1. Who we are
Valren AI Ltd ("Valren", "we", "our", "us") is a company registered in England and Wales. We provide AI-powered legal workflow software to professional and regulated organisations, including law firms, in-house legal teams, FCA-regulated fintechs, AML-regulated businesses, and accountancy firms.
We are the data controller for personal data processed in connection with our website, early access programme, and platform services. This Privacy Policy explains how we collect, use, store, and protect your personal data, and sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
You can contact us at: privacy@valren.ai
2. Information we collect
We collect the following categories of personal data, depending on how you interact with us:
Information you provide directly
- Contact information — first name, last name, email address, job title
- Organisation details — company name, company size, industry sector, country
- Correspondence — messages sent via our contact forms, emails, or support channels
- Early access applications — all information submitted through our request form
Information collected automatically
- Usage data — pages visited, features used, session duration, click paths, and interactions with platform components
- Technical data — IP address, browser type and version, device type, operating system, and referral URL
- Cookie data — preference identifiers, session tokens, and analytics identifiers (see Section 8 — Cookies)
Information about third parties
If you are an authorised user of the Valren platform on behalf of your organisation, you may input or upload documents and data that contain personal information about third parties (such as counterparties or clients). You remain responsible for ensuring you have a lawful basis to share that data with us. Our data processing agreement governs this relationship.
3. How we use your information
We use your personal data for the following purposes:
- To respond to enquiries, manage your early access application, and onboard you to the Valren platform
- To provide, operate, and maintain our services and platform features
- To communicate with you about your account, service updates, and relevant product developments
- To send marketing and product communications where you have consented or where we have a legitimate interest to do so
- To analyse usage patterns and improve the performance, security, and features of the platform
- To detect, investigate, and prevent fraudulent activity, security incidents, or abuse of our services
- To comply with applicable legal obligations, including regulatory requirements relevant to our sector
- To enforce our Terms of Service and other agreements
4. Legal bases for processing
We process your personal data only where we have a lawful basis under UK GDPR. The bases we rely on are:
- Contract performance — processing necessary to enter into or perform a contract with you, such as managing your access to the Valren platform
- Legitimate interests — processing necessary for our legitimate business interests, including improving the platform, ensuring security, preventing fraud, and communicating relevant product updates, where those interests are not overridden by your rights
- Legal obligation — processing required to comply with applicable laws or regulatory requirements
- Consent — processing based on your freely given, specific, and informed consent, including for non-essential cookies and certain direct marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing
6. Data retention
We retain your personal data only as long as necessary for the purposes for which it was collected, or as required by law. Our general retention periods are:
- Early access enquiries and contact form submissions — 2 years from the date of submission
- Customer and platform user records — for the duration of the relationship, plus 7 years thereafter for legal and regulatory purposes
- Technical and access logs — 90 days, except where required for security investigations
- Marketing preference records — until you withdraw consent or object to processing
When data is no longer needed, it is securely deleted or anonymised in accordance with our data retention procedures.
7. Your rights
Under UK GDPR, you have the following rights in respect of your personal data:
To exercise any of these rights, please contact us at privacy@valren.ai. We will respond within one month. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. International data transfers
Some of our service providers and AI infrastructure partners are located outside the United Kingdom. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
- Transfers to countries covered by UK adequacy regulations
- Use of the International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses
- Binding corporate rules or other approved transfer mechanisms where applicable
You may request further information about the specific safeguards in place for any given transfer by contacting privacy@valren.ai.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending an email to registered users or displaying a notice on our website.
We encourage you to review this page periodically to stay informed about how we protect your information.
11. Contact us
If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please get in touch.
Data Protection Enquiries
Email us at privacy@valren.ai and we will respond within 5 business days. For formal subject access requests or rights exercises, responses will be provided within one calendar month as required by UK GDPR.
If you believe your data protection rights have not been met, you may contact the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.