Privacy policy

Last updated 11 March 2026

This policy explains how Guaglio collects, uses, and protects personal data when you use our website and platform. We are committed to handling your data responsibly and in accordance with the UK GDPR and the Data Protection Act 2018.

Who we are

Guaglio is a trading name of Go To Consulting Ltd, pending the incorporation of Guaglio Ltd. The data controller for the purposes of this policy is Go To Consulting Ltd, registered in England.

Registered address: 71-75 Shelton Street, London, WC2H 9JQ

Contact: info@guaglio.co.uk

What we collect

Category	Data collected	Lawful basis
Account data	Name, email address, organisation, job role, password (hashed)	Contract performance
Usage data	Pages viewed, searches made, features used, questions asked through Ask GUAGLIO	Legitimate interest (service improvement)
Technical data	IP address, browser type, device information, security event logs	Legitimate interest (security and fraud prevention)
Subscription data	Plan type, billing status, Stripe customer ID (card details held by Stripe, not by us)	Contract performance
Communication data	Digest preferences, support correspondence	Contract performance and legitimate interest

How we use your data

• To provide and operate the Guaglio platform, including Ask GUAGLIO, the compliance profiler, the digest, and the instrument library
• To manage your account and subscription
• To send regulatory digest emails and alerts you have opted into
• To keep the service secure, detect abuse, and maintain audit logs
• To improve the platform based on usage patterns (anonymised where possible)
• To provide customer support

Questions submitted to Ask GUAGLIO

When you use Ask GUAGLIO, your question is processed by our system and sent to a third-party AI provider (Anthropic) to generate a response. The question text is transmitted to Anthropic's API for this purpose. Anthropic's data processing terms apply to this processing. We do not use your questions to train AI models. Questions may be logged for quality assurance and service improvement.

Who we share data with

• Anthropic (AI provider for Ask GUAGLIO query processing)
• Stripe (payment processing for subscriptions)
• Mailjet (email delivery for digest subscriptions)
• Hetzner (infrastructure hosting, servers located in the EU)

We do not sell personal data to third parties. We do not share personal data with advertisers.

International transfers

Some of our service providers process data outside the UK. Where this occurs, we rely on appropriate safeguards including standard contractual clauses, adequacy decisions, or equivalent measures permitted under UK data protection law.

How long we keep data

• Account data: retained while your account is active, then deleted within 90 days of account closure
• Usage and technical data: retained for up to 12 months for security and improvement purposes
• Subscription and billing data: retained for 7 years for tax and legal compliance
• Security logs: retained for up to 12 months

Your rights

Under UK data protection law, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Restrict or object to certain processing
• Request portability of your data
• Withdraw consent where processing is based on consent
• Complain to the Information Commissioner's Office (ico.org.uk) if you believe your rights have been infringed

To exercise any of these rights, contact info@guaglio.co.uk. We aim to respond within 30 days.

Security

We take reasonable technical and organisational measures to protect your data. See our Security page for details.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the platform or by email. The "last updated" date at the top of this page reflects the most recent revision.