How we collect, process, and protect your personal data — in full compliance with UK GDPR and the Data Protection Act 2018.
Welcome to Therum Technologies Ltd's Privacy and Data Protection Policy ("Privacy Policy").
At Therum Technologies Ltd ("we", "us", or "our") we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation ("GDPR"), the Data Protection Act 2018 and all other mandatory laws and regulations of the United Kingdom.
This Privacy Policy explains how we collect, process and keep your data safe. The Privacy Policy will tell you about your privacy rights, how the law protects you, and inform our employees and staff members of all their obligations and protocols when processing data.
The individuals from which we may gather and use data can include:
This Privacy Policy applies to all our employees and staff members and all Personal Data processed at any time by us.
Therum Technologies Ltd is your Data Controller and responsible for your Personal Data. We are not obliged by the GDPR to appoint a data protection officer and have not voluntarily appointed one at this time. Therefore, any enquiries about your data should either be sent to us by email to bhavik@therum.io or by post to 3rd Floor, 86–90 Paul Street, London, EC2A 4NE, United Kingdom.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
In discharging our responsibilities as a Data Controller we have employees who will deal with your data on our behalf (known as "Processors"). The Data Controller and our Processors have the following responsibilities:
"Personal Data" means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer the following kinds of Personal Data about you:
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
There are a number of justifiable reasons under the GDPR that allow collection and processing of Personal Data. The main avenues we rely on are:
We will only use your Personal Data when the law allows us to.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
You have a right to be informed about our purposes for processing your personal data, how long we store it for, and who it will be shared with. We have provided this information in this policy.
This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it (a "data subject access request"). See section 4.3 for how to make such a request.
You have a right to request correction of the personal data that we hold about you, to have any incomplete or inaccurate data corrected — though we may need to verify the accuracy of the new data you provide.
You have the right to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note that specific legal reasons may prevent compliance, and you will be notified at the time of your request.
You can object to the processing of personal data we hold about you — notably where we are processing for direct marketing purposes, or where you feel processing impacts your fundamental rights and freedoms.
You have the right to request the restriction or suppression of your personal data in certain circumstances — for example, where you want us to establish its accuracy, or where you need it held to establish or defend legal claims.
You have the right to request the transfer of your personal data to you or a third party in a structured, machine-readable format. This right only applies to automated information provided with consent or used to perform a contract with you.
To make a request under any of these rights, please contact us at bhavik@therum.io.
We are concerned with keeping your data secure and protecting it from inappropriate disclosure. Any Personal Data collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. If and when we use subcontractors to store your data, we will not relinquish control of your Personal Data or expose it to security risks that would not have arisen had the data remained in our possession.
However, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under the control of Therum Technologies Ltd to intercept or access transmissions unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, if your request is clearly unfounded, we could refuse to comply.
We may need to request specific information from you to help us confirm your identity and ensure you have the right to access your Personal Data. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information to speed up our response.
We may also share Personal Data with interested parties in the event that Therum Technologies Ltd anticipates a change in control or the acquisition of all or part of our business or assets, or with interested parties in connection with the licensing of our technology.
If Therum Technologies Ltd is sold or makes a sale or transfer, we may, in our sole discretion, transfer, sell or assign your Personal Data to a third party as part of or in connection with that transaction. Upon such transfer, the Privacy Policy of the acquiring entity may govern the further use of your Personal Data. In all other situations your data will still remain protected in accordance with this Privacy Policy (as amended from time to time).
We may share your Personal Data at any time if required for legal reasons or in order to enforce our terms or this Privacy Policy.
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your Personal Data for a longer period than usual in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Your information may be stored and processed in the US or other countries or jurisdictions outside the US where Therum Technologies Ltd has facilities. By using Therum Technologies Ltd, you are permitting and consenting to the transfer of information, including Personal Data, outside of the US.
We keep our Privacy Policy under review and will place any updates here. This version is dated 12 March 2026.
By using Therum Technologies Ltd, you consent to the collection and use of data by us as set out in this Privacy Policy. Continued access or use of Therum Technologies Ltd will constitute your express acceptance of any modifications to this Privacy Policy.
All uses of the word "including" mean "including but not limited to" and the enumerated examples are not intended to in any way limit the term which they serve to illustrate. Any email addresses set out in this policy may be used solely for the purpose for which they are stated to be provided, and any unrelated correspondence will be ignored. Unless otherwise required by law, we reserve the right to not respond to emails, even if they relate to a legitimate subject matter for which we have provided an email address.
Our staff are not authorised to contract on behalf of Therum Technologies Ltd, waive rights or make representations (whether contractual or otherwise). If anything contained in an email from a Therum Technologies Ltd address contradicts anything in this policy, our terms or any official public announcement on our website, or is inconsistent with or amounts to a waiver of any Therum Technologies Ltd rights, the email content will be read down to grant precedence to the latter. The only exception to this is genuine correspondence expressed to be from the Therum Technologies Ltd legal department.
Questions about this policy? Contact us at bhavik@therum.io or write to Therum Technologies Ltd, 3rd Floor, 86–90 Paul Street, London, EC2A 4NE, United Kingdom.
Therum Technologies Ltd · Company No. 17072773
3rd Floor, 86–90 Paul Street, London, EC2A 4NE
bhavik@therum.io · You can also raise a complaint with the ICO at any time.