Privacy Policy

Last updated: 12 March 2026 — DeepDyve AI Technologies Ltd (trading as INDEKS.AI)

This Privacy Policy explains how DeepDyve AI Technologies Ltd (trading as “INDEKS.AI”), a company registered in England and Wales, collects, uses, stores, and shares your personal data when you use the INDEKS Research platform at research.indeks.ai (the “Service”). We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller for personal data processed through the Service is:

DeepDyve AI Technologies Ltd
Trading as INDEKS.AI
Email: privacy@indeks.ai

2. What Data We Collect

We collect the following categories of personal data:

  • Account information: your name, email address, country, and account creation date.
  • Authentication data: your password, which is stored only in a securely encrypted (hashed and salted) form. We never store or have access to your plaintext password.
  • Usage data: your research queries, session history, research domain selections, and IDX token usage.
  • Payment data: if you purchase a subscription or top-up, payment processing is handled by Stripe. We store your Stripe customer identifier but do not store your full card number, CVV, or other sensitive payment details on our servers.
  • Consent records: whether you have opted in to receive marketing communications.
  • Technical data: IP addresses, browser type, and device information collected automatically through server logs and cookies necessary for the operation of the Service.

3. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

  • To provide the Service (contractual necessity): creating and managing your account, processing your research queries, managing subscriptions and IDX balances.
  • To improve the Service (legitimate interest): analysing usage patterns to improve the quality, performance, and reliability of our research models and user experience.
  • To communicate with you (contractual necessity / legitimate interest): sending transactional emails related to your account, responding to support enquiries, and notifying you of material changes to the Service or these policies.
  • To send marketing communications (consent): if you have opted in, we may send occasional updates about new features, research domains, or offers. You can withdraw this consent at any time.
  • To comply with legal obligations (legal obligation): responding to lawful requests from regulatory authorities, law enforcement agencies, or courts.

4. Data Storage and Security

  • Your personal data is stored on servers located in the United Kingdom and/or European Economic Area (EEA) countries.
  • Passwords are stored using industry-standard one-way encryption (bcrypt hashing with salt). We cannot retrieve or view your password.
  • We use TLS/SSL encryption for all data transmitted between your browser and our servers.
  • Access to personal data is restricted to authorised personnel on a need-to-know basis.
  • We conduct regular reviews of our security practices and update them in line with industry best practices.

5. Data Sharing

We do not sell your personal data to third parties. We may share your data in the following limited circumstances:

  • Service providers: we use trusted third-party services (such as Stripe for payments, cloud hosting providers for infrastructure, and email delivery services) who process data on our behalf under appropriate data processing agreements.
  • Partners with legitimate interest: we may share limited, non-sensitive personal data with selected partners where there is a legitimate business interest, such as analytics or service improvement. We will never share your data with partners for unsolicited marketing without your explicit consent.
  • Law enforcement and regulators: we may disclose personal data where required by law, regulation, or valid legal process, or where we reasonably believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain certain data for legal, regulatory, or legitimate business purposes (such as financial records required by tax law).

Research session data and query history may be retained in anonymised form for the purpose of improving our models and Service.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may request that we correct any inaccurate or incomplete data.
  • Right to erasure: you may request that we delete your personal data, subject to legal retention obligations.
  • Right to restrict processing: you may request that we limit how we use your data in certain circumstances.
  • Right to data portability: you may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object: you may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: where processing is based on your consent (e.g. marketing emails), you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@indeks.ai. We will respond within one calendar month as required by law.

8. Cookies

We use strictly necessary cookies to operate the Service, including session cookies for authentication and guest session management. These cookies are essential and cannot be disabled without breaking core functionality.

We do not use third-party advertising or tracking cookies.

9. International Transfers

Your data is primarily stored in the UK and EEA. Where data is processed by third-party service providers outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO) or adequacy decisions.

10. Younger Users

The Service is open to users of all ages, including school and university students. If you are under 18, we require that you have permission from a parent or guardian before creating an account. We process the personal data of younger users under the same protections described in this policy. If a parent or guardian wishes to review, amend, or delete their child’s data, please contact us at privacy@indeks.ai.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email address associated with your account or through a prominent notice on the Service. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

12. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

ico.org.uk/make-a-complaint

13. Contact

For any questions or requests related to this Privacy Policy or your personal data, please contact us at:

privacy@indeks.ai — or visit our contact page.