What is AI governance?

AI governance is the set of policies, processes, and accountability structures that ensure AI systems are used responsibly, transparently, and in compliance with applicable regulations such as the EU AI Act and ISO 42001. It covers AI surface mapping, decision accountability, risk classification, and audit readiness.

What does the EU AI Act require from enterprises?

The EU AI Act requires enterprises to classify AI systems by risk level, maintain an AI inventory, implement human oversight for high-risk AI, conduct conformity assessments, and keep technical documentation and audit trails. Complaix provides the infrastructure to meet these requirements operationally.

How does Complaix help with AI compliance?

Complaix provides an AI governance operating system that maps every AI tool in use across your organisation, assigns human accountability to every AI-influenced decision, scores your AI exposure risk, and generates board-ready governance reports aligned to the EU AI Act, ISO 42001, FCA guidance, and UK GDPR.

What is an AI Exposure Score?

An AI Exposure Score is a 0–100 metric that quantifies an organisation’s risk exposure from its current AI usage. It is calculated across five governance dimensions: AI surface visibility, decision accountability, operational governance, regulatory alignment, and accountability maturity. Complaix calculates and tracks this score continuously.

What is the difference between AI governance advisory and a SaaS platform?

AI governance advisory builds your governance infrastructure from scratch — mapping AI usage, assigning accountability, and delivering a board-ready report. The Complaix Platform then keeps that infrastructure operational with live dashboards, continuous decision logging, and regulatory update briefings. The Foundation Engagement bundles both.

Is Complaix aligned to ISO 42001?

Yes. The Complaix System is designed to align with ISO 42001 (AI Management Systems), the EU AI Act, FCA AI guidance, and UK GDPR. Every governance artefact produced by Complaix is mapped to the relevant regulatory requirements.

Privacy & Data Protection

Privacy Policy

Last updated: 7 May 2026 · Effective immediately

This Privacy Policy explains how Complaix Ltd collects, uses, and protects your personal data when you visit https://www.complaix.io or use our services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

1. Introduction

Complaix Ltd ("we", "us", "our") operates the website https://www.complaix.io and provides AI governance, compliance, and accountability services to organisations. We take your privacy seriously and are committed to being transparent about how we collect and use your personal data.

This policy applies to all personal data we process in connection with our website, marketing activities, client engagements, and platform services. Please read this policy carefully. If you have any questions, contact us at [email protected].

2. Data Controller

The data controller responsible for your personal data is:

Complaix Ltd

Company No. 17194919 (registered in England and Wales)

20 Wenlock Road, London, England, N1 7GU

Email: [email protected]

Website: https://www.complaix.io

ICO RegisteredReference: ZC141905 · Registered 07 May 2026 · Expires 06 May 2027View Certificate

3. Data We Collect

We collect the following categories of personal data:

Contact & Identity Data

Full name
Email address
Job title and company name
Phone number (if provided)
Country/region

Usage & Technical Data

IP address
Browser type and version
Operating system
Pages visited and time spent
Referring URLs
Device identifiers

Assessment & Platform Data

AI governance assessment responses
Risk scores and maturity levels
AI tool inventory data submitted
Platform usage logs and audit trails

Communication Data

Messages sent via contact forms
Email correspondence
Meeting notes and call records (with consent)
Webinar and event registrations

Marketing Preferences

Newsletter subscription status
Communication preferences
Cookie consent choices

We do not intentionally collect special category data (such as health, biometric, or political data). If you believe you have provided such data, please contact us immediately.

4. How We Use Your Data

We use your personal data for the following purposes:

Providing our services: delivering AI governance assessments, advisory services, and platform access.
Communication: responding to enquiries, sending service updates, and providing support.
Marketing: sending newsletters, event invitations, and relevant content (with your consent or where we have a legitimate interest).
Analytics: understanding how our website is used to improve performance and user experience.
Legal compliance: meeting our obligations under applicable laws and regulations.
Security: detecting and preventing fraud, abuse, and security incidents.
Business operations: managing client relationships, billing, and contractual obligations.

5. Legal Basis for Processing

Under UK/EU GDPR, we process your personal data on the following legal bases:

Legal Basis	Examples
Contract performance	Delivering assessment results, platform access, advisory services
Legitimate interests	Website analytics, fraud prevention, improving our services
Consent	Marketing emails, analytics cookies, marketing cookies
Legal obligation	Tax records, responding to regulatory requests

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies on our website. A cookie is a small text file placed on your device when you visit our site. You can manage your cookie preferences at any time using our cookie consent banner.

Strictly Necessary Cookies

Always Active

These cookies are essential for the website to function and cannot be disabled. They include session management, security tokens, and load balancing.

Examples: Session cookies, CSRF protection tokens, Load balancer cookies

Analytics Cookies

Optional

Help us understand how visitors interact with our website. All data is anonymised and aggregated.

Examples: Google Analytics (GA4), Page view tracking, User journey analysis

Marketing Cookies

Optional

Used to track visitors across websites and display relevant advertisements. We do not sell your data to advertisers.

Examples: LinkedIn Insight Tag, Retargeting pixels, Conversion tracking

Preference Cookies

Optional

Allow the website to remember your choices such as language, region, and display theme.

Examples: Theme preference (light/dark), Language settings, Region preferences

You can withdraw your consent at any time by clicking "Manage Preferences" in our cookie banner or by clearing your browser cookies. Note that disabling certain cookies may affect website functionality.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

Data Type	Retention Period
Contact form submissions	3 years from last contact
Assessment data	Duration of engagement + 5 years
Client account data	Duration of contract + 7 years
Marketing preferences	Until consent withdrawn or 3 years of inactivity
Website analytics	26 months (anonymised)
Financial records	7 years (legal requirement)
Security logs	12 months

After the retention period, data is securely deleted or anonymised. You may request earlier deletion of your data subject to our legal obligations.

9. Your Rights Under GDPR

Under UK/EU GDPR, you have the following rights regarding your personal data:

👁

Right of Access

Request a copy of the personal data we hold about you (Subject Access Request).

✏️

Right to Rectification

Request correction of inaccurate or incomplete personal data.

🗑️

Right to Erasure

Request deletion of your personal data ('right to be forgotten') where no legal basis exists for retention.

⏸️

Right to Restrict Processing

Request that we limit how we use your data in certain circumstances.

📦

Right to Data Portability

Receive your data in a structured, machine-readable format and transfer it to another controller.

🚫

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

↩️

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent, without affecting prior processing.

⚖️

Right to Lodge a Complaint

Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

10. International Data Transfers

Where we transfer personal data outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
UK International Data Transfer Agreements (IDTAs)
Adequacy decisions by the UK or EU authorities
Binding Corporate Rules where applicable

You can request details of the specific safeguards in place for any international transfer by contacting us at [email protected].

11. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
Access controls and role-based permissions
Regular security assessments and penetration testing
Staff training on data protection and security
Incident response procedures and breach notification protocols
Secure data deletion and disposal practices

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

12. Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Notify registered users by email where required
Display a prominent notice on our website

We encourage you to review this policy periodically. Your continued use of our website after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team:

Complaix Ltd, Data Protection

[email protected]

https://www.complaix.io

20 Wenlock Road, London, England, N1 7GU

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk

Privacy Policy

1. Introduction

2. Data Controller

3. Data We Collect

4. How We Use Your Data

5. Legal Basis for Processing

6. Cookies & Tracking Technologies

7. Data Sharing & Third Parties

8. Data Retention

9. Your Rights Under GDPR

10. International Data Transfers

11. Data Security

12. Children's Privacy

13. Changes to This Policy

14. Contact Us