Coresix
Sign in
Legal

Privacy Policy

Last updated: 24 April 2026

This Privacy Policy explains how Ctrl-N Ltd. ("Coresix", "we", "us", "our") collects, uses, discloses, and protects personal data when you visit our websites, use our products and services, or otherwise interact with us. We are committed to processing personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("EU GDPR"), and applicable data protection laws in the Middle East, including the UAE Federal Decree-Law No. 45 of 2021, the DIFC Data Protection Law (DIFC Law No. 5 of 2020), the ADGM Data Protection Regulations 2021, and the Saudi Personal Data Protection Law (PDPL).

1. Who we are

Coresix is a product of Ctrl-N Ltd., a company registered in England and Wales under company number 16375438, with its registered office at 128 City Road, London, EC1V 2NX, United Kingdom. For the purposes of the UK GDPR and EU GDPR, Ctrl-N Ltd. is the controller of the personal data described in this Policy when you interact with our website, sales, and marketing activities, and a processor of personal data that you submit into our products on behalf of your organisation.

2. Personal data we collect

  • Identity and contact data: name, job title, employer, business email address, business phone number.
  • Account data: login credentials, authentication tokens, role, organisation, and preferences.
  • Booking and onboarding data: information you provide when scheduling a pilot, including team size and the problem you want to solve.
  • Usage data: log data, IP address, device and browser type, language, pages viewed, referring URL, timestamps, and feature interactions.
  • Cookies and similar technologies: see our Cookies Policy.
  • Customer content: data you or your users upload, transmit, or generate while using our services. We process this on your instructions as a processor.

3. How we use personal data and legal bases

  • To provide the service — performance of a contract (UK/EU GDPR Art. 6(1)(b)).
  • To communicate with you about pilots, support, and account matters — performance of a contract or legitimate interests (Art. 6(1)(f)).
  • To send marketing communications — consent (Art. 6(1)(a)) or legitimate interests where permitted; you can opt out at any time.
  • To secure, monitor, and improve the service — legitimate interests in operating a safe, reliable platform.
  • To comply with legal obligations — Art. 6(1)(c).

4. Sharing your personal data

We share personal data with:

  • Trusted sub-processors that host, secure, and operate the service (cloud infrastructure, email delivery, analytics, customer support, scheduling).
  • Professional advisers (lawyers, auditors, accountants) under duties of confidentiality.
  • Authorities and regulators where required by law or to protect rights, safety, and property.
  • Acquirers in the event of a merger, acquisition, or sale of assets, subject to appropriate safeguards.

We do not sell personal data.

5. International transfers

Our default hosting region for customer content is the European Union. Where personal data is transferred outside the UK, EEA, or your local jurisdiction, we rely on appropriate safeguards including the UK International Data Transfer Agreement (IDTA) or Addendum, the EU Standard Contractual Clauses (2021/914), and equivalent mechanisms recognised under UAE, DIFC, ADGM, and Saudi PDPL rules. A copy of the safeguards is available on request.

6. Data retention

We retain personal data only for as long as necessary for the purposes set out above, to comply with legal, accounting, or reporting obligations, and to resolve disputes. Customer content is retained in accordance with your instructions and the Data Processing Addendum. Backup copies are retained on a rolling basis and deleted in line with our backup cycle.

7. Security

We implement appropriate technical and organisational measures designed to protect personal data, including encryption in transit and at rest, access controls, network segregation, logging, and regular security testing. No method of transmission or storage is 100% secure, but we work to protect your data using industry-standard practices.

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Request rectification of inaccurate or incomplete data.
  • Request erasure of your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Data portability.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ICO); in the EU, your local Data Protection Authority; in the UAE, the UAE Data Office; in DIFC, the DIFC Commissioner of Data Protection; in Saudi Arabia, the Saudi Data & AI Authority (SDAIA).

To exercise any of these rights, contact us at privacy@coresix.eu.

9. Children

Our service is intended for business use and is not directed at children under 16. We do not knowingly collect personal data from children.

10. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated by posting the updated Policy on our website and, where appropriate, by email.

11. Contact us

Ctrl-N Ltd.
128 City Road, London, EC1V 2NX, United Kingdom
Company number: 16375438
Email: privacy@coresix.eu