDPR Article 22.
13. Children’s Data
The services are not directed to children under thirteen (13) years in the United States or sixteen (16) years in the European Union/United Kingdom. Adoura.ai does not knowingly collect Personal Data from minors. If we become aware of such collection, we will promptly delete the data.
15. Data Breach Notification
In the event of a personal data breach, Adoura.ai will notify affected individuals where required by law and, where applicable, the relevant supervisory authority without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach, consistent with GDPR Articles 33 and 34.
16. Governing Law & Jurisdiction
This Privacy Policy shall be governed by and construed in accordance with the laws of England and Wales. Any disputes arising hereunder shall be subject to the exclusive jurisdiction of the courts of England and Wales.
17. Policy Updates
Adoura.ai may amend this Privacy Policy from time to time. Material changes will be communicated by email thirty (30) days prior to taking effect. Continued use of the services following the effective date constitutes acceptance of the revised Policy.
18. Contact Information
All inquiries or requests relating to this Privacy Policy should be addressed to:
Email: privacy@corelabsgroup.co.uk