This Privacy Policy explains how Future IT LTD (t/a IntraNow) (“IntraNow”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit intranow.com, use our applications, or otherwise interact with us (the “Services”). We are established in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1) Who we are and how to contact us

2) The data we collect

• Account & profile data (name, work email, role, password hashes, authentication tokens).
• Commercial & billing data (company, subscription plan, invoicing details; payments handled by our payment provider; we receive limited status information).
• Service & usage data (log data, device/connection info, telemetry, support tickets, content you provide).
• Integrations data you authorise (data from connected sources to enable AI assistance and search).
• Marketing & communications data (preferences, interactions with emails).
• Cookies and similar technologies (see Section 4).

We do not intentionally collect special category data. If customers include such data in Customer Content, they are responsible for having a lawful basis and appropriate safeguards.

3) Why we use your data and our lawful bases

• Contract – to create/administer accounts, provide/support the Services, and respond to support requests.
• Legitimate interests – to keep our Services secure, prevent abuse, improve features, and conduct B2B marketing to corporate contacts (balanced with your rights).
• Consent – for non-essential cookies/analytics and where consent is required for marketing; you can withdraw consent at any time.
• Legal obligation – to meet record-keeping, tax, and compliance requirements.

PECR marketing rules: For direct electronic marketing, we rely on consent or the “soft opt-in” for existing customers where permitted. Every message includes an unsubscribe option.

4) Cookies and similar technologies

We use cookies to operate the site (strictly necessary), measure performance, and—if you consent—analyse usage and improve the Service. Non-essential cookies are used only with your consent. Manage preferences via our cookie banner or your browser settings. See our Cookie Notice for details.

5) How we share information

• Service providers/processors (hosting, storage, analytics, email, customer support) under appropriate confidentiality and security commitments.
• Customer-authorised integrations (when you connect third-party sources, we process/share data as needed for that integration).
• Corporate transactions (e.g., merger, acquisition, financing, or sale of assets).
• Legal & safety (to comply with law, enforce terms, or protect rights, property, or safety).

We do not sell personal data.

6) International data transfers

Where we transfer UK personal data outside the UK, we ensure an appropriate transfer mechanism, such as:

• The UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, plus a Transfer Risk Assessment where required; and/or
• Transfers to certified US organisations under the UK-US Data Bridge (the UK extension to the EU-US Data Privacy Framework), where applicable.

We describe transfer mechanisms in customer agreements and can provide more details on request.

7) Security

We apply appropriate technical and organisational measures to protect personal data, such as encryption in transit, access controls, least-privilege, monitoring, and regular assessments—tailored to risks and the nature of processing.

If we become aware of a personal data breach likely to result in a risk to individuals’ rights and freedoms, we will notify the ICO within 72 hours where required and inform affected individuals when legally required.

8) Retention

We keep personal data only for as long as necessary for the purposes described above, including to comply with legal, accounting, or reporting requirements. Customer Content is retained per the customer’s configuration and contract; upon termination, we delete or return data according to the agreement and our retention schedules unless longer retention is required by law.

9) Your rights

Under the UK GDPR you may have the following rights:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object (including to direct marketing)
• Rights related to automated decision-making, including profiling

To exercise these rights, contact us using the details below. We will respond within one month, subject to lawful extensions/exemptions.

10) Children’s data

Our Services are designed for business users and are not directed at children. If we rely on consent for an online service offered directly to a child, only children aged 13 or over can consent for themselves in the UK; otherwise, consent must come from someone with parental responsibility.

11) Acting as a processor for Customer Content

For Customer Content we process on behalf of our customers, we do so under a Data Processing Addendum (DPA) or equivalent terms. We process such data only to provide the Services, follow customer instructions, apply appropriate security, assist with data subject requests where applicable, and support customers’ compliance needs (including international transfer mechanisms as agreed).

12) Third-party links and services

The website may link to third-party sites or allow connections to third-party services. Their privacy practices are governed by their own policies. Please review those policies before connecting or using those services.

13) Changes to this Policy

We may update this Policy to reflect changes to our practices or for legal, operational, or regulatory reasons. We will post the updated version with a new “Last updated” date and, where appropriate, notify you by email or through the Service.

14) How to contact us or make a complaint