Privacy policy

Distos is a UK-based data and intelligence platform focused on FCA-regulated firms and financial services market intelligence. We provide enriched regulatory, company and business intelligence data to support sales, marketing, market analysis and commercial research use cases.

For the purposes of data protection law, Distos is the data controller of personal data processed through the Services unless otherwise stated.

We may collect and process the following categories of data.

Information you provide directly

This may include:

• Name
• Work email address
• Company name
• Job title
• Billing information
• Account credentials
• Communications with us
• Information submitted through forms, demos, support requests or onboarding

Account and usage data

When you use the Services, we may collect:

• Login activity
• IP address
• Browser and device information
• Pages viewed
• Searches performed
• Feature usage
• Session data
• API usage
• Referrer URLs
• Diagnostic and performance data

Regulatory and business intelligence data

Distos processes publicly available and licensed business information, including information sourced from:

• The UK FCA Register
• Companies House
• Corporate websites
• Public business directories
• Licensed data providers
• Open web sources
• Professional and business networking sources

This information may include:

• Firm names
• Regulatory permissions
• Business classifications
• Office locations
• Corporate relationships
• Director or senior management information
• Professional contact information
• Firmographic and technographic information

AI-generated enrichment data

Distos may use machine learning and AI systems to analyse, classify, enrich, organise, summarise or generate insights from underlying datasets. This may include inferred categorisations, company segmentation, business activity classifications or search relevance enhancements.

We may use personal data to:

• Provide and operate the Services
• Create and manage user accounts
• Process payments and subscriptions
• Respond to enquiries and support requests
• Improve search, enrichment and platform functionality
• Train and optimise internal models and systems
• Monitor platform performance and security
• Detect fraud, abuse or unauthorised use
• Communicate product updates and service information
• Send marketing communications where permitted by law
• Comply with legal and regulatory obligations
• Establish, exercise or defend legal claims

Under the UK GDPR, we rely on one or more of the following lawful bases.

Legitimate interests

We process certain business and professional data where necessary for our legitimate interests, including:

• Operating a commercial intelligence platform
• Improving and enriching datasets
• Providing search and discovery functionality
• Supporting B2B sales, marketing and market analysis
• Maintaining platform security and integrity

Where we rely on legitimate interests, we seek to ensure that our processing is proportionate and respects individuals’ rights.

Contract

We process personal data where necessary to provide the Services under a contract with you.

Consent

Where required by law, we rely on consent, including for certain marketing communications or cookies.

Legal obligation

We may process data to comply with legal, regulatory, tax, accounting or compliance obligations.

Distos may obtain data from:

• Public regulatory records
• Publicly accessible websites
• Government databases
• Corporate filings
• Licensed commercial datasets
• Customer submissions
• Third-party enrichment providers
• Analytics and infrastructure providers

We do not intentionally collect special category personal data unless legally permitted and necessary for a specific purpose.

Distos uses AI-assisted systems to help structure, enrich, categorise and surface business intelligence data. These systems are designed to support commercial intelligence and search functionality and are subject to human oversight where appropriate.

We do not make solely automated decisions that produce legal or similarly significant effects on individuals. AI-generated insights may occasionally contain inaccuracies or outdated information; users should independently verify important business or compliance decisions.

We may share personal data with:

• Cloud hosting and infrastructure providers
• Analytics providers
• CRM and customer support platforms
• Payment processors
• Identity and authentication providers
• Professional advisers
• Regulators, law enforcement or authorities where required
• Service providers assisting with platform operations

We may also share information:

• as part of a merger, acquisition, financing or sale of assets;
• where necessary to protect our rights, users or platform security.

We do not sell personal data in the traditional consumer advertising sense.

Some of our service providers may process data outside the United Kingdom. Where we transfer personal data internationally, we take steps to ensure appropriate safeguards are in place, including:

• adequacy decisions
• International Data Transfer Agreements (IDTAs)
• Standard Contractual Clauses (SCCs)
• equivalent lawful transfer mechanisms

We retain personal data only for as long as reasonably necessary for:

• providing the Services
• maintaining records
• legal and regulatory compliance
• dispute resolution
• enforcing agreements
• legitimate business purposes

Retention periods vary depending on the nature of the data and applicable legal obligations.

We implement appropriate technical and organisational measures designed to protect personal data from:

• unauthorised access
• misuse
• alteration
• disclosure
• loss or destruction

However, no internet-based service can be guaranteed completely secure.

Depending on your location and applicable law, you may have rights to:

• Access your personal data
• Correct inaccurate data
• Request deletion of data
• Restrict processing
• Object to processing
• Request portability
• Withdraw consent
• Lodge a complaint with a supervisory authority

In the UK, complaints may be made to the Information Commissioner’s Office. We may request verification of identity before responding to requests.

We may send B2B marketing communications where permitted under applicable law. You can opt out of marketing communications at any time by:

• using unsubscribe links
• adjusting account settings
• contacting us directly

Service-related communications may still be sent where necessary.

We may use cookies and similar technologies to:

• operate the website
• remember preferences
• analyse traffic and usage
• improve performance
• support marketing and attribution

Further details are provided in our Cookie Policy.

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices or content of third-party services.

We may update this Privacy Policy from time to time. Updated versions will be published on this page with a revised effective date. Where required by law, we will provide additional notice of material changes.

For questions, requests or privacy concerns, please contact us. We will respond within a reasonable timeframe and in accordance with applicable law.