Privacy Policy

Last updated: 6 February 2026

1. Introduction

Beings ("we", "us", or "our") operates the Beings Research OS platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Beings Ltd is the data controller for the personal data we process. Our registered address is:

Beings Ltd
[Registered Address]
United Kingdom
Company Number: [Number]

For privacy-related inquiries, contact: [email protected]

3. UK Data Residency

All your data is processed and stored exclusively within the United Kingdom.

We use Microsoft Azure UK South data centers for all data processing and storage. Your research data, transcripts, and personal information never leave UK jurisdiction.

This commitment ensures compliance with UK data protection laws and provides organizations with data sovereignty assurance.

4. Information We Collect

4.1 Account Information

  • Email address
  • Name (optional)
  • Organization name (optional)
  • Payment information (processed by Stripe, not stored by us)

4.2 Research Content

  • Uploaded files (audio, video, documents)
  • Transcripts generated from your files
  • AI-generated analysis and insights
  • Projects and organizational structure

4.3 Technical Data

  • Browser type and version
  • Device information
  • Usage analytics (anonymized)

5. How We Use Your Information

  • Service Delivery: To provide transcription, AI analysis, and research tools
  • Account Management: To manage your subscription and communicate about your account
  • Service Improvement: To improve our platform (using anonymized, aggregated data only)
  • Security: To detect and prevent fraud or unauthorized access
  • Legal Compliance: To comply with applicable laws and regulations

6. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract: Processing necessary to provide the service you've subscribed to
  • Legitimate Interest: For service improvement and security (where not overridden by your rights)
  • Legal Obligation: Where required by law
  • Consent: For optional marketing communications (you can withdraw at any time)

7. Data Sharing

We never sell your personal data.

We may share data with:

  • Service Providers: Microsoft Azure (UK hosting), Stripe (payments) — all under strict data processing agreements
  • Legal Requirements: If required by UK law or valid legal process
  • Business Transfers: In connection with a merger or acquisition (with notice to you)

8. AI and Your Data

Our AI features process your data to provide analysis and insights. Important points:

  • Local-First: Where possible, AI processing happens on your device
  • Sovereign AI: Cloud AI uses Azure OpenAI Service (UK South region)
  • No Training: We do not use your data to train AI models
  • Zero Retention: Third-party AI providers do not retain your data after processing

9. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Research content: Deleted within 30 days
  • Account information: Deleted within 30 days (except where retention is legally required)
  • Backup data: Purged within 90 days
  • Anonymized analytics: May be retained indefinitely

10. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Request limited processing of your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact [email protected]. We will respond within 30 days.

11. Security

We implement robust security measures:

  • End-to-end encryption for data in transit
  • AES-256 encryption for data at rest
  • Regular security audits
  • Access controls and monitoring
  • Employee training on data protection

12. Cookies

We use essential cookies for authentication and service functionality. For details, see our Cookie Policy.

13. Children's Privacy

Our service is not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the service. Your continued use after changes constitutes acceptance.

15. Contact & Complaints

For privacy inquiries:

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection: