Privacy Policy

Effective Date: 6th June 2025
Last Updated: 6th June 2025

1. Introduction

Welcome to NewsGraf ("we," "our," or "us"). NewsGraf is a decentralised and credible financial news platform that leverages artificial intelligence to provide personalised, real-time financial news analysis and content creation services.

This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our website (, our AI-powered financial news services, and related products and services (collectively, the "Services").

We are committed to protecting your privacy and ensuring compliance with the United Kingdom's General Data Protection Regulation (UK GDPR), the European Union's General Data Protection Regulation (GDPR), and other applicable data protection laws.

2. Data Controller and Contact Information

Data Controller:
NewsGraf (subsidiary of Mend Martech Labs Ltd)
50 Richmond Street, Glasgow, United Kingdom, G1 1XU
admin@mendmartech.com

Parent Company:
Mend Martech Labs Ltd
50 Richmond Street, Glasgow, United Kingdom, G1 1XU
Companies House Registration Number: SC814906

For any privacy-related inquiries, please contact us at: admin@mendmartech.com

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the UK GDPR and EU GDPR:

  • Consent (Article 6(1)(a)): When you provide explicit consent for specific processing activities
  • Contract Performance (Article 6(1)(b)): To provide our AI-powered financial news services
  • Legitimate Interests (Article 6(1)(f)): To improve our services, conduct analytics, and ensure platform security
  • Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulations

4. Personal Data We Collect

4.1 Information You Provide Directly

  • Account Information: Name, email address, username, password
  • Profile Data: Investment experience level, financial interests, trading preferences, risk tolerance
  • Communication Data: Messages, feedback, support requests
  • Payment Information: Billing details (processed through secure third-party payment processors)

4.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on platform, click patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Technical Data: Log files, cookies, web beacons, and similar tracking technologies
  • Location Data: General geographic location based on IP address

4.3 AI-Generated and Processed Data

  • Content Preferences: AI-analyzed reading patterns and content engagement
  • Personalisation Data: AI-generated user profiles for content customisation
  • Analytics Data: AI-processed behavioural patterns and platform usage insights

4.4 Financial Market Data

  • Market Research Data: Aggregated and anonymised financial market information
  • News Source Data: Content from publicly available financial news sources
  • API Data: Information from financial data providers and market APIs

5. How We Use Your Personal Data

5.1 Service Provision

  • Deliver personalised financial news content using AI algorithms
  • Create tailored news drafts based on your reader profile and interests
  • Provide real-time market analysis and insights
  • Maintain and improve platform functionality

5.2 AI Processing and Machine Learning

  • Train and improve our AI models for better content personalisation
  • Analyse user preferences to enhance recommendation algorithms
  • Process natural language to understand and categorise financial content
  • Develop predictive models for market trends and user interests

5.3 Communication and Support

  • Respond to your inquiries and provide customer support
  • Send service-related notifications and updates
  • Communicate important changes to our Services or policies

5.4 Analytics and Improvement

  • Analyse platform usage to improve user experience
  • Conduct research and development for new features
  • Monitor platform performance and security

5.5 Legal and Security

  • Comply with legal obligations and regulatory requirements
  • Protect against fraud, abuse, and security threats
  • Enforce our Terms of Service

6. AI Systems and Automated Decision-Making

6.1 AI-Powered Features

Our platform uses AI systems classified under the EU AI Act as "limited risk" systems. These include:

  • Content Personalisation Algorithms: AI systems that recommend and customise financial news content
  • Natural Language Processing: AI tools that analyse and generate financial text
  • Trend Analysis Models: AI systems that identify market patterns and insights

6.2 Automated Decision-Making

We use automated processing for:

  • Content recommendation and personalisation
  • User interface customisation
  • Content categorisation and tagging

Your Rights: You have the right to request human intervention, express your point of view, and contest any automated decision that significantly affects you under Article 22 of the UK GDPR and EU GDPR.

6.3 AI Transparency

We are committed to explainable AI. You can request information about:

  • How our AI algorithms work
  • The logic behind automated decisions affecting you
  • The significance and consequences of such processing

7. Data Sharing and Third Parties

7.1 We May Share Data With:

  • Service Providers: Cloud hosting, analytics, payment processing, and other essential services
  • Financial Data Providers: Market data APIs and financial information services
  • Technology Partners: AI model providers and development tools
  • Legal Authorities: When required by law or to protect our rights

7.2 We Do Not:

  • Sell your personal data to third parties
  • Share your data for marketing purposes without consent
  • Use your data for purposes incompatible with this policy

7.3 Data Processing Agreements

All third-party processors are bound by data processing agreements ensuring GDPR compliance and appropriate security measures.

8. International Data Transfers

8.1 Transfer Mechanisms

When we transfer your data outside the United Kingdom or European Economic Area (EEA), we use appropriate safeguards including:

  • Standard Contractual Clauses (SCCs): EU and UK-approved contractual safeguards
  • Adequacy Decisions: Transfers to countries deemed to have adequate protection
  • UK International Data Transfer Agreement (IDTA): For transfers from the UK to third countries
  • Binding Corporate Rules: For intra-group transfers (if applicable)

8.2 Third Country Transfers

We may transfer data to:

  • European Union (under appropriate safeguards where required)
  • United States (under appropriate safeguards such as SCCs or adequacy frameworks)
  • Other jurisdictions with adequate protection or appropriate safeguards

8.3 Post-Brexit Data Transfers

As a UK-based company:

  • UK to EU transfers comply with UK GDPR requirements and use appropriate safeguards
  • EU to UK transfers are governed by adequacy decisions or appropriate safeguards as required
  • We maintain compliance with both UK GDPR and EU GDPR where applicable

9. Data Retention

9.1 Retention Periods

  • Account Data: Retained while your account is active and for 3 years after closure
  • Usage Data: Retained for 2 years for analytics and improvement purposes
  • AI Training Data: Anonymised data may be retained indefinitely for model improvement
  • Legal Compliance: Some data may be retained longer to meet legal obligations

9.2 Deletion Criteria

We delete or anonymise data when:

  • The purpose for processing is fulfilled
  • You withdraw consent (where applicable)
  • Data is no longer necessary for our legitimate interests
  • Legal retention periods expire

10. Your Rights Under GDPR

10.1 Individual Rights

You have the following rights regarding your personal data under UK GDPR and EU GDPR:

  • Access (Article 15): Request information about your data processing
  • Rectification (Article 16): Correct inaccurate or incomplete data
  • Erasure (Article 17): Request deletion of your data ("right to be forgotten")
  • Restriction (Article 18): Limit processing in certain circumstances
  • Portability (Article 20): Receive your data in a portable format
  • Objection (Article 21): Object to processing based on legitimate interests
  • Consent Withdrawal: Withdraw consent at any time where processing is based on consent

10.2 Exercising Your Rights

To exercise your rights:

  1. Contact us at admin@mendmartech.com
  2. Provide proof of identity
  3. Specify the right you wish to exercise
  4. We will respond within 30 days (may be extended by 60 days for complex requests)

10.3 Limitations

Some rights may be limited when:

  • Processing is necessary for compliance with legal obligations
  • Processing is necessary for the establishment, exercise, or defense of legal claims
  • Data has been anonymised beyond recovery

11. Data Security

11.1 Technical Measures

  • Encryption: Data encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and monitoring systems
  • AI Security: Secure AI model training and deployment practices

11.2 Organisational Measures

  • Staff Training: Regular privacy and security training for all personnel
  • Privacy by Design: Data protection considerations integrated into system design
  • Regular Audits: Periodic security assessments and penetration testing
  • Incident Response: Procedures for detecting and responding to data breaches

11.3 Data Breach Notification

In case of a data breach:

  • We will notify the relevant supervisory authority within 72 hours
  • Affected individuals will be notified without undue delay if high risk to rights and freedoms
  • We will document all breaches and remedial actions taken

12. Cookies and Tracking Technologies

12.1 Types of Cookies

We use the following categories of cookies:

  • Strictly Necessary: Essential for platform functionality
  • Performance: Analytics and platform improvement
  • Functional: Enhanced user experience and preferences
  • Targeting: Personalized content (with consent)

12.2 Cookie Management

You can:

  • Manage cookie preferences through our cookie banner
  • Disable cookies through your browser settings
  • Use browser privacy tools to control tracking

12.3 Third-Party Cookies

We may use third-party analytics and service provider cookies. These are governed by the respective third parties' privacy policies.

13. Children's Privacy

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will delete it promptly.

14. Changes to This Privacy Policy

14.1 Policy Updates

We may update this Privacy Policy to reflect:

  • Changes in our data processing practices
  • New legal requirements
  • Service improvements or new features

14.2 Notification of Changes

We will notify you of material changes by:

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notifications (coming soon)

14.3 Continued Use

Continued use of our Services after policy changes constitutes acceptance of the updated policy.

15. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights.

Lead Supervisory Authority:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Contact Information:
Phone: 0303 123 1113
Website: https://ico.org.uk
Email: casework@ico.org.uk

16. AI Act Compliance

16.1 AI System Classification

Our AI systems are classified as "limited risk" under the EU AI Act, requiring:

  • Clear disclosure of AI system use
  • Transparency about automated decision-making
  • Human oversight capabilities

16.2 Fundamental Rights Impact Assessment

We conduct regular assessments to ensure our AI systems:

  • Respect fundamental rights
  • Avoid discrimination and bias
  • Maintain human agency and oversight

16.3 AI System Documentation

We maintain documentation of:

  • AI system design and functionality
  • Training data sources and methodologies
  • Risk management measures
  • Human oversight procedures

17. Contact Information

General Inquiries:
Email: admin@mendmartech.com

Privacy-Related Inquiries:
Email: admin@mendmartech.com
Address: 50 Richmond Street, Glasgow, United Kingdom, G1 1XU

Data Protection Officer:
Email: admin@mendmartech.com

Parent Company Information:
Mend Martech Labs Ltd
50 Richmond Street, Glasgow, United Kingdom, G1 1XU
Companies House Number: SC814906

This Privacy Policy is effective as of 6th June 2025 and replaces all previous versions.

Last Updated: 6th June 2025

Like AI in news editing?

We craft 1:1 newsletters for each subscriber

Sent monthly on the 1st - covering everything you need to know about AI in financial journalism.

Personalise

Drafts

Publish

Relevance

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.