Trismik QuickCompare – Privacy Policy

ABOUT THIS PRIVACY POLICY

• 1. This Privacy Policy explains how Trismik Ltd (company number 16205229), Future Business Centre, Kings Hedges Road, Cambridge, England, CB4 2HY (Trismik, we, us, our) collects, uses, and shares your personal data when you:
     1. visit our website at https://trismik.com (our Site);
     2. use the QuickCompare platform (our Platform), including Ziggy and adaptive testing features;
     3. apply to work for us or work with us as a supplier or partner; or
     4. communicate with us by email, phone, or other means.
  2. Trismik is the data controller in respect of personal data processed in connection with the Site, Platform, and our business operations.
  3. This Site and Platform are not intended for children under the age of 18, and we do not knowingly collect data relating to children.
  4. Please read this Privacy Policy carefully. If you have any questions, contact us at privacy@trismik.com .

WHAT PERSONAL DATA WE COLLECT

• 1. We collect personal data about you in the following ways.
  2. Data you give us directly, including when you:
     1. register for an account or place an Order on the Platform;
     2. use the Platform to conduct Evaluation Runs;
     3. interact with Ziggy (our AI assistant);
     4. complete forms on our Site;
     5. subscribe to our newsletters or marketing communications;
     6. request support or contact us with a query or complaint; or
     7. apply to work with us.
  3. Data we collect automatically when you interact with our Site and Platform, including:
     1. technical data such as your IP address, browser type and version, device identifiers, operating system, and time zone;
     2. usage data such as the pages you visit, the features you use, evaluation run history, model selections, and platform analytics;
     3. Ziggy interaction data, including your queries to Ziggy, Ziggy's responses, and whether you acted on those responses; and
     4. cookie and tracking data as described in the Cookies section below.
  4. Data we receive from third parties, including:
     1. publicly available databases such as Companies House and LinkedIn;
     2. payment service providers (such as Stripe) for payment and fraud prevention purposes;
     3. LLM Providers where they provide usage or billing data relating to your evaluation runs; and
     4. for job applicants: recruitment agencies, referees, and professional networks.

HOW WE USE YOUR PERSONAL DATA

• 1. We use your personal data for the following purposes.
  2. To provide the Services and manage your account:
     1. Legal basis: performance of a contract with you.
     2. This includes creating and managing your account, processing your orders, activating your Service Plan, managing your Usage Credits balance, and providing you with access to the Platform and Ziggy.
  3. To process payments and manage billing:
     1. Legal basis: performance of a contract with you.
     2. This includes processing payments via Stripe, managing your Usage Credits, issuing invoices, and recovering amounts owed to us.
  4. To improve the Platform, Ziggy, and our Services:
     1. Legal basis: legitimate interests (to improve our products and services and develop our business); and consent (in respect of Ziggy interaction data used for model training).
     2. This includes using Ziggy interaction data (including your queries, usage patterns, and interactions) to train, improve, and enhance the Ziggy AI model and the Services generally. By using Ziggy, you consent to this use of your interaction data as described in clause 4 below.
     3. This also includes using aggregated, anonymised usage data from all customers to improve our evaluation algorithms, adaptive testing methodology, and platform features.
  5. To publish benchmarking and research insights:
     1. Legal basis: legitimate interests (to develop our research, demonstrate the value of our Services, and grow our business).
     2. This includes using aggregated, anonymised performance statistics derived from Evaluation Runs to publish comparative LLM performance benchmarks, research papers, and marketing content. Such data does not identify you or any individual customer.
  6. To communicate with you about the Services:
     1. Legal basis: performance of a contract with you and legitimate interests (to keep our records updated and manage our relationship with you).
     2. This includes sending you account notifications, service updates, order confirmations, and information about changes to our terms or this Privacy Policy.
  7. To send you marketing communications:
     1. Legal basis: consent (where required) or legitimate interests.
     2. We may send you information about our products, research, and events if you have subscribed to our mailing list or if you are an existing customer. You can opt out at any time using the unsubscribe link in any email or by contacting us at support@trismik.com .
  8. To administer and protect our business and the Platform:
     1. Legal basis: legitimate interests (to run our business securely, prevent fraud, and maintain the integrity of the Platform).
     2. This includes system maintenance, security monitoring, fraud prevention, trust tier management, sanctions compliance, and responding to legal requests.
  9. To comply with legal obligations:
     1. Legal basis: compliance with a legal obligation.
     2. This includes retaining records as required by law, responding to regulatory requests, and complying with applicable sanctions laws.

ZIGGY INTERACTION DATA

• 1. When you use Ziggy, we collect your queries, the context of your evaluation tasks, Ziggy's responses, and your engagement with those responses. We use this data to:
     1. provide the Ziggy service to you in real time;
     2. train and improve the Ziggy AI model so that Ziggy provides better assistance to all users;
     3. identify common user needs and improve the onboarding and support experience; and
     4. develop new Ziggy features and capabilities.
  2. Ziggy interaction data is retained for the period set out in your Service Plan. For Tier 0 (Free) users, Ziggy interaction data is retained for three hundred and sixty-five (365) days. For Tier 1 (Starter) users, Ziggy interaction data is retained for thirty (30) days. We may retain anonymised, aggregated insights derived from Ziggy interactions for longer periods for research and improvement purposes.
  3. By using Ziggy, you consent to the use of your interaction data for the purposes described in this clause 4.

LLM PROVIDERS AND DATA TRANSMISSION

• 1. When you conduct Evaluation Runs on the Platform, your evaluation prompts and Customer Data are transmitted to the third-party LLM Providers you select. These providers are listed as subprocessors in our data processing documentation and include (among others):
     1. OpenAI (GPT models);
     2. Anthropic (Claude models);
     3. Google (Gemini models);
     4. Meta (Llama models);
     5. Mistral;
     6. Cohere; and
     7. Amazon (Bedrock).
  2. Each LLM Provider processes your data in accordance with their own privacy policies and terms of service. We encourage you to review those policies before selecting a provider. Some LLM Provider endpoints may be hosted outside the UK and EU - see clause 8 (International Transfers) below.
  3. By using the Platform, you consent to the transmission of your evaluation prompts and Customer Data to the LLM Providers you select.
  4. Where LLM Providers operate endpoints outside the UK or EEA, we rely on appropriate safeguards including adequacy decisions, the EU-US / UK Extension Data Privacy Framework, or Standard Contractual Clauses (with the UK Addendum where applicable), depending on the provider.

AGGREGATED AND ANONYMISED DATA

• 1. We collect and use aggregated data derived from your use of the Platform, including evaluation results, model performance metrics, usage patterns, and Ziggy interactions. Once aggregated and anonymised, this data does not constitute personal data and is not subject to this Privacy Policy.
  2. We use aggregated data for benchmarking, publishing performance insights, improving our algorithms, and marketing purposes, as described in clause 3.5 above. This is disclosed to you in our Intellectual Property, Output Ownership and Usage Rights document.

COOKIES

• 1. We use cookies and similar tracking technologies on our Site and Platform. Cookies are small files placed on your browser or device that help us recognise you, remember your preferences, and understand how you use our Site and Platform.
  2. We use the following types of cookies:
     1. Strictly necessary cookies, which are required for the operation of our Site and Platform (including login and session management). These cannot be disabled;
     2. Analytical or performance cookies, which allow us to recognise and count the number of visitors and to see how visitors use our Site and Platform;
     3. Functionality cookies, which enable us to recognise you when you return to our Site and Platform and personalise your experience; and
     4. Targeting cookies, which record your visits to our Site, the pages you have visited, and the links you have followed.
  3. Except for strictly necessary cookies, we will only place cookies on your device if you have given your consent through our cookie banner. You can change your cookie preferences at any time through the cookie settings on our Site.
  4. The specific cookies we use are: (a) session and authentication cookies set by us to keep you signed in, maintain the security of your session, and enable core Site and Platform functionality — these are strictly necessary and expire at the end of your browser session or after a period of inactivity; and (b) analytics cookies set by our analytics provider to help us understand in aggregate how the Site and Platform are used so that we can improve our Services — these cookies do not directly identify you.

INTERNATIONAL TRANSFERS

• 1. Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA). This may occur where our LLM Providers or other service providers operate servers or infrastructure outside the UK or EEA.
  2. Where we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including:
     1. transferring to countries that have been assessed as providing an adequate level of protection under UK or EEA law;
     2. using standard contractual clauses (SCCs) approved for use under UK or EEA law; or
     3. relying on other lawful transfer mechanisms as applicable.
  3. Where LLM Providers operate endpoints outside the UK or EEA, we rely on appropriate safeguards including adequacy decisions, the EU-US / UK Extension Data Privacy Framework, or Standard Contractual Clauses (with the UK Addendum where applicable), depending on the provider.

DISCLOSURE OF YOUR PERSONAL DATA

• 1. We may share your personal data with:
     1. LLM Providers, to whom we transmit your evaluation prompts and Customer Data as part of providing the Services (see clause 5 above);
     2. Stripe and other payment service providers, for payment processing and fraud prevention;
     3. our cloud infrastructure provider (details available on request);
     4. professional advisers including lawyers, accountants, and auditors;
     5. regulatory authorities, law enforcement agencies, or courts where required by law; and
     6. any successor or acquirer of our business or assets, in connection with a merger, acquisition, or sale of our business.
  2. We do not sell your personal data to third parties. We do not allow third-party service providers to use your personal data for their own purposes.

DATA RETENTION

• 1. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, regulatory, accounting, or reporting requirements.
  2. The following retention periods apply:
     1. Platform data:
        1. Tier 0 (Free) users: Customer Data and Platform Output are retained for three hundred and sixty-five (365) days from the date of generation;
        2. Tier 1 (Starter) and paid users: Customer Data and Platform Output are retained for thirty (30) days from the date of generation, or for the duration of your account if shorter.
     2. Account data: retained for the duration of your account and for a period 1 year following termination, to comply with legal and tax obligations;
     3. Ziggy interaction data: retained in accordance with clause 4.2 above. Anonymised aggregated insights may be retained indefinitely for research and improvement purposes;
     4. Marketing and communications data: retained until you unsubscribe or withdraw consent, plus any statutory period required by law; and
     5. Job applicant data: retained for 6 months following a final decision on your application, after which it is securely deleted.
  3. We may retain personal data for longer periods where necessary to establish, exercise, or defend legal claims.

YOUR RIGHTS

• 1. You have the following rights in relation to your personal data:
     1. the right to access your personal data and to receive a copy of it (subject access request);
     2. the right to rectification of inaccurate or incomplete personal data;
     3. the right to erasure of your personal data in certain circumstances;
     4. the right to restrict our processing of your personal data in certain circumstances;
     5. the right to data portability in certain circumstances;
     6. the right to object to processing based on legitimate interests, including direct marketing; and
     7. the right to withdraw consent at any time where we rely on consent as a legal basis for processing.
  2. To exercise any of these rights, please contact us at privacy@trismik.com . We will respond within one month of receiving your request.
  3. We may need to verify your identity before we can respond to your request. We will not charge a fee for dealing with your request unless it is clearly unfounded, repetitive, or excessive.
  4. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues, at www.ico.org.uk. We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.

SECURITY

• 1. We have implemented appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include encryption of personal data in transit and at rest, access controls to limit access to authorised personnel, secure key management practices, and procedures for detecting and responding to security incidents.
  2. We have procedures to deal with any suspected personal data breach and will notify you and the ICO where we are legally required to do so.

CHANGES TO THIS PRIVACY POLICY

• 1. We keep this Privacy Policy under regular review. We will notify you of material changes by posting a notice on our Site or by email.
  2. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

CONTACT US

• 1. If you have any questions about this Privacy Policy or about how we use your personal data, please contact us:
     1. By email: privacy@trismik.com , or
     2. By post: Trismik Ltd, Future Business Centre, Kings Hedges Road, Cambridge, England, CB4 2HY.