Privacy Policy

Last updated: 01/05/2026

Tomoro AI Ltd ("us," "we," or "our") registered at WeWork International House, 1 St. Katharine's Way, London, E1W 1UN, United Kingdom, operates the website [www.tomoro.ai] (the "Service").

We hold your privacy in the highest regard and are fully dedicated to safeguarding the confidentiality and security of any information we gather from or about you.

This Privacy Policy outlines our principles and procedures regarding the collection and use of Personal Information when you interact with our website and utilise our service (referred to collectively as "Services"). It's important to note that this Privacy Policy specifically addresses the data we collect directly from individuals interacting with Tomoro AI; including interacting with the Tomoro website and Tomoro social media platforms.

Please be aware that this Privacy Policy does not extend to the content we process on behalf of clients who engage with our business offerings. The handling and use of data under these circumstances are subject to separate customer agreements governing access to and utilisation of our services for those specific purposes.

1.   Personal Information we may collect

"Personal Information" refers to any data that identifies or can be used to identify an individual. This may include, but is not limited to, names, email addresses, contact information, and any other information provided by you or collected through your interactions with our Services.

• User Content: When you use our Services, we collect Personal Information that you input and share with us to enable interaction and support
• Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send (“Communication Information”).
• Social Media Information: We have pages on social media sites such as, LinkedIn. When you interact with our social media pages, we will collect Personal Information that you elect to provide to us, such as your contact details (collectively, “Social Information”). In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.

Automatic information we receive: We receive the following information about your visit, use, or interactions (“Technical Information”) when you visit or engage with our Services:

• Log Data: Information that your browser automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our website.
• Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
• Device Information: Insights into the devices (desktop, mobile, tablet) and browsers used to access your site.
• Cookies: We use cookies to operate and administer our Services, and improve your experience. A “cookie” is a piece of information sent to your browser by a website you visit. You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. However, refusing a cookie may in some cases preclude you from using, or negatively affect the display or function of, a website or certain areas or features of a website. For more details on cookies, please visit All About Cookies.  You can modify your browser settings to disable cookies, but this may affect your ability to use certain features of the Service.
• Analytics: We may use an online analytics product that uses cookies to help us analyse how users use our Services and enhance your experience when you use the Services.

2.   How will your information be used?

Where we are required to identify a ‘legal basis’ under the GDPR to use your Personal Information, the legal bases we rely on include but are not limited to:

• Where we need to perform a contract we have entered into with you or are about to enter into with you (“Contract”).
• Where it is necessary for pursuit of our (or a third party’s) legitimate interests and your interests and fundamental rights do not override those interests. In particular, we have legitimate interests in providing the Services, communicating with you, ensuring the ongoing security of the Services, and ensuring the ongoing protection and enforcement of our rights (“Legitimate Interest”).  
• Where we need to comply with a legal or regulatory obligation (“Legal Obligation”).
• Where we have your consent to carry out the processing (“Consent”). 

At Tomoro we may use Personal Information collected about you, including but not limited to these purposes:

• To provide and maintain the Service you have requested (Legal Basis: Contract and Legitimate Interests).
• To notify you about changes to our Service (Legal Basis: Contract and Legitimate Interests).
• To communicate with you (Legal Basis: Legitimate Interests and/or Consent).
• To gather analysis or valuable information to improve our Service (Legal Basis: Legitimate Interests and/or Consent).
• To monitor the usage of our Service (Legal Basis: Legitimate Interests).
• If the law or government requires us to, we may need to collect and process your data (Legal Basis: Legal Obligation or, where applicable, Legitimate Interest)

3.   Disclosure of Your Information

We may disclose your Personal Information for the purposes identified above. For example, we may share your Personal Information:

• To comply with legal obligations
• To protect and defend our rights or property
• With service providers and consultants who help us provide the Service

We may share your Personal Information with the following categories of recipients: 

• Affiliates. Our subsidiaries and affiliates.
• Service providers. Third parties that provide services on our behalf (such as our cloud storage and other IT providers).
• Professional advisors. Professional advisors (such as lawyers, auditors, bankers and insurers), where necessary in the course of the professional services that they render to us.
• Authorities and others. Government, law enforcement and other public authorities, as we believe in good faith to be necessary or appropriate in the circumstances.
• Parties to corporate events. We may disclose Personal Information in the context of actual or prospective corporate events (such as investments, financing, or the sale, transfer or merger of all or part of our business, assets or shares). For example, we may need to share certain Personal Information with prospective counterparties and their advisers.

Where we share your Personal Information with parties who are based outside Europe, we try to ensure a similar degree of protection is afforded to it by making sure one of the following mechanisms is implemented:

• Transfers to territories with an adequacy decision. We may transfer your Personal Information to countries or territories whose laws have been deemed to provide an adequate level of protection for Personal Information by the European Commission or UK Government (as applicable).

• Transfers to territories without an adequacy decision. We may transfer your Personal Information to countries or territories whose laws have not been deemed to provide such an adequate level of protection (e.g., the U.S., Singapore or Australia). However, in these cases, we may use specific appropriate safeguards (such as standard-form contracts approved by the authorities for this purpose), or in limited circumstances, we may rely on an exception which permits us to transfer your Personal Information to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – for example, reliance on your explicit consent to that transfer.

You may contact us using the contact details at the end of this Privacy Policy if you want further information on the specific mechanism used by us when transferring your Personal Information.

4.   Security and Data Retention

We have implemented appropriate security measures to safeguard your Personal Information from unauthorised access, disclosure, alteration, or destruction. While we employ reasonable security practices, it's important to recognise that no method of data transmission over the internet or electronic storage can provide absolute security. Your understanding of this inherent limitation is appreciated.

We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting or reporting requirements. When determining the appropriate retention period, we consider factors such as the nature of the Personal Information, the purposes for which we process it, and applicable legal obligations. When we no longer require your Personal Information, we will delete it or de-identify it.

5.   Your Rights

We respect your rights concerning your Personal Information. These rights may include the right to access, correct, delete, transfer, restrict, or object to, or withdraw consent to (where you have given us your consent) the processing of, your Personal Information. Should you wish to exercise any of these rights or complain about our processing of your Personal Information, you can get in touch with us using the contact details at the end of this Privacy Policy.

If you are not satisfied with our response, or how we process your Personal Information, you may also have a right to complain to the data protection regulator in your habitual place of residence:

• For users in the UK, you can complain to the Information Commissioner’s Office: https://ico.org.uk/make-a-complaint/
• For users in the European Economic Area (EEA), the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en

6.   Changes to this Privacy Policy

Any changes to this policy will be updated on this page, with a revised date shown.

7.   Contact Tomoro

If you have any questions relating to this Privacy Policy or our data practices, please contact us at: info@tomoro.ai

If you are based in the EEA, we have also appointed an EU GDPR representative. You can contact the representative at: Instant EU GDPR Representative Ltd, Office 2 12A Lower Main Street, Lucan Co. Dublin K78 X5P8 Ireland, or by emailing them at: contact@gdprlocal.com