Privacy policy

Version: 2.0

Last updated: 20 May 2026

Provider: GoLLM Limited, a company registered in Scotland under company number SC801607, with its registered office at 26 Lutton Place, Edinburgh EH8 9PG, United Kingdom (“GoLLM”, “we”, “us”, “our”).

Contact: privacy@go-llm.ai

This Privacy Policy explains how GoLLM collects, uses, discloses and protects personal data when you visit our website, create or use a D.A.V.E. account, contact us, subscribe to a plan, use our services, or otherwise interact with us.

D.A.V.E. is GoLLM’s AI-enabled analysis platform for surveys, feedback and conversational data.

1. When this Privacy Policy applies

This Privacy Policy applies to personal data that GoLLM processes for its own purposes, including:

  • website visits;
  • account creation and login;
  • subscription, billing and payment administration;
  • customer support and contact enquiries;
  • product usage, security and diagnostic data;
  • marketing communications;
  • business development and sales communications;
  • service improvement and analytics; and
  • legal, compliance and security purposes.

This Privacy Policy does not replace the terms that apply when GoLLM processes customer-uploaded data on behalf of a customer.

Where a customer uploads survey data, transcripts, audio-derived text or other materials to D.A.V.E. for analysis, GoLLM will usually process that Customer Data on the customer’s behalf as a processor or service provider. That processing is governed by our Terms of Service, Data Processing Addendum, order form, statement of work or another written agreement with the customer.

In that situation, the customer is usually responsible for deciding what personal data is uploaded, why it is processed, how long it is retained and what notices or consents are required from respondents, participants or other individuals.

2. Personal data we collect

We may collect and process the following categories of personal data.

2.1 Account and contact information

This may include:

  • name;
  • email address;
  • telephone number;
  • organisation name;
  • role or job title;
  • account login details;
  • billing contact details;
  • support or enquiry details; and
  • communications you send to us.

2.2 Subscription, billing and transaction information

This may include:

  • plan selection;
  • subscription status;
  • credit balance and credit usage;
  • top-up purchases;
  • invoices and payment history;
  • billing address;
  • VAT or tax information; and
  • payment status.

Payments are processed by our payment processor. GoLLM does not store full payment card details.

2.3 Product usage, diagnostic and security information

When you use D.A.V.E. or our website, we may collect product usage, diagnostic and security information. This may include:

  • login activity;
  • account, subscription and plan activity;
  • project, analysis and file metadata;
  • credit estimates and credit usage;
  • system logs;
  • device, browser and operating system information;
  • IP address;
  • approximate location derived from IP address;
  • error logs, crash reports and diagnostic information;
  • security and authentication events; and
  • performance and reliability data.

We do not currently use detailed in-app product analytics or session replay. If we introduce additional product analytics, optional analytics cookies or similar technologies, we will update this Privacy Policy and/or our Cookie Policy where appropriate and obtain consent where required.

2.4 Customer Data and analysis metadata

Where you upload files or submit materials to D.A.V.E., those materials may contain personal data. This may include survey responses, free-text comments, demographic or contextual fields, transcripts, audio-derived text, conversation content and generated outputs.

Where GoLLM processes this data on behalf of a customer, it is usually handled under the Terms of Service and Data Processing Addendum rather than this Privacy Policy. However, we may process limited metadata and operational information about such usage for account administration, billing, security, troubleshooting, support, reliability and service improvement.

2.5 Marketing and communications information

This may include:

  • your marketing preferences;
  • whether you open or interact with our emails;
  • event registration or attendance information;
  • responses to surveys or feedback requests; and
  • records of sales, support or business development communications.

2.6 Information from third parties

We may receive personal data from third parties, such as:

  • payment processors;
  • authentication providers;
  • customer relationship management systems;
  • analytics and marketing tools;
  • public sources;
  • business partners; and
  • customers or colleagues who invite you to use D.A.V.E. or communicate with us about you.

3. How we use personal data

We may use personal data for the following purposes.

3.1 To provide and administer D.A.V.E.

This includes:

  • creating and managing accounts;
  • enabling login and authentication;
  • providing access to D.A.V.E.;
  • administering subscriptions, credits and top-ups;
  • processing payments and invoices;
  • providing customer support;
  • communicating service updates; and
  • managing customer relationships.

3.2 To process analyses and provide outputs

Where we process Customer Data on behalf of a customer, we use that data to provide D.A.V.E. and related services, including parsing files, analysing data, generating outputs, supporting users, troubleshooting issues and maintaining security, in accordance with the applicable Terms of Service, Data Processing Addendum or written agreement.

3.3 To secure, maintain and improve our services

This includes:

  • monitoring performance and reliability;
  • detecting and preventing fraud, abuse, misuse or security incidents;
  • debugging errors;
  • improving product functionality;
  • testing and validating service improvements;
  • analysing usage trends;
  • maintaining audit and security records; and
  • protecting GoLLM, customers, users and third parties.

3.4 To communicate with you

This includes:

  • responding to enquiries;
  • sending administrative and service messages;
  • providing support;
  • sending security or billing notices;
  • notifying you about changes to services or terms; and
  • managing events, demos or business development discussions.

3.5 For marketing and business development

Where permitted by law, we may use personal data to:

  • send newsletters, product updates or marketing communications;
  • invite you to events, demos or webinars;
  • understand interest in our services;
  • manage sales leads and business relationships; and
  • measure the effectiveness of campaigns.

You can opt out of marketing emails by using the unsubscribe link in the email or contacting us.

3.6 For legal, compliance and business purposes

This includes:

  • complying with legal obligations;
  • enforcing our Terms of Service and other agreements;
  • managing disputes, claims or complaints;
  • supporting audits or regulatory requests;
  • maintaining business records;
  • protecting rights, property and safety; and
  • evaluating or carrying out a merger, acquisition, financing, restructuring, sale or transfer of all or part of our business.

4. Lawful bases for processing

Where UK GDPR, EU GDPR or similar laws apply, our lawful bases may include:

  • Contract: where processing is necessary to provide D.A.V.E., administer your account, process subscriptions or perform an agreement with you or your organisation.
  • Legitimate interests: where processing is necessary for our legitimate business interests, such as securing and improving D.A.V.E., communicating with business contacts, responding to enquiries, preventing fraud, analysing usage, developing our services and managing customer relationships, provided those interests are not overridden by your rights and interests.
  • Legal obligation: where processing is necessary to comply with legal, tax, accounting, regulatory or security obligations.
  • Consent: where we rely on consent, such as for certain optional cookies, marketing activities or other processing where consent is required. You may withdraw consent at any time where consent is the lawful basis.

Where GoLLM acts as a processor on behalf of a customer, the customer is responsible for identifying the lawful basis for processing Customer Data.

5. Cookies and similar technologies

We use cookies and similar technologies where needed to operate our website and D.A.V.E. application, such as for login, security and session functionality.

We currently use only strictly necessary cookies or similar technologies. If we introduce optional analytics, marketing, preference or other non-essential cookies, we will update our Cookie Policy and, where required, ask for consent.

For more detail, please see our Cookie Policy.

6. Who we share personal data with

We may share personal data with:

  • service providers and subprocessors, such as hosting providers, payment processors, authentication providers, AI model providers, transcription providers, customer support tools, email providers and security tools;
  • professional advisers, such as lawyers, accountants, auditors, insurers and bankers;
  • customers or authorised account users, where needed to provide D.A.V.E. or support the relevant account;
  • business partners, where necessary for a joint project, event, referral or service and where lawful;
  • authorities, regulators, courts or law enforcement where required or permitted by law;
  • parties involved in a merger, acquisition, financing, restructuring, sale or transfer of all or part of our business; and
  • other third parties where you direct us to share the information or consent to the sharing.

We do not sell Customer Data. We do not use Customer Data for cross-context behavioural advertising.

A current list of subprocessors may be provided on request where reasonably required for customer due diligence, procurement or data protection purposes.

7. International transfers

We are based in the United Kingdom, but we may use service providers or subprocessors located in other countries, including the United States. Personal data may therefore be transferred to, stored in or accessed from countries outside the United Kingdom or European Economic Area.

Where required by applicable data protection law, we will use appropriate safeguards for international transfers. These may include adequacy regulations or decisions, participation by the relevant recipient in an applicable data privacy framework, standard contractual clauses, the UK International Data Transfer Agreement, the UK Addendum to the EU standard contractual clauses, transfer risk assessments or another lawful transfer mechanism.

8. Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

Account and billing records are generally retained while the account is active and for up to 6 years afterwards where needed for tax, accounting, legal, audit or dispute purposes.

Support and business development records are generally retained for up to 3 years after the last meaningful interaction, unless we need to keep them for longer for legal, contractual, security or dispute-resolution reasons.

Security logs, diagnostic data and product usage metadata are generally retained for a shorter period, normally up to 24 months, unless needed for longer for security, fraud prevention, troubleshooting, compliance, audit or dispute-resolution purposes.

Marketing subscription records are retained while you remain subscribed. If you unsubscribe, we may retain suppression records as needed to respect your opt-out.

Customer Data processed on behalf of a customer is retained and deleted in accordance with the Terms of Service, Data Processing Addendum, product functionality, customer instructions, account status and applicable agreements.

Aggregated, anonymised or de-identified data may be retained for longer where it does not identify individuals or customers.

9. Security

We use reasonable technical and organisational measures designed to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure.

These measures may include access controls, authentication, encryption in transit and, where appropriate, at rest, logging, monitoring, backups, staff confidentiality, security review and incident-response processes.

No system is completely secure. You are responsible for keeping your login credentials confidential and for using D.A.V.E. in a secure and lawful way.

10. Your rights

Depending on where you are located and the law that applies, you may have rights in relation to your personal data, including the right to:

  • access personal data we hold about you;
  • correct inaccurate or incomplete personal data;
  • request deletion of personal data;
  • object to certain processing;
  • request restriction of processing;
  • request portability of personal data;
  • withdraw consent where processing is based on consent; and
  • complain to a data protection authority.

If you are in the United Kingdom, you may contact or complain to the Information Commissioner’s Office. If you are in the European Economic Area, you may have the right to complain to your local supervisory authority.

To exercise your rights, please contact us using the details below. We may need to verify your identity before responding.

Where we process Customer Data on behalf of a customer, we may need to refer your request to that customer, because the customer is usually responsible for responding to data subject requests relating to Customer Data.

11. Marketing choices

You can opt out of marketing emails by using the unsubscribe link in the email or by contacting us.

Even if you opt out of marketing, we may still send service, security, billing, legal or administrative messages.

12. Children and young people

D.A.V.E. accounts are not intended for children. You must not create an account if you are under 16 or the minimum age required in your jurisdiction to use an online service without parental or guardian consent.

Customers may upload Customer Data relating to younger people only where they have the required rights, notices, consents, lawful basis and safeguards to do so, and where processing through D.A.V.E. is appropriate for the relevant use case.

13. US state privacy notes

Certain US state privacy laws may give residents additional rights, such as rights to know, access, delete, correct or opt out of certain processing of personal information.

Where GoLLM processes personal information for its own purposes and such laws apply, we will respond to applicable requests in accordance with those laws.

Where GoLLM processes Customer Data on behalf of a customer, GoLLM generally acts as a service provider, contractor or processor, and the customer is usually responsible for responding to individual privacy requests relating to that Customer Data.

GoLLM does not sell Customer Data or use Customer Data for cross-context behavioural advertising.

14. Third-party links and services

Our website or services may contain links to third-party websites, tools or services. We are not responsible for the privacy practices, content or security of third-party services. You should review the privacy policies of those third parties.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as by posting the updated policy, updating the “Last updated” date, emailing account contacts or providing an in-product notice.

Updated versions apply from the date stated in the policy or notice.

16. Contact us

If you have questions about this Privacy Policy or how GoLLM handles personal data, you can contact us at:

Email: privacy@go-llm.ai

Post: GoLLM Limited, 26 Lutton Place, Edinburgh EH8 9PG, United Kingdom

If you would like to exercise a privacy right, please include enough information for us to identify you and understand your request.

powered by
product
Data sourcesAnalysisInsights
Use cases
Public engagement
Customer satisfaction
Market research
Employee engagement
Resources
BlogFAQs
Pricing
PricingBook a demo
Company
AboutContact
© XXXX GoLLM Ltd
Privacy policyCookie policyTerms of service