Privacy.

How we handle your data - plainly, and in full.

Last updated: 3 June 2026

The basics

Who we are and what this covers

Prophiq is a calibrated probabilistic forecasting service operated from the United Kingdom and accessible at prophiq.io. This policy explains how we handle personal data when you visit or interact with the service.

We are the data controller under UK GDPR for the data described here. By using Prophiq, you accept the practices set out in this policy.

What we collect

The data we hold

We collect the minimum data needed to operate the service and improve calibration over time. Specifically:

Submitted questions: The text of any question you submit through the Ask feature, along with the resulting forecast.
Hashed IP addresses: Used for rate limiting and abuse prevention. Stored as a one-way hash, never the raw address.
Browser metadata: Standard request headers - user agent, language, referrer - used for security and aggregate analytics.
Local browser storage: Your recent questions and search history are stored locally in your browser. They do not leave your device unless you submit them.

Why we collect it

Our lawful basis

We process the data above for the following purposes, with the listed legal basis under UK GDPR:

Operating the service: Generating forecasts in response to your questions. Legal basis: performance of a contract / legitimate interests.
Security and abuse prevention: Rate limiting, fraud detection, and protecting the integrity of the service. Legal basis: legitimate interests.
Improving calibration: Folding resolved forecasts back into the system to sharpen accuracy over time. Legal basis: legitimate interests.
Aggregate analytics: Understanding usage patterns in anonymised form. Legal basis: legitimate interests.

Who we work with

Service providers.

Prophiq runs on a small set of third-party services. Each is a data processor acting under our instructions. We use them because they are core to operating the service.

Hosting and data storage: Stores forecasts, calibration data, and operational logs. Data is hosted in EU regions where available.
Real-time research and AI-assisted reasoning: Receives question text and research context to generate forecasts as part of the reasoning ensemble. We send the question and research context only - we do not transmit your name, email, IP, or any directly identifying information.
Transactional email delivery: Sends service emails, digests, and account notifications.
Application deployment: Edge network, hosting infrastructure, and DDoS protection. Sees request metadata in transit.

For the current list of named providers in each category, contact privacy@prophiq.io.

We do not sell your data. We do not share it with advertisers or data brokers. Where data is transferred outside the UK or EEA, transfers are governed by Standard Contractual Clauses or equivalent safeguards.

Your rights

What you can ask us to do

Under UK GDPR, you have the following rights over personal data we hold about you:

Right of access: Ask us for a copy of the personal data we hold about you.
Right to rectification: Ask us to correct data that is inaccurate or incomplete.
Right to erasure: Ask us to delete data we hold about you, subject to legal retention requirements.
Right to restrict processing: Ask us to limit how we process your data while a query is resolved.
Right to object: Object to processing based on our legitimate interests.
Right to lodge a complaint: Complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us at privacy@prophiq.io. We respond within 30 days.

How long we keep it

Retention periods

Submitted questions and forecasts: Retained indefinitely - they form part of the calibration record.
Hashed IP addresses: Retained for 30 days, then deleted.
Aggregate analytics: Retained for 24 months in anonymised form.
Operational logs: Retained for 90 days for security and debugging.

Storage and security

Where data lives

Data is stored in EU or UK data centres where the provider supports regional deployment. Data is encrypted at rest and in transit. Access to production data is restricted, logged, and monitored.

Where data is transferred outside the UK or EEA - for example, when a question is sent to an AI processor whose servers are located in the US - transfers rely on Standard Contractual Clauses, adequacy decisions, or other safeguards permitted by UK GDPR.

Children

Not for under 18s

Prophiq is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a child has submitted data to us, contact us and we will delete it.

Changes

Updates to this policy

We may update this policy from time to time. The "last updated" date at the top of this page will change. Material changes will be flagged with a notice on the site before they take effect.

Contact

Get in touch

For any privacy-related question or to exercise your rights, email privacy@prophiq.io.

See our terms →