How MissionOpsAI collects, uses, and protects your personal data.
Last updated: 15 February 2026
MissionOpsAI Ltd ("MissionOpsAI", "we", "us", or "our"), a company registered in England and Wales, is the data controller responsible for your personal data as described in this Privacy Policy. We are committed to protecting your privacy and ensuring that your personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable data protection legislation.
If you have any questions about this Privacy Policy or our data processing practices, you may contact our Data Protection Officer at:
Data Protection Officer
MissionOpsAI Ltd
Email: privacy@missionopsai.com
We collect and process different categories of personal data depending on how you interact with our Services. The types of personal data we may collect include:
Identity and Contact Data. This includes your name, email address, job title, organisation name, telephone number, and postal address. We collect this data when you create an account, submit a contact form, register for a demo, or otherwise communicate with us.
Account and Authentication Data. This includes your username, password (stored in hashed form), account preferences, assigned roles and permissions, and authentication tokens. This data is necessary for the provision and security of your account.
Usage Data. This includes information about how you use our Services, such as pages visited, features accessed, actions performed within the Foundry platform, session duration, and error logs. We use this data to maintain, improve, and troubleshoot the Services.
Technical Data. This includes your IP address, browser type and version, operating system, device type, and time zone setting. This data is collected automatically when you access our website or Services.
Communications Data. This includes records of correspondence between you and MissionOpsAI, including support tickets, emails, and any feedback you provide.
Financial Data. If you purchase paid Services, we may collect billing information such as your billing address and payment card details. Payment card details are processed by our third-party payment processor and are not stored on our systems.
We do not collect any special category data (as defined in Article 9 of the UK GDPR), nor do we knowingly collect data relating to criminal convictions or offences, unless required for a specific advisory or compliance engagement under a separate Data Processing Agreement.
We process your personal data for the following purposes:
Under Article 6 of the UK GDPR, we rely on the following lawful bases for processing your personal data:
Contractual Necessity (Article 6(1)(b)). Processing that is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This applies to account creation, service delivery, billing, and customer support.
Legitimate Interests (Article 6(1)(f)). Processing that is necessary for the purposes of our legitimate interests, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include maintaining the security and integrity of the Services, improving and developing our products, understanding how customers use our Services, and conducting business development activities. We carry out a legitimate interest assessment for each processing activity relying on this basis.
Legal Obligation (Article 6(1)(c)). Processing that is necessary for compliance with a legal obligation to which we are subject, such as tax reporting, regulatory requirements, or responding to lawful requests from law enforcement or regulatory authorities.
Consent (Article 6(1)(a)). Where we rely on your consent for processing (for example, for marketing communications), you have the right to withdraw your consent at any time by contacting us at privacy@missionopsai.com or using the unsubscribe mechanism in any marketing email. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. When determining retention periods, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and applicable legal requirements.
Account Data: Retained for the duration of your account and for a period of 12 months following account closure, to allow for account recovery and to resolve any outstanding matters.
Usage and Technical Data: Retained for up to 24 months from the date of collection, after which it is anonymised or deleted.
Communications Data: Support correspondence is retained for up to 36 months from the date of the last communication.
Financial Data: Retained for the period required by applicable tax and accounting legislation, typically 7 years from the end of the relevant financial year.
Marketing Data: If you have opted in to marketing communications, we retain your contact details until you withdraw consent or unsubscribe.
When personal data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.
We do not sell, rent, or trade your personal data to third parties. We may share your personal data with the following categories of recipients, solely to the extent necessary to provide the Services and operate our business:
Service Providers. We engage a limited number of trusted third-party service providers who perform functions on our behalf, such as hosting infrastructure, payment processing, email delivery, and customer support tooling. These providers are contractually obligated to process personal data only on our instructions and in accordance with applicable data protection legislation. We conduct due diligence on all service providers to ensure they provide adequate data protection safeguards.
Professional Advisers. We may share personal data with our legal advisers, auditors, and accountants where necessary for the conduct of our business and compliance with legal obligations.
Law Enforcement and Regulatory Authorities. We may disclose personal data to law enforcement agencies, regulatory authorities, or other governmental bodies where required by applicable law, regulation, or legal process, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers. In the event of a merger, acquisition, reorganisation, or sale of all or substantially all of our assets, your personal data may be transferred to the acquiring entity. We will notify you before your personal data becomes subject to a different privacy policy.
MissionOpsAI is committed to the principle of data sovereignty. Where you use our self-hosted or sovereign deployment options, your data remains within your own infrastructure and jurisdiction, and no international transfer by us occurs.
Where we host the Services on your behalf, we primarily store and process personal data within the United Kingdom. In the limited circumstances where personal data is transferred outside the UK (for example, to service providers located in other jurisdictions), we ensure that appropriate safeguards are in place, including:
You may request information about the specific safeguards applied to international transfers of your personal data by contacting us at privacy@missionopsai.com.
Under the UK GDPR, you have the following rights in relation to your personal data. You may exercise any of these rights by contacting us at privacy@missionopsai.com. We will respond to your request within one month, or inform you if an extension is required.
Right of Access (Article 15). You have the right to request a copy of the personal data we hold about you, together with information about how it is processed. We will provide this information free of charge, except where requests are manifestly unfounded or excessive.
Right to Rectification (Article 16). You have the right to request that we correct any inaccurate personal data we hold about you, and to have incomplete personal data completed.
Right to Erasure (Article 17). You have the right to request that we delete your personal data in certain circumstances, including where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where the data has been unlawfully processed. This right is not absolute and may be subject to exceptions, such as where retention is necessary for legal compliance.
Right to Restriction of Processing (Article 18). You have the right to request that we restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data, where the processing is unlawful, or where we no longer need the data but you require it for the establishment, exercise, or defence of legal claims.
Right to Data Portability (Article 20). Where processing is based on your consent or contractual necessity and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to Object (Article 21). You have the right to object to the processing of your personal data where we rely on legitimate interests as the lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms. You have an absolute right to object to processing for direct marketing purposes at any time.
Rights Related to Automated Decision-Making (Article 22). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not currently make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.
Right to Complain. If you are not satisfied with our response to your request, or if you believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by telephone at 0303 123 1113.
Our use of cookies is described in our Cookie Policy. We use only strictly necessary cookies that are essential for the operation of our website and Services. We do not use tracking, analytics, or advertising cookies.
The Services are not directed at individuals under the age of 18, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18 without appropriate parental or guardian consent, we will take steps to delete that data as promptly as possible. If you believe that a child has provided us with personal data, please contact us at privacy@missionopsai.com.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include, but are not limited to:
While we take all reasonable steps to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your data, but we are committed to maintaining the highest practicable standards of data protection.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will provide prominent notice on our website and, where appropriate, notify you by email. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.
The "Last updated" date at the top of this page indicates when this Privacy Policy was most recently revised. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the revised policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:
Data Protection Officer
MissionOpsAI Ltd
Email: privacy@missionopsai.com
Website: missionopsai.com
For general legal enquiries, please contact legal@missionopsai.com.