Privacy Policy
Effective Date: 22 March 2026 Last Updated: 28 May 2026
1. Introduction
CTrend Ltd ("Company", "we", "us", or "our"), a company registered in England and Wales (Company Number: 17200901, Registered Address: 61 Bridge Street, Kington, Herefordshire, HR5 3DJ), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the CTrend platform ("Service").
This policy applies to all users of the Service, including: - Account holders (operators, administrators) - End users who interact through connected messaging channels - Visitors who use the webchat widget embedded on third-party websites - Users of the CTrend mobile application - Users of the CTrend browser extension
Data Controller: CTrend Ltd, registered in England and Wales (Company Number: 17200901). Registered Address: 61 Bridge Street, Kington, Herefordshire, HR5 3DJ Contact: privacy@ctrend.co.uk
2. Data We Collect
2.1. Account Data
- Full name, email address, password (hashed)
- Organisation/tenant name
- Role and membership information
- Subscription plan and billing status
2.2. Messaging Data
- Messages sent and received through connected channels (Telegram, WhatsApp, Instagram, Messenger, Viber, Email, Webchat)
- Conversation metadata (timestamps, channel type, message direction, language)
- Contact information of message participants (phone numbers, email addresses, usernames, display names)
- Message translations (automatically generated for multilingual conversations)
2.3. AI Processing Data
- Message content processed by AI models for automated responses
- AI agent configuration (persona prompts, knowledge bases, skills)
- Conversation context and history used for generating responses
- Contact memory: facts automatically extracted by AI from conversations (e.g., name, preferences, prior topics) to provide personalised responses
- Knowledge base documents uploaded by operators, indexed as vector embeddings for retrieval-augmented generation (RAG)
- AI skill execution logs (tool calls, API requests made on behalf of AI agents)
2.4. Voice and Audio Data
- Voice messages received through messaging channels
- Audio transcriptions generated via speech-to-text (STT) services
- Audio files are processed in real-time and not stored beyond the transcription process
2.5. Usage Data
- Message counts and quota consumption
- Feature usage and subscription status
- Login timestamps and IP addresses
- AI token usage and cost metrics
2.6. Technical Data
- Browser type and version
- Device type, operating system, and screen resolution
- Cookies and local storage preferences (see our Cookie Policy)
2.7. Mobile Application Data
- Device identifiers (anonymised)
- Push notification tokens (for message delivery)
- App version and platform (Android/iOS)
- Offline message cache (stored locally on device, encrypted)
- Biometric authentication: The mobile app supports fingerprint and face recognition login. Biometric data is processed entirely on-device using the operating system's secure enclave. No biometric data is transmitted to or stored on our servers. Only the authentication result (success/failure) is used to retrieve locally stored credentials.
2.8. Browser Extension Data
- WhatsApp Web session context (for translation and AI features)
- Extension usage quotas (translation count, STT count)
- Extension configuration and language preferences
- Extension tokens are stored securely in browser local storage
2.9. Campaign and Broadcast Data
- Audience selection criteria for bulk messaging
- Campaign execution logs (delivery status, timestamps)
- Broadcast message content and templates
2.10. Webhook and Integration Data
- Webhook endpoint URLs configured by operators
- Event delivery logs (timestamps, HTTP status codes, retry attempts)
- Integration credentials (encrypted at rest)
3. How We Use Your Data
We process your personal data for the following purposes:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| Providing the Service (messaging, AI agents, webchat) | Performance of contract (Art. 6(1)(b)) |
| Processing messages through connected channels | Performance of contract (Art. 6(1)(b)) |
| AI-powered automated responses and routing | Legitimate interest (Art. 6(1)(f)) — see §3.1 |
| Contact memory extraction (personalised AI responses) | Legitimate interest (Art. 6(1)(f)) — see §3.2 |
| Automatic message translation | Legitimate interest (Art. 6(1)(f)) |
| Voice transcription (STT) | Performance of contract (Art. 6(1)(b)) |
| Knowledge base indexing and RAG retrieval | Performance of contract (Art. 6(1)(b)) |
| Billing and payment processing | Performance of contract (Art. 6(1)(b)) |
| Campaign and broadcast messaging | Legitimate interest (Art. 6(1)(f)) |
| Webhook event delivery to operator endpoints | Performance of contract (Art. 6(1)(b)) |
| Service security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Service improvement and analytics | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
| Email communications (welcome, password reset) | Performance of contract (Art. 6(1)(b)) |
3.1. AI Automated Decision-Making (Art. 22)
Our Service uses AI agents to automatically process and respond to incoming messages. This includes: - Message routing: AI determines whether to respond automatically or escalate to a human operator - Escalation decisions: AI may escalate conversations based on keyword detection or confidence thresholds - Response generation: AI generates replies based on configured persona, knowledge base, and conversation history
These automated decisions do not produce legal effects or similarly significant effects on end users. The Service provides operators with the ability to: - Review and override any AI decision - Disable AI responses for specific contacts or conversations - Configure escalation rules to ensure human review
If you believe an automated decision has significantly affected you, you may contact us at privacy@ctrend.co.uk to request human review.
3.2. Contact Memory — Balancing Test
We use AI to extract factual information from conversations (e.g., customer name, vehicle model, service preferences) to provide personalised responses in future interactions. We rely on legitimate interest (Art. 6(1)(f)) because:
- Purpose: Improving service quality by remembering customer context across sessions
- Necessity: Without memory, AI agents would require customers to repeat information
- Balancing: Only factual, non-sensitive data is extracted. Operators can disable memory per tenant. End users can request deletion of their contact memory via privacy@ctrend.co.uk
4. Data Sharing
We share your data with the following categories of recipients:
4.1. Sub-Processors
See our Sub-Processor List for the current list of third-party services that process data on our behalf.
4.2. Messaging Platforms
When you connect a messaging channel (e.g., Telegram, WhatsApp, Email), messages are transmitted through the respective platform's infrastructure in accordance with their own privacy policies.
4.3. AI and Language Providers
If you use AI features, message content may be processed by: - Anthropic PBC (United States) — AI inference (Claude models) - OpenRouter Inc. (United States) — AI model routing and inference - OpenAI Inc. (United States) — Speech-to-text, translation, AI inference - Groq Inc. (United States) — Speech-to-text transcription - Google LLC (United States) — Translation services, calendar integration
AI providers process data under strict data processing agreements. Your data is not used for model training by any of our AI providers.
4.4. Payment Processor
Payment data is processed by Paddle.com Market Ltd (United Kingdom). We do not store credit card numbers. Paddle acts as the Merchant of Record for all transactions.
4.5. Operator-Configured Integrations
Operators may configure: - Webhook endpoints that receive event notifications containing message and conversation data - CRM integrations (e.g., HubSpot) that sync contact information - Calendar integrations (Google Calendar) for appointment booking - n8n workflows for custom automation
Data shared through these integrations is controlled by the operator (data controller) and subject to their own privacy policies.
4.6. Legal Requirements
We may disclose your data if required by law, court order, or governmental authority.
5. International Data Transfers
Some of our sub-processors are located outside the United Kingdom (primarily the United States). Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the ICO
- UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs
- Adequacy decisions by the Secretary of State
Specific transfer mechanisms for each sub-processor are documented in our Sub-Processor List.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account; deleted immediately on account deletion request |
| Messages and conversations | Duration of account; deleted immediately on account or contact deletion request |
| Contact memory (AI-extracted facts) | Duration of account; deletable on request per contact |
| Knowledge base documents and embeddings | Duration of account; deleted immediately on account deletion |
| AI processing logs | 90 days (automatically purged) |
| Skill execution logs | 90 days (automatically purged) |
| Campaign execution logs | 90 days (automatically purged) |
| Webhook event logs | 30 days (automatically purged) |
| Media files (images, audio, video, documents) | 48 hours; cached on server for mobile delivery, then permanently deleted |
| Payment records | 7 years (legal requirement) |
| Server and access logs | 30 days |
| Deduplication keys | Configurable per tenant (default: 14 days) |
| Password reset tokens | 1 hour (expired tokens automatically purged) |
| Email verification tokens | 24 hours (expired tokens automatically purged) |
| Trial abuse prevention records | Indefinite (channel identifiers used in free trials are retained to prevent repeated trial abuse, even after account deletion) |
| Abuse event logs | Retained with account link removed (anonymised) |
After the retention period, data is permanently deleted from all active systems by automated cleanup workers. Data export is available before account deletion via Settings > Data Export.
7. Your Rights
Under the UK GDPR, you have the right to:
- Access your personal data (Art. 15) — request a copy of all data we hold about you
- Rectify inaccurate data (Art. 16)
- Erase your data ("right to be forgotten") (Art. 17) — including per-contact and per-conversation deletion
- Restrict processing (Art. 18)
- Data portability (Art. 20) — receive your data in a structured, machine-readable format (JSON)
- Object to processing based on legitimate interest (Art. 21)
- Not be subject to automated decision-making (Art. 22) — see §3.1 above
- Withdraw consent where processing is based on consent (Art. 7(3))
How to Exercise Your Rights
Contact us at privacy@ctrend.co.uk with your request. We will verify your identity before processing.
- Response time: Within one month. This period may be extended by two months for complex requests, and we will inform you of any extension within the first month.
- Data export: Available on request in JSON format via the account menu. Exports may be requested once per 24 hours (Art. 12(5) — protection against excessive requests).
- Account deletion: Operators can delete their entire tenant from the Service settings. Upon account deletion, all associated data is permanently deleted immediately, with the following exception required by law: billing and payment records (transaction amounts, taxes, dates, currency) are retained for 7 years as required by UK tax law (HMRC record-keeping requirements under the Finance Act and Companies Act). At the point of account deletion, these records are anonymised by removing the link to your account, so they cannot be associated with you as an identifiable individual. Full transaction records are also maintained by our payment provider Paddle as Merchant of Record under their own retention obligations.
- Per-contact erasure: Operators can request deletion of specific contact data and conversation history.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption at rest: All message content, secrets, API keys, and credentials encrypted with Fernet symmetric encryption. Each tenant has a unique encryption key for data isolation
- Encryption in transit: TLS 1.2+ for all data transmission
- Password security: bcrypt hashing with salt
- Access controls: Role-based permissions (owner, admin, operator, viewer)
- Multi-factor authentication: Available via Authelia gateway for admin access
- Network isolation: AI Gateway and database services not exposed to the public internet
- SSRF protection: Internal network addresses blocked in HTTP skill execution
- Prompt injection protection: AI tool results sanitised to prevent injection attacks
- Regular security reviews and vulnerability assessments
9. Data Protection by Design (Art. 25)
We apply data protection principles throughout the design and development of the Service:
- Data minimisation: We collect only data necessary for the Service functionality
- Purpose limitation: Data collected for one purpose is not repurposed without additional legal basis
- Storage limitation: Retention periods defined for each data category (see §6)
- Integrity and confidentiality: Encryption, access controls, and audit logs protect data throughout its lifecycle
- Privacy by default: New features default to the most privacy-protective settings
10. Data Breach Notification
In the event of a personal data breach:
- To the ICO: We will notify the Information Commissioner's Office within 72 hours of becoming aware of a breach that is likely to result in a risk to your rights and freedoms.
- To affected individuals: Where a breach is likely to result in a high risk to your rights, we will inform affected individuals without undue delay, describing the nature of the breach and the measures taken.
- To data controllers (operators): We will notify operator organisations as specified in our DPA.
11. Data Protection Officer
CTrend Ltd has appointed an internal Data Protection Officer (DPO):
DPO: Dmytro Solohub Email: dpo@ctrend.co.uk
The DPO is responsible for overseeing data protection compliance, responding to data subject requests, and maintaining the company's Data Protection Impact Assessments.
For general privacy enquiries, you may also contact: privacy@ctrend.co.uk
12. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service (in-app notification) and/or via email. The "Last Updated" date at the top of this policy indicates when it was last revised. We encourage you to review this page periodically.
14. Complaints
If you have concerns about how we handle your data, you may contact us at privacy@ctrend.co.uk.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: https://ico.org.uk
- Telephone: 0303 123 1113
15. Contact
CTrend Ltd Company Number: 17200901 61 Bridge Street, Kington, Herefordshire, HR5 3DJ Email: privacy@ctrend.co.uk