Smart Sifty

Privacy Policy

Last Updated: 27/05/2026

This Privacy Policy describes how Smart Sifty (operated by CORTX AI LIMITED) handles personal data on our marketing website at smartsifty.com (the "Website").

Scope: This Policy covers data collected through your visit to this Website only (analytics and the lead / investor enquiry forms). If you sign up for or use the Smart Sifty Platform at app.smartsifty.com, the separate Platform Privacy Policy applies to that processing (CV analysis, AI scoring, billing, etc.).

1Information We Collect on this Website

We collect a minimal amount of information when you interact with this Website:

  • Lead-capture form submissions: the email address (and any optional fields) you submit through our lead-capture form when expressing interest in Smart Sifty.
  • Investor-enquiry form submissions: the name, email address, and any optional details you provide through our investor-enquiry form.
  • Server logs: standard technical information such as IP address, user-agent, request timestamp and endpoint, retained transiently for security, debugging and abuse prevention.
  • Cookies and analytics: see Section 8.

We do not collect CV content, candidate data, account credentials, payment information or any AI-scoring inputs on this Website. Those are handled by the Smart Sifty Platform under its own Privacy Policy.

2How We Use Your Information

We use the information collected on this Website for the following purposes:

  • Responding to enquiries: to reply to messages you submit through our lead-capture or investor-enquiry forms.
  • Sales and outreach: where you have provided contact details indicating interest in Smart Sifty, to follow up with information about the Service.
  • Aggregated analytics: to understand how visitors interact with the Website and improve content (Vercel Analytics is cookieless and aggregated; Google Analytics is loaded only after you opt in via our cookie banner).
  • Security and abuse prevention: to detect and mitigate spam, scraping, abuse of forms and similar threats.
  • Legal compliance: where retention or disclosure is required by applicable law.

3Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary for the performance of our contract with you
  • Legitimate Interests: Processing necessary for our legitimate business interests, provided these interests don't override your rights
  • Consent: Processing based on your explicit consent, which you can withdraw at any time
  • Legal Obligation: Processing necessary to comply with our legal obligations

4Data Retention

We retain the information collected through this Website only for as long as necessary for the purposes set out in Section 2, or as required by law:

  • Lead-capture submissions: retained for up to 24 months from the date of submission, unless you ask us to delete the record earlier or to continue communicating with you.
  • Investor-enquiry submissions: retained for the duration of any ongoing investor conversation and for up to 24 months thereafter for legal and audit purposes.
  • Server logs: retained for a short period (typically up to 90 days) for security, debugging and abuse-prevention purposes.
  • Aggregated analytics: retained per the default retention of the relevant provider (Vercel Analytics, Google Analytics 4 when accepted).

You can request earlier deletion at any time by contacting privacy@smartsifty.com.

5Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to Access: You can request a copy of your personal data.
  • Right to Rectification: You can request correction of inaccurate personal data.
  • Right to Erasure: You can request deletion of your personal data in certain circumstances.
  • Right to Restriction of Processing: You can request restriction of processing of your personal data.
  • Right to Data Portability: You can request a copy of your data in a structured, commonly used format.
  • Right to Object: You can object to the processing of your personal data in certain circumstances.
  • Rights Related to Automated Decision Making: You can request human intervention in decisions based solely on automated processing.

To exercise these rights, please contact us at privacy@smartsifty.com.

6Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS) and at rest, access controls, regular security assessments, and staff training. Our security practices are aligned with the principles of ISO/IEC 27001 and ISO/IEC 42001; we are working towards formal certification.

7International Data Transfers

Lead and investor enquiry submissions are sent to api.smartsifty.io hosted on Amazon Web Services (AWS) in EU / UK regions (eu-west-2 — London). Analytics providers (Vercel, and Google when you accept the analytics category) may process data in their own regions per their respective privacy policies. Where any transfer of personal data outside the UK / EEA occurs, we ensure appropriate safeguards are in place under UK GDPR / EU GDPR Chapter V (Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms).

8Use of Cookies and Similar Technologies

We use a minimal set of cookies on smartsifty.com:

  • Strictly necessary cookie: A single first-party cookie (@smartsifty.cookieConsent) used only to remember your cookie consent choice. Persists for one year. Cannot be disabled.
  • Cookieless analytics (Vercel Analytics): We use Vercel Analytics to measure aggregated traffic patterns. Vercel Analytics is designed to be cookieless, does not store IP addresses, and does not track individual visitors across sessions or websites. Always on.
  • Google Analytics 4 (optional): If you accept, we additionally load Google Analytics 4, which sets _ga and _ga_* cookies to collect more detailed usage data (page views, session duration, general geographic location). You can use the Website without it.

We do not use advertising, retargeting or cross-site tracking technologies.

We obtain your consent for non-essential cookies through a cookie banner shown on first visit. The banner offers three equally prominent options — Accept all, Reject all, or Preferences for category-by-category control — in line with UK ICO guidance against dark patterns. You can review or change your choice at any time via the link in the footer of every page.

Cookies are scoped per domain: consent given on smartsifty.com (this Website) is separate from consent given on app.smartsifty.com (the authenticated Platform); each domain presents its own banner.

9Third-Party Sub-processors

We engage the following sub-processors to operate smartsifty.com. Each is contractually bound by data-protection obligations equivalent to those set out in this Policy:

  • Vercel Inc. — front-end hosting and privacy-preserving (cookieless) analytics. Always active.
  • Google LLC — Google Analytics 4. Loaded only after you accept the analytics category in our cookie banner.
  • Amazon Web Services EMEA SARL — backend infrastructure (EU/UK regions) for the lead-capture and investor-enquiry forms on this Website. Receives the email address and any optional fields you submit.

An up-to-date list of sub-processors is available on request at privacy@smartsifty.com.

10Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, sending you a notification. We encourage you to review this Privacy Policy periodically.

12Privacy Contact

We have not appointed a formal Data Protection Officer as defined under UK GDPR Article 37, as we are not currently required to do so. Our Privacy Contact handles all data protection enquiries and can be reached at:

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or your local EU supervisory authority.

13Governing Law

This Privacy Policy is governed by the laws of the United Kingdom and the European Union's General Data Protection Regulation.