Privacy Policy

The Algorithm is a regulated-industry engineering firm operating through three registered entities:

• The Algorithm — registered in Colorado, United States
• Design Thinking Technologies Ltd — registered in England and Wales, operating from London, United Kingdom
• Design Thinking Technologies India Pvt Ltd — registered in India, operating from Indore, Madhya Pradesh

References to "The Algorithm," "we," "us," or "our" in this policy refer to whichever entity operates the website in the jurisdiction where you are located. For users in the United Kingdom and European Union, the relevant data controller is Design Thinking Technologies Ltd. For all other users, the relevant entity is The Algorithm (Colorado).

This website is operated at the-algo.com. Privacy inquiries can be directed to: privacy@the-algo.com

We collect only the personal information you voluntarily provide to us. We do not collect personal data passively through tracking technologies beyond standard web server logs.

Contact Form Submissions

When you submit a contact form on this website, we collect:

• Your name
• Your email address
• Your company or organization name (if provided)
• The message or inquiry you submit

This information is used solely to respond to your inquiry. We do not use contact form submissions for marketing purposes without your explicit consent.

Web Server Logs

Our web servers automatically record standard access log information when you visit this website: IP address, browser type, referring URL, pages visited, and timestamp. This information is used for security monitoring, performance analysis, and debugging. It is not used to identify individual visitors and is retained for no longer than 90 days.

Analytics

If we use web analytics services, they are configured to anonymize IP addresses and not set persistent tracking cookies beyond a single session. We do not use behavioral advertising pixels or share analytics data with third parties for advertising purposes. We will update this section if our analytics configuration changes.

Personal information submitted through this website is used for the following purposes:

• Responding to inquiries — We use contact form submissions to respond to questions, requests for proposals, and engagement inquiries you initiate.
• Service delivery — If we enter into an engagement with you, we use contact information to deliver contracted services and communications related to those services.
• Security and fraud prevention — Web server log data is used to detect and respond to security incidents.

We do not:

• Sell personal information to third parties
• Share personal information with third parties for marketing purposes
• Use automated decision-making that produces legal effects based on personal information submitted through this website
• Build behavioral profiles from website visits

Our lawful basis for processing contact form submissions under GDPR and UK GDPR is legitimate interest — responding to an inquiry that you have initiated. You can withdraw from further communication at any time by contacting privacy@the-algo.com.

We do not sell personal information. We may share personal information with:

• Service providers — We use third-party services to operate this website (hosting, email, CRM). These providers process personal information only on our behalf and under contractual obligations that prohibit independent use of your data.
• Our affiliated entities — Contact form submissions may be accessed by staff at any of our three registered entities where relevant to responding to your inquiry.
• Legal requirements — We may disclose personal information if required by applicable law, court order, or regulatory authority.

All service providers who process personal data on our behalf are required to enter into Data Processing Agreements that comply with GDPR, UK GDPR, and applicable US state privacy laws.

We retain personal information for the following periods:

• Contact form inquiries — 3 years from the date of submission, or longer if the inquiry leads to an active client engagement.
• Active client engagement records — For the duration of the engagement plus 7 years, in accordance with standard business record retention requirements.
• Web server logs — 90 days.

After the applicable retention period expires, personal information is deleted or anonymized. If you request earlier deletion under your applicable rights (see Section 6), we will honor that request subject to any legal obligation to retain the data.

Depending on your location, you have the following rights regarding your personal information:

GDPR and UK GDPR Rights (EU and UK Residents)

• Right of access — Request a copy of the personal data we hold about you.
• Right to rectification — Request correction of inaccurate personal data.
• Right to erasure — Request deletion of your personal data where there is no compelling reason for continued processing.
• Right to restriction — Request that we restrict processing of your personal data in certain circumstances.
• Right to data portability — Request your personal data in a structured, machine-readable format.
• Right to object — Object to processing based on legitimate interests.

CCPA Rights (California Residents)

• Right to know — Request information about the personal information we collect, use, and share.
• Right to delete — Request deletion of your personal information, subject to certain exceptions.
• Right to opt-out of sale — We do not sell personal information. No opt-out is required.
• Right to non-discrimination — We will not discriminate against you for exercising your privacy rights.

How to Exercise Your Rights

To exercise any of the above rights, contact us at privacy@the-algo.com with a description of your request. We will respond within 30 days (GDPR/UK GDPR) or 45 days (CCPA). We may ask you to verify your identity before processing the request.

EU residents have the right to lodge a complaint with their national supervisory authority. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk. US residents may contact their state attorney general.

Personal information may be processed in any country where our affiliated entities or service providers operate — including the United States, United Kingdom, and India. When personal information originating in the EU or UK is transferred to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) or, for UK-to-third-country transfers, International Data Transfer Agreements (IDTAs) to ensure appropriate safeguards.

For details about the transfer mechanisms applicable to your personal information, contact privacy@the-algo.com.

We implement technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit using TLS, access controls limiting who can access submitted inquiries, and regular security reviews of our website infrastructure. However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of information transmitted to us.

This website uses only technically necessary cookies required for the website to function. We do not use advertising cookies, cross-site tracking cookies, or social media pixels. If this changes, we will update this policy and provide appropriate consent mechanisms.

You can configure your browser to block or delete cookies. Blocking technically necessary cookies may affect website functionality.

This website is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected personal information from a child under 16, please contact privacy@the-algo.com and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically. Continued use of this website after changes are posted constitutes acceptance of those changes.

For privacy-related inquiries, data subject requests, or questions about this policy: