Privacy Notice (UK GDPR + Worldwide)

InsightCP – Privacy Notice

Last Updated: 16 December 2025

This Privacy Notice explains how PathwayAI Ltd (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you visit our website or use the InsightCP platform (the “Platform”).

We are committed to safeguarding your privacy and complying with all applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR).

1. Who We Are

PathwayAI Ltd
Registered Company No. 866901
Registered in Scotland, United Kingdom

PathwayAI Ltd operates the InsightCP platform and acts as the Data Controller for personal data processed through the Website and Platform.

Contact:
📧 admin@pathwayailtd.com

2. Data We Collect

We collect personal data in the following categories:

A. Data You Provide Directly

When creating an account:

Name

Email address

Password

Organisation (optional)

When using the Platform:

Skills and competency inputs

Portfolio evidence

Career and professional information

Learning history

Reflections, notes, and comments

Documents you upload (e.g. CVs, certificates)

When contacting us:

Email correspondence

Support requests

Feedback messages

B. Data Collected Automatically

When you access our Website or Platform, we may collect:

IP address

Device and browser information

Operating system

Usage data (pages visited, timestamps, interactions)

Platform performance and diagnostic data

Log files

We use cookies and analytics tools as described in our Cookie Policy.

C. AI-Processed Data

InsightCP uses AI-assisted processing to analyse:

Skills and capability data

Competency alignment

Learning recommendations

Readiness indicators

Workforce and talent insights

AI outputs are generated based on user-provided data.
We do not use AI for automated decision-making with legal or similarly significant effects under UK GDPR.

3. How We Use Your Data

We use personal data to:

Provide access to the Platform

Deliver Platform functionality and dashboards

Generate capability insights and AI-assisted recommendations

Store and manage evidence and portfolio data

Maintain secure user accounts

Improve Platform and Website performance

Provide user support and respond to enquiries

Conduct product testing and quality assurance

Meet legal and regulatory obligations

During beta or testing phases, some processing may involve synthetic, anonymised, or test data.

4. Legal Basis for Processing

Under UK GDPR, we process personal data on the following lawful bases:

Contract
To provide Platform services to registered users.

Legitimate Interests
To operate, secure, test, and improve the Platform, and to understand usage patterns.

Consent
For cookies, analytics, and optional data fields where required.

Legal Obligation
Where processing is required by law (e.g. fraud prevention).

5. Sharing Your Data

We may share personal data with:

A. Trusted Service Providers

Only where necessary to deliver Platform functionality, such as:

Hosting and cloud infrastructure providers

Authentication and security services

Analytics and monitoring tools

All providers are required to meet UK GDPR standards.

B. Your Organisation (If Applicable)

If you access InsightCP through an employer, training provider, or organisation, certain insights or data may be shared with authorised administrators, in line with your organisation’s configuration and permissions.

C. Legal Authorities

Where disclosure is required by law or regulatory obligation.

We never:

Sell personal data

Share data with advertisers

Allow third parties to use personal data for their own marketing purposes

6. International Transfers

We primarily process data within the UK.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

UK adequacy decisions

Standard Contractual Clauses (SCCs)

Equivalent lawful protection mechanisms

7. Data Retention

We retain personal data only for as long as necessary to:

Provide Platform services

Meet legal and regulatory obligations

Support product testing and improvement

Users may request deletion of their data at any time.

Data created during beta testing may be periodically deleted or reset.

8. Your Rights (UK GDPR)

You have the right to:

Access your personal data

Correct inaccurate or incomplete data

Request deletion of your data

Restrict processing

Object to processing

Request data portability

Withdraw consent at any time

Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact:
📧 admin@pathwayailtd.com

9. Security

We implement appropriate technical and organisational safeguards, including:

Encrypted communications

Access controls and authentication

Role-based permissions

Data minimisation practices

Secure hosting environments

While no system can be guaranteed 100% secure, we take reasonable steps to protect personal data.

10. Children

The Platform is not intended for individuals under 18 years of age.
We do not knowingly collect personal data from children.

11. Links to Other Websites

Our Website may contain links to third-party websites.
We are not responsible for their content, privacy practices, or policies.

12. Changes to This Notice

We may update this Privacy Notice from time to time.
The most recent version will always be published on this page.

13. Contact Us

If you have questions about this Privacy Notice, contact:

📧 admin@pathwayailtd.com

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.