Argus X — Privacy Policy
Last updated: 10 May 2026
1. About This Policy
This Privacy Policy explains how Argus AI Group LLC and Argus AI Group UK Ltd (together "Argus", "we", "our", or "us") collect, use, disclose, and otherwise process personal data in connection with the Argus X service (the "Service"), accessible at argus-x.ai.
This Policy should be read alongside our Terms and Conditions of Service (the "Terms") and, where applicable, our Data Processing Addendum ("DPA"). Capitalised terms not defined here have the meaning given in the Terms.
2. Who Is the Controller
The Argus entity that acts as controller (or, where applicable, business under US state privacy laws) of your personal data is determined by your location, in the same way as the contracting entity under Section 2 of the Terms:
- If your billing address is in the Americas, the controller is Argus AI Group LLC, 2810 N Church St, Suite 311793, Wilmington, DE 19802, USA.
- If your billing address is in the United Kingdom, the EEA, Switzerland, the Middle East, Africa, Asia, or Oceania, the controller is Argus AI Group UK Ltd, 119 Marylebone Rd, London NW1 5PU, United Kingdom (company number 16555159).
You can contact either entity at info@argusgroup.ai.
3. Two Categories of Personal Data
The Service processes personal data in two distinct capacities, and the rules differ for each.
3.1 Customer Data (you, our user)
When you register for or use the Service, we act as controller of personal data relating to you and your account. This includes:
- Identity and contact data (name, email, organisation, role);
- Billing data (billing address, VAT/tax identifiers, payment card metadata handled by our payment processor — we do not store full card numbers);
- Account data (username, hashed password, account preferences);
- Usage data (logs of queries made through the Service, scan history, IP address, device and browser information, timestamps);
- Support and correspondence data (messages you send us, support tickets);
- Marketing data (where you have opted in to receive communications).
3.2 Subject Data (the X accounts scanned through the Service)
When you submit a query through the Service, we retrieve and process publicly available content posted to X (formerly Twitter) by the account or accounts you specify (each a "Subject"), and we generate Output classifying that content.
In respect of Subject Data, the Customer (you) is the controller and Argus acts as a processor on the Customer's behalf, processing Subject Data solely in accordance with the Customer's instructions as set out in the Terms and the DPA. The Customer is solely responsible for establishing a lawful basis for the processing, conducting any required legitimate interests assessment, data protection impact assessment, or transfer impact assessment, and for responding to Subject rights requests, as set out in Section 9 of the Terms.
Where, by operation of law, Argus is nonetheless deemed to be a controller or joint controller in respect of any Subject Data, the lawful basis on which we rely is legitimate interests under Article 6(1)(f) UK GDPR / EU GDPR (the legitimate interest being the provision of an analytical tool to professional Customers conducting due diligence, compliance, and reputational risk activities). Where Subject Data incidentally reveals special category personal data, we rely on Article 9(2)(e) UK GDPR / EU GDPR on the basis that such data has been manifestly made public by the Subject.
4. Sources of Personal Data
We obtain personal data from:
- You directly, when you register, subscribe, contact us, or use the Service;
- Our payment processor (Stripe), which provides limited billing metadata;
- Publicly available sources, specifically content posted to X (formerly Twitter) and accessed via our data provider, socialdata.tools;
- Cookies and similar technologies, as set out in our Cookie Notice;
- Service providers and sub-processors acting on our behalf (see Section 7).
5. Purposes of Processing
We process personal data for the following purposes:
| Purpose | Categories of Data | Lawful Basis (UK/EU) |
|---|---|---|
| Providing and operating the Service | Customer Data; Subject Data (as processor) | Contract performance; legitimate interests |
| Account creation, authentication, and security | Customer Data | Contract performance; legitimate interests (security) |
| Billing, payment processing, and tax compliance | Customer Data | Contract performance; legal obligation |
| Customer support | Customer Data | Contract performance; legitimate interests |
| Service improvement, debugging, and quality assurance | Customer Data; aggregated/anonymised data | Legitimate interests |
| Compliance with legal and regulatory obligations | All categories | Legal obligation |
| Defence of legal claims | All categories | Legitimate interests |
| Direct marketing to existing or prospective Customers | Customer Data | Legitimate interests or consent (depending on jurisdiction) |
For US Customers, the equivalent CCPA/CPRA "business purposes" are: providing the Service, performing services on the Customer's behalf, security and fraud prevention, debugging, internal research for product improvement, and compliance with law.
6. Automated Processing and Output
The Service uses automated and machine-learning processes to classify and flag content. The Customer acknowledges and agrees that Output is generated by automated means.
The Service does not make any decision that produces legal effects concerning, or similarly significantly affects, any Subject within the meaning of Article 22 UK GDPR / EU GDPR. Customers are contractually prohibited under Section 8 of the Terms from using the Service or Output to make any decision that has a legal or similarly significant effect on a natural person based solely on automated processing, or for any determination governed by the U.S. Fair Credit Reporting Act or equivalent legislation in any jurisdiction.
7. Recipients and Sub-Processors
We share personal data with the following categories of recipient, each of which is bound by appropriate contractual obligations to protect the data:
- Sub-processors used to deliver the Service: socialdata.tools (data retrieval from X), Anthropic, PBC (Claude API for classification), Supabase, Inc. (database hosting), Render Services, Inc. (application hosting), Stripe, Inc. (payment processing);
- Communications and support tooling: our email provider and any customer-support platform we use from time to time;
- Professional advisers: lawyers, accountants, auditors, and insurers, where reasonably required;
- Authorities: law enforcement, regulators, and courts, where we are legally required to disclose or where disclosure is necessary to protect our rights or those of others;
- Successors: any party to a merger, acquisition, financing, reorganisation, or sale of assets involving Argus.
A current list of sub-processors is available on request to info@argusgroup.ai. We will give Customers notice of any new sub-processor in accordance with the DPA.
We do not sell personal data, and we do not "share" personal data for cross-context behavioural advertising within the meaning of the CCPA/CPRA.
8. International Transfers
Argus AI Group UK Ltd is established in the United Kingdom. Several of our sub-processors are established in the United States and may process personal data there. Where we transfer personal data outside the UK or the EEA to a country that has not been the subject of an adequacy decision, we rely on appropriate safeguards, including:
- The UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses themselves, as applicable;
- The UK Extension to the EU–US Data Privacy Framework (the "Data Bridge") where the recipient is certified.
You may request a copy of the relevant safeguards by emailing info@argusgroup.ai.
9. Retention
We retain personal data only for as long as necessary for the purposes for which it was collected:
- Account data: for the duration of your Subscription and for up to 24 months after termination, after which the account is deleted or anonymised;
- Scan results and Output: for 12 months after generation, unless the Customer deletes them earlier through the Service, or unless a longer period is required to defend legal claims;
- Billing records: for 7 years from the end of the relevant tax year, to comply with HMRC, IRS, and equivalent record-keeping obligations;
- Support correspondence: for 24 months from the last contact;
- Server and security logs: for up to 12 months;
- Marketing data: until you opt out, plus a suppression record retained indefinitely to honour your opt-out.
Where personal data is no longer required, we delete or anonymise it.
10. Security
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, alteration, or disclosure. These include encryption in transit, access controls, role-based authentication, logging, and regular review of our security posture. No system is completely secure, and we cannot guarantee absolute security.
11. Your Rights
11.1 Rights under UK GDPR and EU GDPR
If you are located in the UK or EEA, you have the following rights in respect of personal data we hold about you as controller:
- Access — to obtain a copy of your personal data;
- Rectification — to have inaccurate data corrected;
- Erasure — to have your data deleted, in certain circumstances;
- Restriction — to restrict processing, in certain circumstances;
- Objection — to object to processing based on legitimate interests or for direct marketing;
- Portability — to receive your data in a structured, machine-readable format;
- Withdrawal of consent — where processing is based on consent;
- Complaint — to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority in the EEA.
11.2 Rights under US state privacy laws
If you are a resident of California, Colorado, Connecticut, Virginia, Texas, Utah, or another US state with a comprehensive privacy law, you have the following rights, subject to the conditions of your state's law:
- Right to know what personal information we have collected, used, disclosed, or sold/shared;
- Right to delete personal information we have collected from you;
- Right to correct inaccurate personal information;
- Right to opt out of the sale or sharing of personal information (we do not sell or share);
- Right to limit use of sensitive personal information;
- Right to non-discrimination for exercising your rights.
To exercise any of these rights, contact us at info@argusgroup.ai. We will verify your identity before responding and will respond within the timeframes required by Applicable Law (one month under UK/EU GDPR; 45 days under CCPA/CPRA, extendable). You may use an authorised agent to submit a request on your behalf, where permitted by Applicable Law.
11.3 Requests from Subjects
If you believe you have been the subject of a scan through the Service and you wish to exercise rights in respect of Subject Data, please note that the Customer who initiated the scan is the controller of that data. Where you contact us, we will:
- (a) acknowledge your request;
- (b) where we are able to identify the relevant Customer and where it is lawful to do so, refer the request to the Customer for response; and
- (c) where we are nonetheless deemed a controller, respond directly to the extent required by Applicable Law.
We may require additional information from you to verify your identity and to locate any data we hold.
12. Children
The Service is not directed to children. We do not knowingly collect personal data from individuals under 18, and Customers are contractually prohibited under Section 8 of the Terms from using the Service to investigate, profile, or generate Output relating to any individual known or reasonably suspected to be a minor. If you believe a minor's data has been processed, contact us and we will take appropriate steps to delete it.
13. Cookies and Tracking
The Service uses cookies and similar technologies as set out in our Cookie Notice, which forms part of this Policy. Where required by Applicable Law, we obtain your consent before placing non-essential cookies.
14. Changes to This Policy
We may amend this Policy from time to time. We will post the revised Policy on the Service and update the "Last updated" date. Where changes are material, we will give additional notice (for example by email or through the Service). Your continued use of the Service after the effective date of any amendment constitutes acceptance of the revised Policy.
15. Contact and Complaints
Questions, requests, or complaints relating to this Policy or our processing of personal data:
Argus AI Group UK Ltd — 119 Marylebone Rd, London NW1 5PU, United Kingdom. Email: info@argusgroup.ai
Argus AI Group LLC — 2810 N Church St, Suite 311793, Wilmington, DE 19802, USA. Email: info@argusgroup.ai
UK and EEA residents may also lodge a complaint with the Information Commissioner's Office (ico.org.uk) or the supervisory authority in their member state. California residents may contact the California Privacy Protection Agency (cppa.ca.gov).
— End of Privacy Policy —