Data Protection & Cyber Security Compliance

Irontic AI processes personal data of individuals in the European Union and European Economic Area in strict accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

Lawful, Fair, and Transparent Processing

We process data lawfully, fairly, and transparently. We adhere to purpose limitation and data minimization principles, ensuring we only collect data necessary for specific, explicit, and legitimate purposes.

Legal Bases for Processing

• Contract Performance: Processing necessary to provide our services and fulfill contractual obligations.
• Legal Obligation: Processing required to comply with statutory and regulatory requirements.
• Legitimate Interest: Processing necessary for our legitimate business interests, provided these do not override data subject rights.
• Consent: Where required, we obtain explicit consent which can be withdrawn at any time.

Data Subject Rights

We respect and uphold the rights of data subjects, including:

• Right of access and rectification.
• Right to erasure ("right to be forgotten").
• Right to restriction of processing and objection.
• Right to data portability.

Data subjects may exercise their rights by contacting Irontic AI through our official contact channels. You also have the right to lodge a complaint with a relevant supervisory authority.

International Data Transfers

Irontic AI ensures that any international transfer of personal data is protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) and robust technical and organizational measures.

Irontic AI operates in the United Kingdom and aligns its operations with the UK GDPR, the Data Protection Act 2018, and the requirements of the UK Cyber Security and Resilience Bill (2025).

Security-by-Design & Security-by-Default

We implement security at the core of our development lifecycle. Our platform is designed to be secure by default, minimizing attack surfaces and strictly controlling access to data.

Governance & Incident Response

We maintain governance and risk management controls aligned with recognized best practices (such as NCSC guidelines and ISO 27001 standards). Our platform supports advanced cyber incident detection, automated response, and mandatory reporting capability, ensuring resilience against evolving threats.

We employ comprehensive technical and organizational measures to protect the confidentiality, integrity, and availability of systems and data, including:

• Encryption in transit and at rest
• Strict Access Control (RBAC)
• Comprehensive Audit Logging
• Continuous Threat Monitoring
• Regular Vulnerability Assessments
• Secure Development Lifecycle (SDLC)

Irontic AI is dedicated to continuous improvement. We regularly review and enhance our privacy, security, and compliance controls to address evolving regulatory requirements and the changing cyber threat landscape.

Our commitment is supported by our own AI-driven governance, risk, and compliance (GRC) capabilities, ensuring that we practice what we preach—maintaining a state of continuous audit readiness.