Berengario Berengario
How it Works Use Cases Features Pricing GitHub

Privacy Policy

Last updated: 1 March 2026

1. Data Controller

The data controller for the Berengario hosted service is:

Giorgio Gilestro
Email: support@berengar.io

We are registered with the UK Information Commissioner's Office (ICO) under registration reference ZC098928.

2. Data We Collect

2.1 Account Information

When you create an Account, we collect:

  • Email address (used for authentication and communication)
  • Organisation name (optional)
  • Account configuration preferences

2.2 Email Content

When you connect an email account via IMAP, the Service processes:

  • Email headers (sender, recipients, subject, date)
  • Email body content
  • File attachments (PDF, DOCX, TXT, CSV, XLS, XLSX)

This content is processed to build your Knowledge Base and respond to queries. We only access emails sent to or CC'd to your Berengario email address.

2.3 Documents

Documents you upload through the web interface or via email are processed, chunked, and stored as vector embeddings in your Knowledge Base.

2.4 Query History

We store records of queries submitted to the Service, including:

  • Original query text
  • Optimised query text (generated by the query optimiser)
  • Retrieved source references and relevance scores
  • AI-generated responses
  • Timestamps

2.5 Usage Metrics

We collect aggregated usage data to operate and improve the Service:

  • Number of queries processed
  • Document storage usage
  • Error rates and performance metrics

2.6 Cookies and Web Interface Data

The Berengario web interface uses:

  • Session cookies: Essential cookies to maintain your authenticated session. These are strictly necessary and do not require consent.
  • OTP authentication tokens: Temporary tokens sent to your email for login verification.

We do not use analytics cookies, advertising cookies, or any third-party tracking on the web interface.

3. Lawful Basis for Processing

We process your data under the following lawful bases (UK GDPR):

Data Lawful basis Purpose
Account information Contract performance Providing the Service
Email content & documents Contract performance Building and querying your Knowledge Base
Query history Contract performance Delivering responses and conversation context
Usage metrics Legitimate interest Service operation, billing, and improvement

4. AI Processing Disclosure

The Service uses third-party AI providers to process your queries and generate responses. When you submit a query, relevant portions of your Knowledge Base content are sent to these AI providers along with your query text.

We currently use the following AI sub-processors:

Provider Purpose Data location
OpenRouter (OpenRouter Inc.) LLM query processing, query optimisation, document enhancement US
OpenAI (OpenAI LLC) Text embeddings for vector search US

Both providers process data as sub-processors under our instruction. They do not use your data to train their models when accessed via API. See Section 8 for details on international data transfers.

5. Data Retention

  • Knowledge Base content: Retained for the duration of your Account. Deleted within 30 days of Account closure.
  • Query history: Retained for the duration of your Account for conversation context and analytics.
  • Usage metrics: Retained in aggregated form for up to 24 months after Account closure for business analysis.
  • Account information: Retained for 6 months after Account closure for billing reconciliation, then deleted.
  • Email content: Processed and added to the Knowledge Base, then the raw email content is deleted. Only the extracted and chunked content remains.
  • Backups: Retained for up to 90 days after data deletion from live systems.

6. Data Sharing

We do not sell your data. We share data only with:

  • AI sub-processors (OpenRouter, OpenAI) — as described in Section 4, for the purpose of query processing.
  • Paddle — our payment processor and merchant of record, who receives your billing information.
  • Infrastructure providers — our hosting provider, for the purpose of storing and serving your data.
  • Legal obligations — where required by law, regulation, or court order.

7. Sub-Processor List

Sub-processor Purpose Location
OpenRouter Inc. LLM inference (query answering, optimisation, enhancement) United States
OpenAI LLC Text embeddings for vector search United States
Paddle.com Market Limited Payment processing, invoicing, VAT compliance United Kingdom

We will notify you at least 30 days in advance before adding a new sub-processor. If you object to a new sub-processor, you may terminate your Account.

8. International Data Transfers

Your Account data and Knowledge Base are hosted within the UK/EU. However, when the Service processes queries, content is sent to AI providers whose servers may be located in the United States.

For transfers to the US, we rely on:

  • The UK-US Data Bridge (UK extension of the EU-US Data Privacy Framework), where the recipient is certified; and/or
  • Standard Contractual Clauses (SCCs) approved by the ICO, incorporated into our agreements with sub-processors.

We regularly review our transfer mechanisms to ensure compliance with UK data protection law.

9. Your Rights

Under the UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — request that we restrict processing in certain circumstances.
  • Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us at support@berengar.io. We will respond within one month.

10. Security Measures

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Per-tenant encryption: each Account's data is encrypted with its own unique private key, so that data belonging to one tenant can never be decrypted using another tenant's key
  • Access controls and authentication for all service components
  • Per-tenant data isolation (separate databases per Account)
  • Regular backups with encrypted storage
  • Monitoring and logging of access to systems

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the ICO within 72 hours of becoming aware of the breach.
  • Notify affected individuals without undue delay where the breach poses a high risk.
  • Document the breach, its effects, and the remedial action taken.

12. Children's Data

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

15. Contact

For any questions about this Privacy Policy or to exercise your data rights:

Giorgio Gilestro
Email: support@berengar.io
ICO registration: ZC098928

Berengario
GitHub Issues Gilestro Lab
Terms Privacy Acceptable Use DPA

© 2026 Gilestro Lab. MIT License.