Privacy Policy
Paraden AI Ltd ("Paraden", "we", "us", "our") is committed to protecting the privacy of all individuals whose data we process. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have in relation to it.
Paraden operates a B2B SaaS platform providing ARIA, an agentic intelligence layer that sits between a sales team's CRM and the team itself, handling research, intelligence, and outreach work alongside the client's existing CRM. This policy applies to: visitors to our website (paraden.ai); users of the Paraden platform (app.paraden.ai); business contacts whose data is processed through the Paraden platform by our clients; and prospective clients and partners who interact with Paraden AI Ltd directly.
| Key detail | Information |
|---|---|
| Data Controller | Paraden AI Ltd |
| Registered office | 157 Shenley Lane, London Colney, Hertfordshire, AL2 1LG |
| Registered in | England and Wales – company number 17178066 |
| ICO registration | Registered – reference ZC136291 |
| Contact for privacy matters | [email protected] |
| Lawful basis (B2B contact data) | Legitimate interest (UK GDPR Article 6(1)(f)) |
| Lawful basis (platform users) | Contract performance (UK GDPR Article 6(1)(b)) |
Contents
1. Who we are
Paraden AI Ltd is a technology company registered in England and Wales. We provide ARIA, an agentic intelligence layer for B2B sales teams that sits alongside the client's existing CRM. ARIA enables clients to conduct targeted prospecting, run outreach campaigns, and leverage AI agents to accelerate their business development activity, with structured outputs synchronised back to the client's CRM.
For the purposes of UK GDPR, Paraden AI Ltd is the Data Controller in respect of data we collect directly (for example, from platform users and website visitors). Where we process data on behalf of our clients, we act as a Data Processor and our clients act as the Data Controller for that data.
2. What data we collect and why
2a. Platform users (clients and their teams)
When an individual registers for or uses the ARIA platform, we collect:
| Data | Purpose and lawful basis |
|---|---|
| Name and email address | Account creation and authentication. Lawful basis: contract performance. |
| Job title and company name | Account configuration and platform personalisation. Lawful basis: contract performance. |
| Login activity and session data | Platform security, audit logging, and fraud prevention. Lawful basis: legitimate interest. |
| Usage data and feature interactions | Platform improvement, support, and product development. Lawful basis: legitimate interest. |
| Communications with Paraden support | Resolving queries and improving service quality. Lawful basis: legitimate interest. |
2b. B2B contact data processed on behalf of clients
Paraden processes B2B contact data entered into the ARIA platform by our clients, including data clients have sourced under their own contracts with third-party B2B data providers. This data relates exclusively to individuals in their professional capacity and includes full name and job title; business email address; business telephone number (office and mobile where available); company name, company website, and LinkedIn URL; and outreach history, campaign engagement, and pipeline stage.
Paraden processes this data as a Data Processor acting on behalf of our clients (the Data Controller). The lawful basis for this processing is legitimate interest under UK GDPR Article 6(1)(f), as documented in our Legitimate Interest Assessment. This data relates solely to individuals in their professional roles; no consumer personal data is processed.
2c. Website visitors
When you visit paraden.ai, we may collect your IP address and browser information for security and analytics purposes, and the pages visited and time spent on site, to understand how visitors use our website. We do not use tracking cookies or third-party advertising trackers on our website. Any analytics used are privacy-preserving and aggregate only.
3. How we use your data
| Purpose | Lawful basis |
|---|---|
| Providing and operating the Paraden platform | Contract performance |
| User authentication and account security | Contract performance / legitimate interest |
| Processing B2B contact data on behalf of clients | Legitimate interest |
| Communicating with platform users about their account | Contract performance |
| Sending product updates and relevant information to clients | Legitimate interest |
| Improving the platform through usage analysis | Legitimate interest |
| Complying with legal obligations | Legal obligation |
| Fraud prevention and platform security | Legitimate interest |
We do not sell personal data to any third party. We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.
4. Who we share data with
We share data only where necessary to operate the platform and deliver our services. Our current sub-processors are listed at our sub-processor list and include:
| Recipient | Purpose and safeguards |
|---|---|
| Anthropic, PBC | AI reasoning and content generation. USA – covered by Anthropic Commercial Terms (DPA, SCCs, UK Addendum). |
| Railway Corp | Cloud hosting of the Paraden platform and database. USA – covered by Railway DPA, SCCs and UK Addendum. |
| Microsoft Corporation | Email integration via Microsoft Graph where enabled by the client. USA / EEA – covered by Microsoft DPA. |
| Perplexity / Tavily | Real-time web search for market intelligence (publicly available data only). USA – covered by supplier DPAs. |
All third-party processors are subject to data processing agreements and are required to maintain appropriate technical and organisational security measures. We do not transfer personal data outside the UK or EEA without appropriate safeguards in place.
5. Data retention
| Data type | Retention period |
|---|---|
| Platform user account data | Duration of the client contract plus 12 months following termination |
| B2B contact data processed for clients | Duration of the client contract plus 12 months following termination |
| Outreach and campaign history | Duration of the client contract plus 12 months following termination |
| Website visitor data | 90 days, then aggregated and anonymised |
| Support communications | 3 years from date of communication |
| Legal and financial records | 7 years in accordance with UK legal requirements |
At the end of the retention period, data is securely deleted from all Paraden systems. Clients may request early deletion of their data at any time by contacting [email protected].
6. Data security
Paraden takes the security of personal data seriously. We implement the following technical and organisational measures:
- All data is stored in a PostgreSQL database hosted on Railway with Row Level Security (RLS) enforced – no client's data is accessible to any other client;
- All data in transit is encrypted using TLS 1.2 or higher;
- Access to the platform requires authenticated login with bcrypt password hashing or Google OAuth;
- Access to production systems is restricted to authorised personnel only;
- API keys and secrets are stored as environment variables and never exposed in code;
- Regular security reviews are conducted and findings acted upon promptly.
In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, and will notify affected individuals where required.
7. Your rights
| Right | What it means |
|---|---|
| Right of access | You can request a copy of the personal data we hold about you. |
| Right to rectification | You can ask us to correct inaccurate or incomplete data. |
| Right to erasure | You can ask us to delete your data where there is no compelling reason for us to continue processing it. |
| Right to restrict processing | You can ask us to pause processing of your data in certain circumstances. |
| Right to object | You can object to processing based on legitimate interest at any time. |
| Right to data portability | You can request your data in a structured, machine-readable format. |
| Right to withdraw consent | Where processing is based on consent, you can withdraw it at any time. |
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. There is no charge for making a request.
If you are a business contact whose data has been processed by one of our clients through the Paraden platform, you should contact that client directly as they are the Data Controller for your data. We will assist clients in responding to such requests.
If you are not satisfied with how we handle your data or respond to your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
The Paraden platform (app.paraden.ai) is a B2B SaaS application accessed by authenticated users. We use only essential cookies necessary for the platform to function, including session authentication tokens. We do not use marketing, tracking, or analytics cookies.
Our public website (paraden.ai) uses minimal, privacy-preserving analytics only. No third-party advertising or tracking cookies are used. Full details are in our Cookie Policy.
9. B2B contact data – your rights as a data subject
If you are an individual whose business contact details are held within the Paraden platform by one of our clients, you have the right to:
- Object to your data being used for direct marketing purposes – reply to any outreach with a request to be removed and your details will be suppressed from all future outreach by that client within 5 business days;
- Request access to the data held about you – contact [email protected] and we will facilitate this with the relevant client;
- Request erasure of your data – contact [email protected] and we will action this with the relevant client.
Processing of B2B contact data is conducted under the legitimate interest lawful basis. Our full Legitimate Interest Assessment is available on request.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes to our processing activities, legal requirements, or platform features. The current version will always be available at paraden.ai/privacy. Where changes are material, we will notify active platform users by email.
11. Contact us
| Contact method | Details |
|---|---|
| Privacy enquiries | [email protected] |
| General contact | [email protected] |
| Website | paraden.ai |
| Platform | app.paraden.ai |
| Registered company | Paraden AI Ltd, registered in England and Wales – company number 17178066 |
| Registered office | 157 Shenley Lane, London Colney, Hertfordshire, AL2 1LG |
| ICO registration | Registered – reference ZC136291 |
We aim to respond to all privacy-related enquiries within 5 business days and to all formal rights requests within 30 days.