1. Who we are
Rescript Technologies Limited is a company incorporated in England and Wales (company number 17290216). Our registered office is at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
For the purposes of UK GDPR, Rescript Technologies Limited is the Data Controller in respect of personal data collected through this website or in connection with the Rescript service where we determine the purposes and means of processing.
Rescript Technologies Limited is registered with the Information Commissioner's Office as a Data Controller. Our ICO registration number is C1968077. You can verify our registration at ico.org.uk.
We have assessed our processing activities and have determined that the appointment of a Data Protection Officer is not required at this time under UK GDPR Article 37. If this assessment changes, we will update this policy accordingly.
You can contact us at: rafey@rescripttech.com
2. What data we collect and why
We collect a limited amount of personal data in connection with the Rescript website and service. The table below sets out what we collect, why we collect it, and the legal basis under UK GDPR that permits us to do so.
| Data collected | Purpose | Legal basis |
|---|---|---|
| Name and email address submitted via a demo request | To respond to your request for a product demonstration and to take steps prior to entering into a commercial relationship | Pre-contractual steps (Art. 6(1)(b) UK GDPR): processing is necessary to take steps at your request prior to entering into a contract |
| Fact pattern and supporting documents shared during a demo session | To generate an IFRS technical accounting position paper during or following the demonstration | Performance of a contract or pre-contractual steps (Art. 6(1)(b) UK GDPR): processing is necessary to provide the service you have requested |
| Business contact details provided in the course of a commercial relationship | To manage the client relationship, deliver the service, and communicate regarding the engagement | Legitimate interests (Art. 6(1)(f) UK GDPR): managing an ongoing business relationship. We have carried out a balancing test to confirm that our legitimate interests do not override your rights and freedoms. A copy of our legitimate interests assessment is available on request. |
Rescript as Data Processor for underlying transaction data
Where you submit a fact pattern or supporting documents that contain personal data relating to third parties (such as named individuals in a transaction), you do so as the Data Controller of that personal data and Rescript processes it on your behalf as a Data Processor for the sole purpose of generating the requested position paper. In such cases, you are responsible for ensuring that your use of Rescript is consistent with your own data protection obligations in respect of those individuals. You should not submit personal data about identifiable individuals that is not necessary for the purposes of the accounting analysis.
3. Special category data
We do not intentionally collect any special category personal data (as defined in Art. 9 UK GDPR) in connection with the Rescript service. The Rescript service is designed to process corporate financial and accounting information, not personal data relating to individuals. You should not submit special category personal data as part of a fact pattern or supporting document provided to Rescript.
If you believe that special category or other sensitive personal data has been inadvertently included in materials submitted to Rescript, please contact us immediately at rafey@rescripttech.com and we will take appropriate steps to delete it.
4. How we use your data
We use the personal data we collect only for the purposes set out in section 2 above. Specifically:
- To respond to demo requests and schedule demonstrations of the Rescript service.
- To generate IFRS technical accounting position papers using the Rescript tool during or following a demonstration, using the fact pattern and supporting documents you provide.
- To manage the ongoing commercial relationship where one is established.
- To communicate with you in connection with the service, including sending you the outputs of the Rescript tool.
We do not use your personal data for automated decision-making or profiling. We do not use your personal data for marketing purposes without your explicit consent.
5. Who we share your data with
5.1 Anthropic PBC — AI processing
To generate position papers, Rescript uses an AI processing service provided by Anthropic PBC, a company incorporated in the United States. The fact pattern and supporting documents you submit are processed by Anthropic on our behalf for the sole purpose of generating the requested output. Anthropic acts as a data processor on our behalf under a Data Processing Agreement and processes data only on our instructions. Full details of the data handling arrangements in place, including data retention controls, are available on request from rafey@rescripttech.com.
5.2 Microsoft Corporation — email
Email communications, including demo requests and service correspondence, are processed and stored by Microsoft Corporation on our behalf under a Data Processing Agreement. Microsoft acts as a data processor. Further information is available at privacy.microsoft.com.
5.3 Infrastructure providers
The rescripttech.com website is hosted and served by third-party infrastructure providers based in the United States. These providers process standard web server log data, including visitor IP addresses, solely in connection with operating the website. Each acts as a data processor on our behalf under appropriate contractual arrangements. The names of our infrastructure providers are available on request from rafey@rescripttech.com.
5.4 No other third-party sharing
We do not sell, rent, or otherwise disclose your personal data to any other third parties, except where required to do so by applicable law or by order of a competent court or regulatory authority. We will inform you of any such requirement to disclose unless we are legally prohibited from doing so.
6. International transfers
Some of our data processors are based in the United States. Where personal data is transferred outside the United Kingdom in connection with those arrangements, such transfers are subject to appropriate international transfer safeguards, including Standard Contractual Clauses and the UK International Data Transfer Addendum where applicable.
Full details of the transfer mechanisms in place for each processor are available on request from rafey@rescripttech.com.
7. How long we keep your data
We retain personal data only for as long as is necessary for the purposes for which it was collected, and in any event for no longer than required by applicable law.
- Demo request contact details (name, email address): retained for the duration of any commercial relationship and for 12 months following the last substantive contact, after which they are securely deleted.
- Fact patterns and supporting documents submitted during a demo session: not retained by Rescript beyond the session in which they are used. Details of how Anthropic handles such data are available on request.
- Generated position papers: retained only for the duration of the commercial relationship and deleted on request at any time.
- Email correspondence: retained in accordance with standard business record-keeping practice, for a period of up to six years from the date of the relevant communication, in line with the Limitation Act 1980.
8. Your rights under UK GDPR
Under UK GDPR, you have the following rights in respect of your personal data:
- Right of access: you may request a copy of the personal data we hold about you.
- Right to rectification: you may request that inaccurate or incomplete personal data be corrected.
- Right to erasure: you may request that we delete your personal data where there is no legitimate reason for us to continue to hold it.
- Right to restrict processing: you may request that we restrict the processing of your personal data in certain circumstances.
- Right to data portability: where processing is based on consent or contract and is carried out by automated means, you may request that we transfer your personal data to you or to another controller in a structured, commonly used, machine-readable format.
- Right to object: you may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights.
- Rights in relation to automated decision-making: Rescript does not make automated decisions about you that produce legal or similarly significant effects.
To exercise any of these rights, please contact us at rafey@rescripttech.com. We will respond within one calendar month of receiving your request. We may ask you to verify your identity before processing your request.
There is no charge for exercising your rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or decline to respond, and we will inform you of this at the time.
9. Cookies and tracking
The rescripttech.com website does not currently use cookies, tracking pixels, web analytics tools, or any other technology that collects data about your browsing behaviour. No cookie consent banner is therefore required at this time.
If we introduce cookies or tracking technologies in the future, we will update this policy before doing so and implement an appropriate cookie consent mechanism in compliance with the Privacy and Electronic Communications Regulations 2003 (PECR).
10. Security
We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- AI processing carried out under a Data Processing Agreement with contractual data handling controls in place. Full details are available on request.
- Email communications secured via enterprise-grade email infrastructure with standard security controls.
- Website hosted on industry-standard cloud infrastructure with appropriate security measures.
- Access to any personal data held by Rescript restricted to authorised personnel only.
No method of electronic transmission or storage is completely secure. While we take all reasonable steps to protect your personal data, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) in accordance with our obligations under UK GDPR Articles 33 and 34.
11. Complaints
If you have a concern about how we handle your personal data, we would ask that you contact us in the first instance at rafey@rescripttech.com so that we can attempt to resolve it.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the supervisory authority for data protection in the United Kingdom:
- Website: ico.org.uk
- Telephone: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, the services we offer, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
Where changes materially affect how we process your personal data, and where we are required by law to do so, we will notify you directly.
13. Contact
All data protection enquiries, subject access requests, and requests to exercise your rights under UK GDPR should be directed to:
Data Controller
71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Company number: 17290216
Email: rafey@rescripttech.com
Registered in England and Wales
We aim to acknowledge all data protection enquiries within five working days and to respond substantively within one calendar month.