Privacy Policy — Artemis AI by ViralData

1. Introduction

Artemis AI ("we", "us", "our") is a social media intelligence platform operated by ViralData, a registered company in the United Kingdom. Our platform analyses Facebook Page data to deliver AI-powered insights including virality predictions, crisis detection, audience segmentation, and content recommendations.

This Privacy Policy explains how we collect, use, store, share, and protect information when you use our website (artemisai.co.uk), connect your Facebook Pages to our platform, or interact with our services.

By using Artemis AI, you agree to the practices described in this policy. If you do not agree, please do not use our services.

2. Data Controller

ViralData is the data controller for personal data processed through Artemis AI. For any privacy-related enquiries, you can contact us at:

Email: privacy@artemisai.co.uk
Website: https://artemisai.co.uk

For data collected through Facebook Page Insights, ViralData and Meta Platforms Ireland Limited act as joint controllers under GDPR Article 26. Meta assumes primary responsibility for processing Insights data. Our obligations as a joint controller are set out in Meta's Page Controller Addendum.

3. Data We Collect

We collect different types of data depending on how you interact with our platform:

3.1 Data You Provide Directly

Data Type	Examples	Purpose
Account information	Name, email address, company name	Account creation and communication
Contact form submissions	Name, email, message content	Responding to enquiries
Login credentials	Username, password	Authentication and account security

3.2 Data Collected via Facebook (Meta) Integration

When you connect your Facebook Page(s) to Artemis AI, we access data through the Meta Graph API using permissions you explicitly grant. We collect:

Data Type	Source	Purpose
Page information	Page name, category, follower count, profile picture	Platform identification and analytics context
Page posts	Post text, media URLs, post type, timestamps	Content analysis, NLP labelling, virality prediction
Post engagement metrics	Likes, comments, shares, reactions, reach, impressions	ML feature extraction and performance analytics
Comments	Comment text, author name (public), timestamps	Sentiment analysis, toxicity detection, crisis monitoring
Reactions breakdown	Like, Love, Wow, Haha, Sad, Angry counts	Emotional analysis and audience insight
Page Insights	Daily reach, impressions, demographics (age, gender, location — aggregated)	Audience segmentation and performance reporting
Page access tokens	OAuth tokens for authenticated API access	Maintaining data connection (stored encrypted)

Important: We do not access private messages, friend lists, personal timelines, or any data from Facebook users who are not administrators of connected Pages. We only access publicly available Page data and data that Page administrators explicitly authorise us to access.

3.3 Data Collected Automatically

Data Type	Examples	Purpose
Usage data	Pages visited, features used, timestamps	Service improvement and debugging
Device information	Browser type, operating system, screen resolution	Optimising user experience
IP address	Anonymised after collection	Security, fraud prevention, approximate geolocation
Cookies	Session cookies, preference cookies	Authentication and remembering preferences

4. How We Use Your Data

We use the data we collect for the following purposes:

Providing our service: Analysing your Facebook Page data to generate predictions, insights, reports, and recommendations.
Machine learning and AI: Training and running NLP models (sentiment analysis, topic classification, emotion detection, toxicity scoring) on your Page content to power platform features. Models are trained on aggregated, de-identified data and are not used to identify individuals.
Feature extraction: Creating measurable features from your engagement data (e.g., engagement rates, posting patterns) to power predictive models.
Crisis detection: Monitoring sentiment and engagement patterns in real-time to alert you to potential PR crises or negative trends.
Communication: Sending you service-related notifications, responding to support requests, and providing product updates.
Security: Protecting against unauthorised access, fraud, and abuse.
Improvement: Analysing usage patterns (in aggregate) to improve our platform features and user experience.

We do not: Sell your personal data or your Page data to any third party. We do not use your data for advertising purposes. We do not share your data with advertisers. We do not use your data to build profiles about individuals who interact with your Page.

5. Legal Basis for Processing (GDPR)

Under the UK GDPR and EU GDPR, we process personal data on the following legal bases:

Legal Basis	Applies To
Consent (Article 6(1)(a))	Connecting your Facebook Page to our platform; granting API permissions; receiving marketing communications
Contract (Article 6(1)(b))	Processing data necessary to deliver the Artemis AI service you signed up for
Legitimate Interest (Article 6(1)(f))	Improving our service, ensuring security, preventing fraud, aggregated analytics
Legal Obligation (Article 6(1)(c))	Complying with UK/EU data protection laws and regulatory requirements

You may withdraw consent at any time by disconnecting your Facebook Page from our platform or contacting us at privacy@artemisai.co.uk.

6. Data Sharing and Third Parties

We share data only in the following limited circumstances:

6.1 Service Providers

We use the following third-party services to operate our platform. Each processes data only on our behalf and under our instructions:

Provider	Purpose	Data Shared
Amazon Web Services (AWS)	Cloud hosting, data storage (Redshift, S3), ML inference (SageMaker)	All platform data (encrypted at rest and in transit)
Meta Platforms (Facebook)	Graph API for Page data access	API tokens, data requests
Netlify	Website hosting	Website access logs
Google Analytics	Website usage analytics	Anonymised browsing data

6.2 Legal Requirements

We may disclose your data if required to do so by law, regulation, or valid legal process (such as a court order or regulatory request).

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

We do not sell, rent, or trade your personal data to any third party for marketing or any other purpose.

7. Data Storage and Security

We take data security seriously and implement the following measures:

Encryption at rest: All data stored in AWS S3 and Redshift is encrypted using AES-256 (SSE-KMS).
Encryption in transit: All data transmitted between your browser and our servers, and between our services, uses TLS 1.2+.
Access control: Role-based access control (RBAC) with least-privilege IAM policies. Only authorised team members can access data.
Token security: Facebook Page access tokens are stored encrypted in AWS Secrets Manager and are never exposed in client-side code.
Infrastructure-as-Code: All infrastructure is version-controlled and auditable.
Data validation: Automated data quality checks run after every pipeline execution.

Data Location

Your data is stored in AWS data centres in the EU (eu-west-1, Ireland) or UK (eu-west-2, London). Data is not transferred outside the EEA/UK unless required by a third-party provider with appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

8. Data Retention

We retain your data for as long as necessary to provide our services:

Data Type	Retention Period
Account data	Duration of your account + 30 days after deletion
Facebook Page data	Duration of connection + 90 days after disconnection
ML model outputs (labels, predictions)	Duration of your account
Media files (images/videos)	Duration of connection + 30 days after disconnection
Usage logs	12 months (rolling)
Contact form submissions	24 months

When you disconnect a Facebook Page or delete your account, we delete all associated data within the retention periods above. You may also request immediate deletion by contacting us.

9. Your Rights

Under the UK GDPR, EU GDPR, and other applicable data protection laws, you have the following rights:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete personal data.
Right to erasure: Request deletion of your personal data ("right to be forgotten").
Right to restrict processing: Request that we limit how we use your data.
Right to data portability: Request your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Withdraw consent at any time by disconnecting your Pages or contacting us.

To exercise any of these rights, contact us at privacy@artemisai.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or your local supervisory authority.

10. Meta (Facebook) Platform Compliance

Artemis AI accesses Facebook data through the Meta Graph API in compliance with Meta's Platform Terms and Developer Policies (effective February 2025). Specifically:

We only request the minimum permissions necessary to operate our service (pages_show_list, pages_read_engagement, pages_read_user_content, read_insights, pages_manage_metadata).
We obtain explicit consent from Page administrators before accessing any Page data.
We do not sell, license, or purchase any data obtained from Meta.
We do not use Meta data to conduct surveillance, or to provide data to any entity for surveillance purposes.
We do not transfer Meta data to any ad network, data broker, or advertising-related service.
We delete all data obtained from Meta upon request by the user or upon notification from Meta, within the timelines specified in Meta's Developer Data Use Policy.
We do not use Meta data to discriminate against or promote discrimination of individuals based on race, ethnicity, religion, sexual orientation, disability, or other protected categories.
Our privacy policy is publicly accessible, hosted on HTTPS, not geo-blocked, and accessible to Meta's web crawlers.

Data Deletion Requests

If you wish to have all data obtained from Facebook deleted, you can:

Disconnect your Facebook Page from Artemis AI via the Connect Pages dashboard
Email privacy@artemisai.co.uk with subject line "Facebook Data Deletion Request"

We will delete all Facebook-sourced data within 30 days of your request and confirm deletion via email.

11. Cookies

Our website uses the following cookies:

Cookie	Type	Purpose	Duration
Session cookie	Essential	Maintains your login session	Session
Preference cookie	Functional	Remembers your display preferences	30 days
Google Analytics (_ga, _gid)	Analytics	Anonymous usage statistics	Up to 2 years

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of our platform.

12. Children's Privacy

Artemis AI is a business-to-business platform not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

13. International Data Transfers

Your data is primarily stored within the UK and EU. Where data is transferred outside these regions (for example, to AWS US regions for backup), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK ICO and European Commission, or transfers to countries with an adequacy decision.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, where appropriate, notifying you by email.

We encourage you to review this policy periodically. Your continued use of Artemis AI after changes are posted constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: privacy@artemisai.co.uk
Website: https://artemisai.co.uk

For Meta-specific data enquiries, you may also contact Meta Platforms Ireland Limited at their Data Protection Contact Form.