Skip to content
Book a demo
Privacy

Privacy Policy

How Zigg.ai and GroundCtrl handle data - on the website and in the venue.

Draft scaffold - not finalised legal text.

This page is a structural placeholder. Final language is subject to legal counsel approval.

Important: This is a structural template to brief lawyers, not finished legal text. Zigg.ai's product captures audio/video and uses proximity sensing in public venues, and the site collects enquiry data - both carry real UK GDPR / PECR obligations. Qualified counsel will draft and approve the final policy.

Section 1

Who we are

TODO · GroundCtrl / Zigg.ai legal entity, registered address, ICO registration number, contact + DPO/representative.

Section 2

Scope

This website, the enquiry/demo forms, and the in-venue Zigg.ai units.

Section 3

What we collect

  • Website: form fields (name, organisation, email, message), analytics/cookies, IP/device data.
  • In-venue units: how cameras, microphones and proximity sensors are used - what is processed, whether anything is recorded vs processed transiently, retention, and whether any biometric data is involved (special-category data needs explicit basis).
Section 4

Why we collect it & lawful basis

TODO · Map each purpose to a UK GDPR lawful basis - e.g. legitimate interests, consent, contract.

Section 5

Conversation data

How visitor questions and audio to avatars are handled, whether stored, and for how long; the role of the AI sub-processor (Anam) and any LLM provider.

Section 6

Sub-processors & sharing

TODO · List: Anam, hosting, analytics, CRM, etc., with links to their terms / DPAs.

Section 7

International transfers

TODO · If data leaves the UK/EEA - mechanism, e.g. SCCs / IDTA.

Section 8

Retention

TODO · How long each category is kept.

Section 9

Your rights

Access, rectification, erasure, restriction, objection, portability; how to exercise; right to complain to the ICO.

Section 10

Children

TODO · Position on processing data of minors - relevant for museums / education venues.

Section 11

Security

Reference the SOC-2 / encryption posture of the platform.

Section 12

Cookies

See the Cookie Policy.

Section 13

Changes & contact

TODO · Versioning + contact route.

Counsel review

Specific topics flagged for legal attention

  • In-venue camera / microphone processing and signage / notice requirements.
  • Whether proximity / vision processing constitutes biometric or special-category data.
  • Voice cloning / likeness consent records for custom characters and executive twins.
  • Data-processing roles: where Zigg.ai / GroundCtrl is controller vs processor for venue clients (a DPA between Zigg.ai and the venue is likely needed).