Privacy Policy

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS SITE

What’s in this policy?

This policy explains how we collect, use and store your personal data when you use our website www.theiainsights.com or any affiliated web service hosted by Theia Insights (our site).

Who we are and how to contact us

Our site is operated by Theia Insights Ltd. (We or Us). We are registered in England and Wales under company number 14082514 and have our registered office, and main trading address, at Wellington House East Road, Petersfield, Cambridge, England, CB1 1BH. We are a private limited company.

To contact us, please email support@theiainsights.com.

By using our site you accept this policy

By using our site, you confirm that you accept this privacy policy and that you agree to comply with it.

If you do not agree to this policy, you must not use our site.

We recommend that you print a copy of this policy for future reference.

There are other terms that may apply to you

This privacy policy refers to the following additional terms, which also apply to your use of our site:

• Our Terms of Use (https://www.theiainsights.com/terms-of-service) which sets out the terms of use of our site.
• Our Cookie Policy (https://www.theiainsights.com/cookie-policy) which explains how we collect, use and store your personal data.

If you use Theia data or services made available via our site, a separate agreement between us and you will be needed to govern the license granted from Theia relating to that data and/or service (Theia License Agreement).

We may make changes to this policy

We amend this policy from time to time. Every time you wish to use our site, please check this policy to ensure you understand the terms that apply at that time.

Information we collect

We collect information about you when you use our site and services. This includes:

Information you provide to us

When you use our site, we may collect information that you provide directly, including:

• Account information (name, email address, job title, employer)
• Login credentials (username and password)
• Service usage information (queries, reports generated, data accessed)
• Communication information (support requests, feedback)
• Content you upload to our site

Information we collect automatically

We automatically collect certain information when you use our site, including:

• Usage data (features accessed, actions taken, time spent)
• Log data (IP address, browser type, device information)
• Performance data (error reports, load times)
• API and MCP access records (see ‘Programmatic access (API and MCP integrations)’ below)

How we use your information

We use the information we collect for the following purposes:

To provide and improve our services

• To provide and maintain our site and services
• To improve and enhance the functionality of our site
• To develop new features, products, and services
• To monitor the usage and performance of our site
• To provide support for the data and services on our site

To analyse and enhance our services

• To analyse usage patterns and trends
• To measure the effectiveness of our services
• To optimise user experience and interface design
• To develop and test new products and features

To comply with legal obligations

• To comply with applicable laws and regulations
• To respond to legal requests and prevent harm
• To protect our rights, privacy, safety or property, and/or that of our users

Use of anonymised data

We may use anonymised and aggregated data derived from your use of our site for:

• Service improvement and development
• Industry analysis and benchmarking
• Research and analytics purposes
• Enhancing our algorithms and analytical capabilities

Use of data for AI development

You acknowledge, consent to and accept that any data or information that you upload to our site may be used for the purposes of the development, training, fine-tuning or validation of artificial intelligence systems or models, unless you explicitly opt out by notice in writing to us.

Programmatic access (API and MCP integrations)

In addition to use of our website, we offer programmatic access to certain Theia Insights data through our HTTPS API and through Model Context Protocol (MCP) integrations. MCP allows third-party AI assistants to call our API on your behalf once you have linked your Theia Insights account to that assistant.

Information we collect when you use the API or MCP

• Account and authentication data — your authenticated user ID, organisation ID, OAuth client ID and the scopes attached to your token. We use these to identify your session and to control your access to the products you are licensed to use.
• Request data — the endpoint or tool you call, the parameters you provide (for example a company ticker, a theme name or a search query) and a timestamp. We log this to operate the service, debug errors and detect abuse.
• Connection metadata — IP address, user-agent and protocol headers.

Information we return

API and MCP responses contain information about companies and securities, the Theia Insights Industry Classification (TIIC) taxonomy, theme exposure scores and, where you query them, Thematic Factor Model outputs. Responses do not include personal data about other end users or accounts.

Recipients

When you use our MCP endpoint through a third-party AI assistant, the assistant provider receives the responses we return to your authenticated session so that it can present them to you. Any further use of those responses by the assistant provider is governed by their own terms and privacy policy, not by us. We do not share your account or authentication credentials with assistant providers beyond what is necessary for them to invoke the API on your behalf.

Retention of API and MCP records

We retain records of your API and MCP usage (the items listed under ‘Information we collect when you use the API or MCP’) for up to two years for service-operations, support, security and incident-response purposes. After this period, records are deleted or aggregated to non-identifying form for longer-term service-quality analysis.

Use for AI development

We do not use the content of your individual API or MCP requests to train, fine-tune or validate artificial intelligence systems. Anonymised, aggregated usage signals may be used to improve our search, ranking and related algorithms, as described under ‘Use of anonymised data’ above.

Your controls

• You may disconnect any third-party AI assistant from that assistant’s own settings. To force-revoke a session on our side, contact support@theiainsights.com.
• You may revoke or delete individual API keys from your Theia Insights account settings.
• You may request access to, correction of or deletion of personal data we hold about your API and MCP usage by contacting support@theiainsights.com.

Data sharing and disclosure

We may share your information in the following circumstances:

Service providers

We may share your information with third-party service providers who perform services on our behalf, such as hosting, data analytics, customer service, and marketing assistance.

Legal requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court order, government request).

Business transfers

If Theia Insights is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

Data protection and security

We implement appropriate technical and organisational measures designed to protect your information, including:

• Encryption of sensitive data both in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication procedures
• Secure data storage and processing environments
• Regular review and updating of our security measures
• Employee training on data protection and security
• Vendor security assessments for third-party service providers

Your rights

Depending on your location, you may have certain rights regarding your personal information, including:

• Right to access the personal information we hold about you
• Right to request correction of inaccurate information
• Right to request deletion of your information
• Right to restrict or object to processing
• Right to data portability
• Right to opt out of use of your data for AI development

To exercise these rights, please contact us at support@theiainsights.com.

Data retention

We retain your information for as long as necessary to fulfil the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. When determining the retention period, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure, and applicable legal requirements.

International data transfers

Your information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from those in your country. Whenever we transfer your information, we take steps to ensure that it receives an adequate level of protection, including through appropriate contractual safeguards.

Children’s privacy

Our site is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information.

Which country’s laws apply to any disputes?

This privacy policy, its subject matter and its formation (and any non-contractual disputes or claims) are governed by the laws of England and Wales. We both agree to the exclusive jurisdiction of the courts of London, England.

Complaints

If you have reason to believe that any of the terms herein have been breached or you have a complaint to make, please e-mail us at support@theiainsights.com. All notification and communication to us should be sent to the contact details provided herein.

Data protection compliance

Theia Insights complies with applicable data protection laws and regulations, including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA), where applicable
• Other applicable local and international data protection frameworks

Last Updated: 18 May 2026