Privacy Policy

Arcole Labs Limited – Contract Noggin

Arcole Labs Limited (“we”, “us”, “our”) operates the Contract Noggin platform. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information when you use Contract Noggin.

1. Data Controller

The data controller responsible for your personal data is:

Arcole Labs Limited
5 Elm close, Essex, CM1 7DY
United Kingdom

If you have questions about this policy or your data, contact:

Email: alex@cngn.uk

2. Personal Data We Collect

We collect the following categories of personal data.

Account Information

When you create an account we may collect:

  • Name
  • Email address
  • Company name
  • Login credentials

Usage Data

When you use Contract Noggin we may collect:

  • Login timestamps
  • Device and browser information
  • IP address
  • Platform usage activity

Uploaded Documents

When you upload contracts or documents to the platform we may process the content of those files in order to provide the analysis service. Users are responsible for ensuring they have the right to upload any documents provided.

3. How We Use Your Data

We process personal data for the following purposes:

  • Providing the Service: To operate Contract Noggin and deliver automated contract analysis.
  • Account Management: To create and maintain user accounts and provide support.
  • Service Improvement: To improve platform functionality, reliability, and performance.
  • Security and Abuse Prevention: To monitor system integrity and prevent misuse of the platform.
  • Legal Compliance: To comply with applicable legal obligations.

4. Legal Basis for Processing

Under the UK GDPR, we rely on the following lawful bases:

  • Contract: Processing necessary to provide the Contract Noggin service.
  • Legitimate Interests: Operating, maintaining, and improving our platform.
  • Legal Obligations: Where required to comply with applicable law or regulatory requirements.

5. Publicly Available Business Contact Data

We may obtain professional contact information from publicly available sources including company websites, professional directories, and publicly accessible profiles. This information is processed under the lawful basis of legitimate interests for the purpose of identifying organisations that may benefit from our services and making initial business contact. Recipients may object to this processing or request removal at any time.

6. Data Storage and Security

Contract Noggin is hosted using services provided by Google Firebase. Firebase infrastructure has undergone internationally recognised security evaluations including:

  • ISO 27001
  • SOC 1
  • SOC 2
  • SOC 3

These certifications reflect independently audited controls for security, availability, confidentiality, and data protection. Further information is available here: https://firebase.google.com/support/privacy

We also implement reasonable technical and organisational measures designed to protect personal data from unauthorised access, disclosure, alteration, or destruction. However, no internet-based system can be guaranteed to be completely secure.

7. Third-Party Processors

To operate the service we may share data with trusted service providers, including:

  • cloud hosting providers
  • analytics or monitoring services
  • authentication services

These providers process data only on our behalf and under contractual safeguards designed to protect your information.

8. International Data Transfers

Some of our service providers may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses
  • Adequacy regulations recognised under UK GDPR

9. Data Retention

We retain personal data only for as long as necessary to:

  • provide the service
  • maintain user accounts
  • comply with legal obligations
  • resolve disputes or enforce agreements

Uploaded documents may be retained while your account remains active unless deleted by the user or required for operational or legal purposes.

10. Your Data Protection Rights

Under UK GDPR you have the following rights:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate information.
  • Right to Erasure: Request deletion of your personal data.
  • Right to Restrict Processing: Request limitation of how your data is used.
  • Right to Data Portability: Request transfer of your data to another service.
  • Right to Object: Object to processing based on legitimate interests.

To exercise these rights, contact: alex@cngn.uk

11. Complaints

If you believe your data has been handled improperly, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office
https://ico.org.uk

12. Cookies and Tracking

Contract Noggin may use cookies or similar technologies to:

  • maintain login sessions
  • improve performance
  • analyse usage

You may control cookies through your browser settings.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to the platform, legal requirements, or our data practices. Updated versions will be published on this page with a revised “Last updated” date. Continued use of Contract Noggin after changes are published constitutes acceptance of the updated policy.

14. AI / automated processing transparency

Contract Noggin uses automated systems and machine learning technologies to analyse contractual documents and generate summaries, flags, and risk indicators. These automated processes review text contained in uploaded documents in order to identify patterns commonly associated with contractual clauses and commercial risk factors.

The automated analysis may involve processing:

  • text contained in uploaded contracts or documents
  • structural features of contractual clauses
  • contextual language patterns

The system generates outputs including summaries, indicators, and explanatory information based on automated analysis. These outputs are generated automatically and are intended to assist users in reviewing documents more efficiently.

Nature and Limitations of Automated Analysis

Automated analysis within Contract Noggin does not determine legal meaning, legal enforceability, or contractual outcome. The system does not replace professional legal advice and does not guarantee that all relevant clauses, risks, or issues will be identified. Outputs are generated based on automated pattern recognition and may be incomplete, inaccurate, or subject to interpretation. Users remain responsible for reviewing documents themselves and for obtaining professional advice where appropriate.

Human Decision-Making

Contract Noggin does not make binding decisions about users or their organisations. The platform provides information intended to support human decision-making. All contractual, commercial, or legal decisions remain the responsibility of the user.

User Control Over Uploaded Data

Users control the documents they choose to upload to the platform. Uploaded documents are processed only to provide the automated analysis service and maintain system performance and security. Users should ensure that they have the necessary authority to upload any documents they submit.

Automated Processing Safeguards

We implement appropriate technical and organisational safeguards designed to ensure that automated processing is used responsibly and proportionately. These safeguards include:

  • limiting the purpose of automated analysis to providing the Contract Noggin service
  • maintaining transparency about how the system operates
  • allowing users to independently review outputs and make their own decisions

Last Updated: 9/3/2026

For any queries, contact alex@cngn.uk