Privacy Policy
Last updated: August 11, 2025 at 5:30PM
1. Who we are
Pier20 Ltd (“Pier20”, “we”, “our”, “us”) operates the Pier20 AI platform (pier20.com, pier20.ai, app.pier20.ai, app.pier20.com).
- Registered office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
- Contact email: privacy@pier20.com
How we act (controller vs. processor). We act as a controller for website/account data and for Pier20 Baseline Data. We act as a processor for Client-Supplied Data, Client Targeting Instructions and the Client-Specific Working Copy we compile for a client’s campaign (see our DPA). Where we independently set targeting criteria for a campaign, we act as joint controller solely for that targeting activity.
2. What information we collect, why we collect it, and our lawful bases
| Purpose | Categories of personal data we may process* (examples, not exhaustive) | Lawful basis |
|---|---|---|
| Operate customer accounts | Contact & identification data (name, work email, phone), Account & billing data (company name, plan tier, payment token), Security event data (login time-stamps, access logs) | Contract, Legal obligation, Legitimate interests |
| Service updates & marketing (our own and on behalf of clients) | Professional contact data (business email, job title), Engagement data (open/click metrics, call notes), Company-level data (industry, size, public filings) | Legitimate interests, Consent (where opt-in required) |
| Research & service improvement (analytics; limited de-identified learning) | De-identified/aggregated telemetry and performance metrics (e.g., deliverability rates, model label counts, intent scores). We do not use personal data to train foundation or generative models. | Legitimate interests |
| Compliance with legal requirements | Transaction & finance records, Regulatory correspondence | Legal obligation |
| Recruitment | Applicant data (CV, employment history, right-to-work checks) | Contract, Legal obligation, Legitimate interests |
| Queries, complaints & claims | Support correspondence, Call recordings, Account history | Contract, Legal obligation, Legitimate interests |
| Data enrichment for client campaigns (processor role; see DPA) | B2B contact data (e.g., name, job title, employer, work email, LinkedIn URL) obtained from reputable third-party providers and combined into a Client-Specific Working Copy for the relevant campaign. | Legitimate interests, Contract |
* Includes “other comparable information” required to fulfil these purposes. We update this list whenever we introduce new data categories.
3. Where we obtain personal data
- Public sources – publicly available professional information such as Companies House filings, company websites, press releases and public social-media profiles.
- Licensed B2B data providers – reputable third-party marketing-list suppliers.
- Clients – prospect lists or CRM exports supplied by the client whose campaign we are running.
- Direct interactions – details you give us when you sign up, contact support, book a meeting or apply for a role.
- Analytics and deliverability tools – technical data (eg, email-open rates, IP addresses) returned by our service providers.
4. Your rights
You have the rights of access, rectification, erasure, restriction, objection, and portability, plus the right to withdraw consent at any time. These rights may be limited where we process data to meet a legal obligation or retain suppression lists. Contact us at privacy@pier20.com to exercise any right; we respond within one month.
5. How long we keep information
| Data | Retention period |
|---|---|
| Customer account records & contracts | Contract term + 6 years |
| Invoices & payment data | 7 years |
| Prospect data with no engagement | 24 months from collection |
| Opt-out suppression lists | Indefinitely (to honour opt-outs) |
| Support tickets & call recordings | 3 years from closure |
| Raw AI-model training logs (Baseline data only) | 18 months, then de-identified |
| Unsuccessful job-applicant data | 12 months |
| Security & access logs | 12 months |
6. Who we share information with
6.1 Data processors (categories)
| Processor category | Purpose |
|---|---|
| Cloud-infrastructure provider | Hosting, databases, backups |
| Email-delivery service | Prospect and product emails |
| Voice / messaging gateway | Calls and WhatsApp messages |
| Subscription & payment platform | Payments and invoicing |
| Scheduling tool | Booking links and calendar invites |
| Machine-learning platform | Generating and refining outreach copy |
| Analytics & monitoring tools | Product analytics, uptime alerts |
| Cloud back-up / disaster-recovery service | Encrypted off-site backups |
A full sub-processor list, including locations and transfer mechanisms, is available on request.
6.2 Independent third-party recipients
- Clients – prospect details are shared with the specific client once the prospect requests information or a meeting.
- Professional advisers – legal, accounting, compliance.
- Regulators and public authorities – ICO, HMRC, courts, police (lawful requests).
- External auditors / inspectors – certification or financial audits.
- Debt-collection agency – only for unpaid invoices.
- Public testimonials / case studies – published only with explicit consent.
We never sell personal data.
7. International transfers
Where personal data is transferred outside the UK or EEA, we rely on EU Standard Contractual Clauses and the UK International Data Transfer Agreement (or SCCs with UK Addendum), plus supplementary measures.
8. Security
We apply industry-standard security measures, including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access controls, multi-factor authentication for staff, network segmentation and continuous vulnerability scanning. We regularly review and enhance these controls.
9. Complaints and feedback
We aim to deliver a high, consistent standard of service, but if something falls short we want to know.
How to raise an issue
- Phone: +44 (0)20 1234 5678
- Email: privacy@pier20.com
All concerns are logged. Simple queries are usually resolved immediately. If the matter is more complex, we will acknowledge your message within one working day and let you know when you can expect a full reply (normally within 10 working days).
Escalation
If you remain dissatisfied after our full response, you have the right to complain to the UK supervisory authority:
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
0303 123 1113 ico.org.uk/make-a-complaint
10. Cookies and similar technologies
We use cookies, pixels and local-storage objects (“cookies”) for two purposes:
| Cookie category | Purpose | Examples of tools |
|---|---|---|
| Essential (always on) | Enable core site functions such as security, network management and accessibility. These cookies cannot be switched off because the site will not work properly without them. | Session IDs, CSRF-protection tokens |
| Non-essential / Marketing (set only if you click “Accept” on the banner) | Measure site usage so we can improve content (analytics); Track the effectiveness of our ads and build remarketing audiences (advertising pixels) | Google Analytics 4 (via Google Tag Manager), Meta (Facebook) Pixel, Ahrefs analytics |
Your choices
When you first visit, our banner lets you accept or reject all non-essential cookies.
You can change your decision at any time by:
- Clicking the “Cookie Preferences” link in the page footer, or
- Adjusting your browser settings to block or delete cookies site-by-site.
Rejecting non-essential cookies will not affect essential cookies, but it may limit analytics insights and the relevance of marketing you see.
Appendix – Summary of Legitimate-Interest Assessments
| Activity | Interest pursued | Safeguards |
|---|---|---|
| Account operation analytics | Secure, reliable platform | Encryption, access controls, 6-year retention |
| B2B prospecting on behalf of clients | Reach relevant buyers | Public/professional data only, clear sender ID, one-click opt-out |
| Product-update emails | Keep users informed | Opt-out in every email |
| AI-model training & R&D (Baseline data only) | Improve targeting and copy quality | De-identification, 18-month raw-data limit. Client-provided data and Client-Specific Working Copies are not used for model training (see DPA). |
| Talent-pool CV retention | Efficient future hiring | 12-month limit, delete on request |
| Dispute-evidence retention | Establish or defend legal claims | Encryption, restricted access, 3-year limit |
Pier20
Pier20
·
Product
Pier20
·
Company