Data Governance
How we source, licence, and protect the data that powers our AI incident intelligence platform.
Data Licensing & Use
Arcola AI aggregates AI incident intelligence from multiple sources, each with its own licensing terms. We tag all data with its source licence so you always know what you can use and how.
Some datasets are available under open licences such as Creative Commons, while others carry specific terms for commercial or research use. We respect all upstream licensing conditions and pass them through transparently.
When you access data through our platform or API, licence metadata is included so you can filter and use data in accordance with the terms that apply. Whether you are a researcher, insurer, or government body, you can be confident that the data you receive is cleared for your intended use.
Data Protection
Arcola AI processes AI incident data in compliance with UK GDPR. Our infrastructure is hosted within the European Economic Area, and we select processors who meet equivalent data protection standards.
Where incident records reference identifiable individuals, we implement technical measures to protect their rights. These include automated right-to-erasure processing, data tombstoning to ensure deleted records are not re-ingested from upstream sources, and retention controls that automatically purge personally identifiable information after 365 days. We use zero-data-retention inference where applicable, meaning personal data is not stored by third-party AI models during analysis.
EEA-hosted infrastructure
All data processing and storage takes place within the European Economic Area, using providers in Germany, Finland, and Switzerland.
Right to erasure
Automated RTBF processing removes personal data from incident records on request, with tombstoning to prevent re-ingestion from source feeds.
Retention controls
Personally identifiable information is automatically purged after 365 days, with a 7-day advance warning before deletion.
Zero-data-retention inference
Where applicable, AI model inference uses zero-data-retention endpoints so personal data is not stored or used for training by third-party providers.
Licence-tagged data
Every record carries source and licence metadata, enabling you to filter data by permitted use before export or integration.
Tenant isolation
All queries are scoped to your organisation. Row-level security and explicit tenant filtering ensure complete data separation.
Legal Documents
Full details of how we collect, process, and protect data are set out in our legal documents. If you have questions about licensing or data protection for a specific use case, contact us at support@arcolaai.com.