Privacy Policy

Last updated: 7 March 2026

1. Who we are

PremonIQ is operated by PremonIQ Ltd, a company registered in England and Wales. When we refer to "PremonIQ", "we", "us", or "our", we mean PremonIQ Ltd.

2. Data we collect

We collect the following categories of personal data:

  • Account information: Name, email address, and role when you create an account or are invited to the platform.
  • Usage data: Login timestamps, pages visited, and actions performed within the platform for security auditing and product improvement.
  • Assessment data: Responses to maturity assessment questionnaires and uploaded documents, which may contain business-sensitive information.
  • Technical data: IP address, browser type, and device information collected automatically for security and performance monitoring.

3. How we use your data

  • To provide and operate the PremonIQ platform
  • To authenticate users and maintain account security
  • To generate maturity assessments and portfolio analytics
  • To send transactional emails (invitations, password resets, survey links)
  • To maintain audit logs for compliance and security purposes
  • To improve the platform based on aggregate usage patterns

4. Data isolation and multi-tenancy

PremonIQ is a multi-tenant platform. Each client (PE firm) operates within a dedicated tenant with database-level isolation enforced via PostgreSQL Row-Level Security (RLS). Your data is never accessible to other tenants, and cross-tenant queries are technically prevented at the database level.

5. Data hosting and sovereignty

All data is hosted exclusively in European Union data centers operated by Hetzner Online GmbH, a German cloud infrastructure provider. Hetzner's data centers hold the following certifications:

  • ISO/IEC 27001:2022 (Information Security Management)
  • BSI C5 Type 2 (Cloud Security Controls)
  • GDPR compliant data processing

Your data does not leave EU jurisdiction and is not subject to foreign data access requests such as the US Cloud Act.

6. Security measures

  • TLS 1.3 encryption for all data in transit
  • Encrypted storage at rest
  • Bcrypt password hashing with salt
  • JWT tokens in httpOnly, secure, sameSite cookies
  • Network isolation via internal Docker networks
  • SSH key-only server access with fail2ban intrusion prevention
  • Automatic security updates on server infrastructure

7. AI and document processing

When you upload documents for AI analysis, the content is processed using third-party AI services (currently Anthropic Claude). Document content is sent to the AI provider for analysis and is subject to their data processing terms. AI providers do not use your data for model training. AI-generated insights are stored within your isolated tenant.

8. Data retention

We retain your data for as long as your account is active or as needed to provide services. Upon account termination, we will delete your data within 30 days, except where we are required to retain it for legal or compliance purposes.

9. Your rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability
  • Withdraw consent

To exercise these rights, contact us at privacy@premoniq.com.

10. Cookies

The PremonIQ platform uses essential cookies for authentication (httpOnly session tokens). The marketing website uses no tracking cookies. We do not use third-party advertising trackers.

11. Changes to this policy

We may update this privacy policy from time to time. We will notify you of material changes via email or a prominent notice on the platform.

12. Contact

For privacy-related questions or requests, contact us at privacy@premoniq.com.