Privacy & Data Processing Policy
Effective Date: June 3, 2026
This Privacy Policy and Data Processing Agreement (the "Policy") outlines how Slate OS, a trading name of Slate Systems Ltd (Company No. 17243517, Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ) ("we", "us", or "our"), collects, processes, and protects data. Because Slate OS provides enterprise-grade infrastructure for commercial trade operations, this Policy explicitly defines the legal boundaries between our responsibilities and yours.
1. Legal Framework: Controller vs. Processor
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, it is critical to establish the hierarchy of data ownership and liability:
- You are the Data Controller: You determine the purposes and means of processing the personal data of your clients (the "End-Users"). You are legally responsible for obtaining lawful consent to store their data and contact them via SMS or Email.
- We are the Data Processor: Slate OS provides the software infrastructure. We process End-User data strictly on your behalf and solely in accordance with your automated or manual commands executed through our interface.
- Data Subject Access Requests (DSARs): If an End-User contacts Slate OS requesting access to or deletion of their data, we are legally bound to forward this request to you. You bear the sole responsibility for executing the deletion within your Slate OS workspace.
2. Data Categorization & Telemetry
We forensically categorize the data we collect into two distinct vaults:
- Account Data (Your Data): Information required to maintain your Slate OS subscription. This includes your name, company registration number (CRN), email, phone number, and Stripe billing metadata. We act as the Data Controller for this specific subset of data.
- Platform Data (End-User Data): Information you input into the CRM regarding your clients, including names, addresses, geospatial coordinates, job values, and communication logs. We act strictly as the Data Processor for this data.
3. The Infrastructure Supply Chain (Sub-Processors)
To deliver enterprise-grade reliability, Slate OS utilizes highly vetted, SOC 2 compliant sub-processors. By using our Service, you authorize data to flow through the following infrastructure partners:
- Clerk: For biometric and cryptographic identity management and authentication.
- Stripe: For zero-liability financial routing and payment gateway processing.
- GoHighLevel: For underlying telecom routing (SMS/Email delivery) and CRM database synchronization.
- Neon / Vercel: For encrypted PostgreSQL database hosting and edge computing.
4. Artificial Intelligence & Data Sovereignty
Slate OS utilizes advanced Artificial Intelligence (e.g., Google Gemini) to power the Strategic Advisor and analytical engines. We enforce a strict Data Firewall. Your operational telemetry and client data are passed to these AI models via secure, zero-retention enterprise APIs. We legally guarantee that your proprietary business data is never used to train public foundational AI models. The data processing is ephemeral and mathematically sterile.
5. Operational Storage & Session Integrity
Slate OS does not use tracking cookies for advertising or cross-site surveillance. We utilize local storage mechanisms (such as localStorage) strictly to maintain session integrity, cache communication logs for the Spatiotemporal Matcher, and ensure the software functions without latency. Under the Privacy and Electronic Communications Regulations (PECR), these mechanisms are classified as "Strictly Necessary for Service Delivery" and do not require consent banners.
6. Data Retention & The Purge Protocol
Slate OS is not a permanent data backup service. If you terminate your subscription, or if your account is suspended due to non-payment (the "Kill Switch"), we initiate a 30-Day Purge Protocol. We reserve the right to permanently and irreversibly wipe your Postgres Vault and associated telecom sub-accounts 30 days after termination. It is your responsibility to export your data prior to cancellation.
7. Cryptographic Security & Breach Notification
All data in transit and at rest is secured using industry-standard 256-bit AES encryption. However, no system is mathematically impenetrable. In the event of a confirmed data breach affecting your Platform Data, Slate OS will notify you within 72 hours of discovery, providing you with the necessary telemetry to fulfill your own reporting obligations to the Information Commissioner's Office (ICO).
8. Governing Law & Contact
This Policy is governed by the laws of England and Wales. If you have any questions regarding this Data Processing Agreement, or if you need to contact our Data Protection Officer (DPO), please email us at legal@slateos.co.uk.