Privacy Policy

Last updated: 28 Jan 2025

01 Introduction

At Instill Tech Ltd (“Instill AI”, “we”, “us” or “our”), we are committed to protecting and respecting your privacy and personal data in compliance with applicable privacy laws, such as the GDPR. We are registered with the UK Information Commissioner’s Office (“ICO”) under number ZA788668.

This notice explains how and why we collect and process your personal data. It also provides information about your rights under applicable privacy laws, including the EU General Data Protection Regulation 2016/679, including as it forms part of UK law (the “GDPR”).

To further demonstrate our commitment to data protection, we have established a Data Protection Agreement (DPA), which outlines the mechanisms and safeguards we use to ensure the confidentiality, integrity, and security of your personal data. The Instill AI Data Protection Agreement is available here.

02 Contacting us

2.1. Types of Data / Privacy Policy scope

If you have any questions relating to this Privacy Policy and its contents, then you can get in touch with us at privacy@instill.tech. You can also write to us at 85 Great Portland Street, First Floor, London, W1W 7LT, United Kingdom.

03 When we process personal data

a. People who use our website or communicate with us

What personal data do we process?

  • IP addresses
  • Information about how you have interacted with our website
  • Your contact information (name, email address) if you contact us via email or another channel

Why do we process this personal data?

We use this information to optimise our website’s user experience and to respond to any queries that you send us.

We use your personal information in this way for the legitimate interests of our business.

b. People who use our services, our suppliers and partners

What personal data do we process?

  • Personal information (name, employer, job title)
  • Contact information (email address and phone numbers)
  • Payment information (account details, card number)
  • Records of correspondence (details of phone calls and emails)

Why do we process this personal data?

We primarily use this personal data to provide you or your organisation with our services. For example, we process some of this information in order to manage Instill Cloud accounts and to provide customers with support. We may also use this personal data for marketing purposes. Lastly, we may use this information to respond to regulatory requests or in the unlikely event that we wish to exercise our legal rights.

We use this personal information for the legitimate interests of our business. However, for certain purposes, such as direct marketing, the legal basis for our processing will be your consent. In the event that we are required to respond to a regulatory request, the legal basis for providing this data to a regulator will be complying with a legal obligation.

c. Personal data that is uploaded to Instill Cloud

What personal data do we process?

We may process personal data that is contained in the data that customers upload to our platform when using the services. Our processing of this personal data is incidental to our customers’ use of the services.

Why do we process this personal data?

We do not actively seek to process this information. However, if a customer uploads personal data to our platform when using the services, then we will process it in order to provide the services. More details about the safeguards we apply to uploaded data are outlined in our Data Protection Agreement.

We use this personal data for the legitimate interests of our business.

d. Job applicants

What personal data do we process?

  • Personal details (name, title, address)
  • Contact details (email address, phone number)
  • Employment and education history
  • Any personal information, including sensitive personal information, you provide us during the application process

Why do we process this personal data?

We use this personal data to carry out an effective job application process. To do this, we may use your personal data to contact you, carry out background checks, make sure you have appropriate rights to work, and to improve our hiring process.

We primarily use this personal data for the legitimate interests of our business. For some activities, such as right-to-work checks, we may be under a legal obligation to process your personal data.

e. Google Workspace data usage

When users connect their Google Workspace accounts to our platform, the following policies apply:

  1. No Use for generalized AI/ML models
    We affirm that any data obtained through Google Workspace APIs is not used to develop, improve, or train generalized or non-personalized AI and/or ML models.
  2. Use for personalized AI/ML models or assistants
    • If users use our platform to train personalized AI/ML models or build personalized AI assistants or agents, the data is processed exclusively to enhance functionality tailored to individual user needs.
    • All such activities are carried out transparently and only with the user’s explicit authorization.
  3. Control over third-party AI tool integration
    • We do not proactively transfer user data obtained through Google Workspace APIs to third-party AI tools.
    • Instead, our platform empowers users to build applications that allow them to determine when and how their data is shared with specific third-party AI platforms.
    • Any such transfer is initiated solely by the user, based on their explicit actions.
  4. Data Protection Measures
    • Encryption: All data obtained through Google Workspace APIs is encrypted in transit using Transport Layer Security (TLS) and at rest using advanced encryption standards to ensure its confidentiality and integrity.
    • Access Controls: Access to Google Workspace data is strictly limited to authorized personnel and systems. All access is logged, monitored, and subject to regular review to prevent unauthorized use.
    • Data Retention: Google Workspace data is retained only for as long as necessary to provide our services, fulfill user requests, or comply with legal obligations. Users have full control over deleting their data via the platform or by contacting us directly.
  5. Data Breach Notification
    In the unlikely event of a data breach impacting Google Workspace data, we will notify affected users and relevant authorities promptly, in compliance with applicable legal requirements and our Data Protection Agreement.

Transparency and user control:

We prioritize user transparency and control in managing their data. Any use of Google Workspace data aligns with the purpose specified by the user and complies with Google Workspace API policies. For more detailed information, refer to our Data Protection Agreement.

04 Who we share your personal data with

We may share your personal data with third parties in order to process it in the ways set out above. The third parties that we share your data with will depend on the nature of your relationship with us and may include the following:

  • cloud hosting providers
  • business intelligence and analytics provider
  • website hosting provider
  • payment service providers
  • customer relationship management software provider
  • marketing services providers
  • recruitment services providers
  • accountants and other professional service providers

Google workspace data sharing:

  • If users explicitly choose to integrate with third-party AI tools through our platform, we may facilitate the transfer of Google Workspace data based on user-defined conditions and preferences.
  • This transfer occurs only when initiated by the user, and we do not proactively share or transfer user data to any third-party AI tools.

Sub-processors and compliance:

  • All sub-processors engaged by us are contractually required to implement safeguards equivalent to those outlined in our Data Protection Agreement. These safeguards include robust encryption, access controls, and compliance with GDPR and other applicable privacy regulations.
  • A list of our sub-processors, their roles, and applicable safeguards is available in Annex B of our Data Protection Agreement or can be requested by contacting us at privacy@instill.tech.

In limited scenarios, we may be required to share your personal information with relevant regulators or law enforcement agencies, such as to comply with a legal obligation or respond to lawful requests.

05 Where we send and store your personal data

We may store your data in the UK, the EU and the US. We only transfer your personal data abroad if either the ICO has deemed that the destination country has an adequate level of protection of personal data or the contract governing the transfer of your personal data contains appropriate safeguards as required by the GDPR.

06 Your rights

Under the GDPR, you have the following rights in relation to the personal data relating to you that we hold:

  • access a copy of your personal data;
  • receive a copy of your personal data in a commonly-used machine readable format;
  • ask us to delete your personal data;
  • ask us to correct any inaccuracies in your personal data
  • withdraw any consent you have given to us about how we can process your personal data; and
  • opt-out of allowing us to use your personal data for direct marketing.

If you wish to exercise these rights, please send your request to privacy@instill.tech.

07 How to make a complaint

If you have a complaint about our use of your personal data, please contact us at privacy@instill.tech and we will address your concern.

If you find our handling of your complaint to be unsatisfactory, then you can refer your complaint to the ICO, which is the UK’s data protection regulator. You can find more information on how to contact them on their website at https://ico.org.uk/.

08 Updates to this policy

We will update this webpage if there are any changes to our privacy policy. This includes updates made to maintain compliance with API policies for integrations such as Google Workspace or to reflect changes to our Data Protection Agreement.

more knowledge less work Try Instill AI for free