Privacy Policy

1. Who we are and how to contact us

Corpus Logic provides AI-assisted freight intelligence software to freight and logistics operators. For the personal data described in this policy that you give us directly (for example through our website or a demo request), we are the data controller. For operational data contained in a customer's tenant account, the customer is the controller and we act as a data processor on documented instructions (see section 7 and our Data Processing Agreement).

We have not appointed a statutory Data Protection Officer because we are not required to under UK GDPR Article 37. Privacy matters are owned internally and reachable at support@corpuslogic.com; we will appoint and name a DPO here if our processing later requires one.

2. Personal data we collect

• Identity and contact: name, work email, company, phone (optional), and message content from demo or enquiry forms.
• Account data: name, work email, organisation, role, and authentication identifiers managed by our auth provider (we do not store passwords in plain text).
• Operational data: jobs, customers, drivers, vehicles, quotes, documents, GPS/position data, and communications that customers enter or ingest into the platform. This may include personal data about our customers’ employees, drivers, and contacts.
• Technical data: IP address, browser and device type, request logs, and security telemetry needed to operate and protect the service.
• Cookie and consent records: your cookie preference and timestamps (see our Cookie Policy).

We do not knowingly collect special category data unless a customer uploads it in the course of legitimate freight operations; customers are responsible for having a lawful basis to upload such data and for any required Article 9 condition.

3. Categories of data subjects

Depending on the context, personal data may relate to:

• Website visitors and people who submit demo or contact enquiries.
• Users we provision with platform accounts (your staff and authorised users).
• Individuals whose data appears inside a customer’s tenant — for example a customer’s own employees, drivers, contacts, and end-customers.
• People who correspond with us by email, phone, or SMS.

4. How and why we use personal data

Our AI worker (NARUS) extracts figures verbatim from source documents and prepares drafts for human approval. It does not make irreversible commercial commitments without a person's decision. We do not use one customer's operational data to train models for another customer, and we never share data between tenants. See our Responsible AI statement.

5. Our legitimate interests

Where we rely on legitimate interests (Art 6(1)(f)), we have balanced those interests against your rights and freedoms. Our legitimate interests include running and growing a B2B software business, keeping the service and our users secure, preventing fraud and misuse, and improving the product. You can object to processing based on legitimate interests — see section 12.

6. Demo and enquiry requests

• We use your submission only to contact you about the requested demonstration and related pre-contract discussions.
• You must tick the required consent box on the form acknowledging this processing; optional marketing is separate and off by default.
• If you do not become a customer, we delete demo enquiry records within 24 months of last contact unless a longer period is required by law or you ask us to delete sooner.
• We do not sell demo enquiry data or share it for third-party advertising.

7. Controller and processor roles

Website visitors and demo enquirers: Corpus Logic is the controller. Platform customers: you are the controller for operational data; Corpus Logic is the processor under your contract and the Data Processing Agreement. Individuals whose data appears only inside a customer account should contact that customer (the controller) first; we will assist the customer with data subject requests as required by law and our DPA.

8. Automated processing and AI

The platform uses automated processing, including large language models, to extract structured fields from emails and documents, plan routes, and surface draft actions. These outputs are presented for human review before outward commitments. You have the right not to be subject to a decision based solely on automated processing where UK GDPR Article 22 applies; our product is designed so a person approves material actions. Full detail of how we govern AI is in our Responsible AI statement. Contact support@corpuslogic.com if you have concerns about a specific automated output relating to you.

9. Recipients and sub-processors

We use carefully selected service providers under written confidentiality and data-protection terms, including providers for cloud hosting and managed databases, authentication, email and SMS delivery, AI model inference, mapping and geocoding, and error monitoring. A current, named list is on our Sub-processors page. We do not sell personal data.

10. International transfers

Some providers may process data outside the UK. Where we transfer personal data internationally, we use appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement (or the EU Standard Contractual Clauses with the UK Addendum), plus supplementary measures where a transfer risk assessment requires them. You can request information about the safeguards we use from support@corpuslogic.com.

11. Marketing and electronic messages

We only send marketing emails where you have opted in, or where permitted for existing B2B contacts under the Privacy and Electronic Communications Regulations (PECR). Every marketing message includes an unsubscribe link, and you can opt out at any time by emailing support@corpuslogic.com. Service messages necessary to operate your account are not marketing and continue regardless of marketing preferences.

12. Retention

• Demo enquiries: up to 24 months after last contact unless deleted earlier on request.
• Customer operational data: for the subscription term and as set out in the customer contract and DPA, then deleted or returned.
• Security logs: limited retention aligned to security need, typically up to 12 months.
• Cookie consent records: up to 12 months (see Cookie Policy).

13. Security

• Tenant isolation at the database layer (row-level security) — no cross-customer access.
• Encryption in transit (TLS) and industry-standard access controls for production systems.
• Least-privilege handling of secrets; service credentials never exposed to browsers.
• Append-only audit ledger for material AI-worker actions.

No method of transmission or storage is completely secure. If we become aware of a personal data breach that poses a risk to your rights, we will notify the ICO within 72 hours where required, and affected individuals or controllers without undue delay. Report suspected vulnerabilities to support@corpuslogic.com.

14. Your rights

Subject to UK GDPR, you may have the right to:

• Access a copy of personal data we hold about you.
• Rectify inaccurate data.
• Erase data in certain circumstances.
• Restrict or object to certain processing, including processing based on legitimate interests.
• Data portability for data you provided, where applicable.
• Withdraw consent at any time (for consent-based processing).

To exercise your rights, email support@corpuslogic.com. We respond within one month unless an extension is permitted. Exercising your rights is free unless a request is manifestly unfounded or excessive. You may complain to the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint.

15. Children

The service is a business-to-business product and is not directed at children under 18. We do not knowingly collect personal data from children.

16. Changes

We may update this policy. Material changes will be posted here with an updated “Last updated” date. Continued use of the website after changes constitutes acknowledgement of the updated policy where permitted by law.

17. Contact

Related documents: Terms of Use, Cookie Policy, Data Processing Agreement, Acceptable Use Policy, Sub-processors, and our Responsible AI statement. Contractual notices: support@corpuslogic.com.