Privacy Policy

Sherlocq Technologies, Inc. (“Sherlocq,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you access or use our services, including our website, web application, mobile applications (iOS and Android), and all related services (collectively, the “Services”).

Please read this policy carefully. By using the Services, you acknowledge that you have read and understood how your data is handled as described below.

1. About Us

Sherlocq Inc. is a Delaware corporation and the data controller responsible for your personal data in connection with the Services. References to “Sherlocq,” “we,” “our,” or “us” in this policy refer to Sherlocq Inc.

Sherlocq operates a multi-jurisdiction AI-powered regulatory intelligence platform designed for compliance professionals, lawyers, risk managers, and other regulated-industry practitioners. The Services are available via web, iOS, and Android applications.

2. Scope of This Policy

This policy applies to all users of the Services, including:

• Individual subscribers on Free and Pro plans
• Professional users accessing the Services for regulatory research, document analysis, or sanctions intelligence
• Users accessing Sherlocq via third-party AI connectors
• Users of the Sherlocq mobile applications (iOS and Android)

This policy does not apply to third-party websites, services, or AI platforms that may be linked to or integrated with the Services. Those platforms operate under their own privacy policies.

3. Information We Collect

3.1 Information You Provide Directly

• Account registration details: name, email address, password, and organisation name
• Payment information, processed securely by our payment processor (Stripe Inc.)
• Documents, queries, and content submitted to the Services for AI-powered analysis or research
• Communications with our support team and correspondence preferences
• Information provided when participating in pilots, surveys, or feedback programmes

3.2 Automatically Collected Information

• Device/browser type, operating system, and application version
• Usage logs, session data, feature interactions, and crash diagnostics
• IP address and approximate geolocation data

3.3 Information from Third Parties

• Authentication data where you connect via third-party sign-in (for example, Google)

4. How We Use Your Information

We may use your personal data to:

• Provide, operate, and improve the Services
• Process transactions and manage your subscription
• Respond to support requests and communicate service updates
• Conduct anonymised analysis to improve platform performance and accuracy
• Detect, investigate, and prevent fraudulent or unauthorised activity
• Comply with applicable laws, regulations, and regulatory obligations
• Send relevant product communications where you have consented or where we have a legitimate interest

We process your data on the legal bases of: contract performance, legitimate interests, compliance with legal obligations, and consent where applicable.

5. AI Processing and Model Training

Given the sensitive nature of regulatory and compliance work, we apply strict rules to how your data interacts with AI infrastructure.

5.1 Sherlocq Platform Processing

Document analysis and sanctions intelligence processing are conducted exclusively within the Sherlocq platform. Data is not transmitted to or processed by third-party AI model providers.

5.2 Third-Party AI Connectors

Sherlocq offers optional connectors to various third-party AI platforms for regulatory research queries. When you use these connectors, your queries are transmitted to those platforms in accordance with their respective terms and privacy policies. We recommend reviewing those policies for further detail.

Sherlocq does not authorise or enable the use of your queries or uploaded documents to train third-party foundation models.

5.3 Platform-Level AI Improvement

We may use fully anonymised and aggregated usage data to improve Sherlocq’s own platform performance. This data cannot be linked back to any individual user or organisation. No identifiable user content is used for AI model training without explicit written consent.

6. Sharing and Disclosure

We do not sell your personal data. We share data only in the following limited circumstances:

• Service providers and sub-processors engaged to support the operation of the Services, including payment processing (Stripe Inc.), cloud infrastructure, AI connectivity, and sanctions data (OpenSanctions API). These providers are contractually bound to process data only as instructed and to maintain appropriate security standards.
• Legal and regulatory authorities where disclosure is required by applicable law, court order, or regulatory obligation
• Professional advisers, including lawyers and auditors, under confidentiality obligations
• Acquirers or investors in the context of a merger, acquisition, or restructuring, subject to continued privacy protections

7. Security Measures

Sherlocq is ISO 27001 certified (Information Security Management) and ISO 27701 certified (Privacy Information Management). These certifications reflect our commitment to institutional-grade security and privacy governance.

Our technical and organisational security measures include:

• AES-256 encryption for data at rest
• TLS encryption for all data in transit
• Role-based access controls and principle of least privilege
• Comprehensive audit logging and activity monitoring
• Regular vulnerability assessments and penetration testing
• Secure development lifecycle practices

Notwithstanding these measures, no system is entirely immune to security risk. We encourage users to use strong, unique passwords and to report any suspected security issues using the contact details at the end of this policy.

8. Data Retention

We retain your personal data for as long as your account is active, or as necessary to provide the Services and fulfil our legal and contractual obligations. When data is no longer required, it is securely deleted or anonymised in accordance with our data retention schedule.

You may request deletion of your account and associated data at any time using the contact details at the end of this policy. Certain data may be retained for a period following deletion where required by law or for legitimate purposes such as fraud prevention or dispute resolution.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or the capabilities of the Services. Where changes are material, we will notify you by email to the address associated with your account and by posting notice on the Services. The effective date at the top of this document will be updated accordingly.

Continued use of the Services following notification of changes constitutes acceptance of the updated policy.

10. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us at:

Sherlocq Inc.
Incorporated in the State of Delaware, USA
Email: feedback@sherlocq.com
Website: www.sherlocq.com