ABIS

Legal

Privacy Policy

Last updated: 10 March 2026

CIJ Labs Ltd ("CIJ Labs", "we", "us", "our"), Company No. 16984759, registered in England and Wales, operates the ABIS platform at abis.cijlabs.com. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

CIJ Labs Ltd is the data controller for personal data collected through the ABIS platform. You can contact us at: privacy@cijlabs.com

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: email address, company name, when you sign up or purchase a subscription.
  • Billing data: handled by Stripe. We store only your Stripe customer ID and subscription ID — no card numbers or banking details.
  • API usage data: API key identifiers, tool calls made, timestamps. Used to enforce plan limits and detect abuse.
  • Communication data: emails you send us, support requests.
  • Technical data: IP addresses, browser type, and session tokens used for authentication and rate limiting.

3. How We Use Your Data

  • To provide and operate the ABIS service
  • To send transactional emails (API key delivery, login links)
  • To enforce subscription limits and detect fraudulent use
  • To respond to support requests
  • To improve the service based on aggregate usage patterns

Our lawful basis is contract performance (to deliver the service you signed up for) and legitimate interests (security, fraud prevention, and service improvement).

4. Data Storage and Processors

Your data is stored and processed using the following sub-processors:

  • MongoDB Atlas (EU region): account records, API keys, usage logs
  • Stripe: payment processing and subscription management
  • SendGrid: transactional email delivery
  • Vercel: website hosting (EU region where available)
  • Railway: API backend hosting

All sub-processors are GDPR-compliant or covered by adequacy decisions or Standard Contractual Clauses.

5. Data Retention

We retain your personal data for as long as your account is active. If you close your account, we delete your personal data within 30 days, except where we are legally required to retain it longer (e.g., financial records for 6 years under UK law).

6. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict processing
  • Data portability (receive your data in a machine-readable format)
  • Lodge a complaint with the ICO (ico.org.uk)

To exercise your rights, contact us at privacy@cijlabs.com.

7. Cookies

We use only essential session cookies required for authentication. We do not use tracking or advertising cookies. See our Cookie Policy for details.

8. Changes to This Policy

We will notify registered users of material changes to this policy by email. Continued use of the service after notification constitutes acceptance.

9. Contact

CIJ Labs Ltd · London, England · privacy@cijlabs.com