Privacy Policy

Last updated: 17 March 2026

1. Introduction

ComunAI Ltd ("ComunAI", "we", "us", or "our"), a company registered in England and Wales under company number 17081930, with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom, is committed to protecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (comun.ai) and use our applications and services (collectively, the "Services"). Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Services.

2. Information We Collect

2.1 Personal Data

We may collect personally identifiable information that you voluntarily provide to us when you:

  • Register for an account
  • Subscribe to our newsletter
  • Contact us via email or forms
  • Use our applications

This may include your name, email address, and any other information you choose to provide.

2.2 Health and Biometric Data

Some of our applications may collect health-related data, including data from wearable devices, activity data, and other biometric information. This data is collected only with your explicit consent and is processed in accordance with Article 9 of the UK GDPR. You may withdraw your consent at any time.

2.3 Usage Data

We automatically collect certain information when you access our Services, including your IP address, browser type, operating system, access times, pages viewed, and the referring URL.

2.4 Device Data

We may collect data about the device you use to access our Services, including the device type, operating system, unique device identifiers, and mobile network information.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Personalise your experience
  • Send you updates, newsletters, and marketing communications (with your consent)
  • Respond to your enquiries and provide customer support
  • Monitor and analyse usage trends to improve our Services
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

  • Consent: Where you have given us clear consent to process your personal data for a specific purpose, particularly for health data and marketing communications.
  • Contract: Where processing is necessary for the performance of a contract with you.
  • Legitimate Interests: Where processing is necessary for our legitimate interests, provided these are not overridden by your rights.
  • Legal Obligation: Where processing is necessary to comply with a legal obligation.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (e.g., hosting, analytics, email delivery), under strict data processing agreements.
  • Legal Requirements: If required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
  • With Your Consent: We may share your data for other purposes with your explicit consent.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws. When your data is no longer needed, we will securely delete or anonymise it.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is 100% secure.

8. Your Rights

Under the UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request restriction of processing in certain circumstances.
  • Data Portability: Receive your data in a structured, commonly used format.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@comun.ai.

9. International Data Transfers

Your information may be transferred to and processed in countries outside the United Kingdom. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with UK data protection law, including Standard Contractual Clauses or adequacy decisions.

10. Children's Privacy

Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@comun.ai
  • Post: ComunAI Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.