Privacy Policy

Last updated on 8 December  2025

At Good Outcomes, we are committed to protecting your privacy and handling personal data responsibly and transparently. This policy explains how we collect, use, store, and share your personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to all personal data processed through our website, services, and platform. Where we act as a data processor (processing data on behalf of a regulated client), we operate under the instructions and privacy policies of that client. Where we act as a data controller, this policy applies in full.

WHO ARE WE?

Good Outcomes is a product of DataEQ Ltd, a company registered in the UK.

  • Company Number: 08736583
  • Email: privacy@goodoutcomes.ai

We process personal data either as:

  • A Data Controller: for our website, sales, support, and marketing activities.
  • A Data Processor: when providing services to clients, where data is collected and controlled by them.

WHAT DATA WE PROCESS

a: As a data controller

We collect and process the following personal data when you:

  • Visit our website
  • Sign up for our beta programme
  • Request a demo or contact us

Data may include:

  • Name and contact details
  • Job title and company information
  • Communication preferences and correspondence
  • IP address and technical identifiers
  • Usage data (pages visited, clicks, device/browser info)

b: As a data processor

On behalf of our clients, we process personal data for the purpose of regulatory compliance, complaints oversight, conduct analytics, and customer outcome monitoring.

Client-controlled data may include:

  • Complaint and feedback submissions
  • Communication transcripts (email, chat, or voice)
  • Metadata (timestamps, service channels, system IDs)
  • Tags and classifications relating to conduct, risk, strain, and dissatisfaction
  • Pseudonymised or anonymised user identifiers

We do not use this data to train our machine learning models. Client data remains confidential, is processed only under contract, and is not accessed for marketing or development purposes without explicit agreement.

LEGAL BASES FOR PROCESSING

We rely on the following lawful bases for processing personal data:

  • Contractual Obligation – when providing services under a client agreement
  • Legitimate Interest – for marketing, platform security, product usage analytics, and client communication
  • Consent – for optional marketing communications or beta participation
  • Legal Obligation – where processing is necessary to comply with applicable laws or regulatory requirements

Where we process special category data (e.g. related to vulnerability, health, or ethnicity), we do so only under the direction of the controller and in accordance with Article 9 UK GDPR exemptions (e.g. data manifestly made public or necessary for compliance).

HOW WE USE YOUR PERSONAL DATA

We process personal data to:

  • Deliver and support our platform and services
  • Provide complaint triage, detection, and conduct intelligence
  • Improve operational visibility for regulated firms under the Consumer Duty
  • Manage our commercial relationships
  • Respond to enquiries and provide customer support
  • Comply with legal, audit, or regulatory obligations
  • Monitor system performance and prevent misuse

We do not sell or rent personal data under any circumstances.

HOW LONG WE WILL KEEP YOUR INFORMATION

We retain personal data only for as long as necessary:

  • To deliver services and meet contractual obligations
  • To comply with regulatory or audit requirements
  • To resolve disputes or enforce our rights

Data is deleted or anonymised once no longer needed. Aggregated analytics may be retained for benchmarking or product development in a non-identifiable form.

SHARING OF YOUR DATA

We may share personal data with:

  • Our clients (where they are the data controller)
  • Subprocessors under data processing agreements (e.g. cloud hosting, support services)
  • Other DataEQ group entities for internal operations
  • Law enforcement or regulatory bodies when required by law

International Transfers:
We host data in secure UK/EU data centres. Where personal data is accessed outside the UK or EEA, we apply appropriate safeguards  to ensure equivalent protection.

DATA SECURITY

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption at rest and in transit
  • Role-based access controls
  • Audit logging and system monitoring
  • Secure development and deployment practices
  • Data access policies and staff training

YOUR RIGHTS

As a data subject, you have the following rights:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (where applicable)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent (where consent was given)

To exercise your rights, email us at privacy@goodoutcomes.ai We may request verification of identity before responding.

If you are dissatisfied with our response, you may contact the Information Commissioner’s Office (ICO) at www.ico.org.uk.

CHANGES TO OUR PRIVACY POLICY

Any changes we make to our privacy policy in the future will be posted on our website and, where appropriate, displayed on our premises notified to you by e-mail.