THE AGENTIC MILL
RETURN_TO_BASE
GDPR COMPLIANT // LONDON LOCK ENABLED

Privacy Policy

Last Updated: December 2025

01. Introduction

This Privacy Policy explains how Iapetus Consulting trading as The Agentic Mill ("we", "us", or "our") collects, uses, and protects your personal data when you use our services, including the Cofound AI platform and associated Moonshot agents. We are registered in Scotland (Company No. SC860167).

We operate on a "Safety First" architecture. Unlike standard AI tools, we are engineered to minimize data exposure through strict data sovereignty and automated redaction protocols.

02. The "London Lock" & Data Sovereignty

We adhere to a strict data residency policy known as the "London Lock".

  • Storage Location

    All customer data is physically stored and processed within the UK (London / europe-west2) region of Google Cloud Platform.

  • No Data Drift

    We utilise organization-level policies to prevent data from being replicated to regions outside the UK/EU.

03. Data We Collect

  • Account Data: Name, email address, and billing details (processed via Stripe).
  • Uploaded Documents: Contracts, invoices, and other business documents you upload for analysis.
  • Usage Data: Logs of how you interact with our agents (e.g., timestamps, feature usage).

04. How We Process Documents

We utilise a "Zero Trust" approach to AI processing. When you upload a document (e.g., a contract) for IR35 analysis:

Ingestion

The document is securely uploaded to our UK-based encrypted vault.

Redaction

Our ContractSentinel agent identifies and strips sensitive Personally Identifiable Information (PII)—including names, addresses, and National Insurance numbers—before any analysis occurs.

Analysis

Only the redacted, anonymized text is sent to our AI models for legal logic processing.

Result

Your original un-redacted document never touches public AI training models.

05. How We Use Your Data

  • To provide our "Business-in-a-Box" services (invoicing, scheduling, compliance checks).
  • To generate "Verification Certificates" and maintain an immutable audit trail for insurance purposes.
  • To improve our services (using anonymized, aggregated data only).

06. Data Sharing & Sub-Processors

We do not sell your data. We share data only with trusted infrastructure providers:

Google Cloud
Infrastructure & Compute (UK)
Stripe
Payment Processing
LLM Providers
Enterprise Models (Vertex AI)

07. Security Measures

  • Encryption

    Data is encrypted in transit and at rest.

  • Isolation

    Row-Level Security ensures data is mathematically locked away from other users.

  • Infrastructure as Code

    Security configurations are defined in code to prevent drift.

08. Your Rights (GDPR)

Under the UK GDPR, you have the right to access, correct, delete, or object to the processing of your data.

To exercise these rights, please contact us at:

secure-comms@theagenticmill.com

Changes to This Policy

We may update this policy to reflect changes in our technology or legal requirements. The latest version will always be available on this page.