Talon Analysis← Back to home

Data Compliance

Last updated: May 25, 2026

1. Purpose

This page summarizes how Talon Analysis approaches data protection and regulatory compliance. It supplements our Privacy Policy and Terms of Use. It is not legal advice.

2. Roles

For account and billing data you provide as a customer, Talon typically acts as the data controller. For report inputs you submit about markets and competitors, you remain responsible for ensuring you have a lawful basis to process any personal data contained in those inputs.

When we use subprocessors (hosting, AI, search, payments), they act as processors under instructions to deliver the service.

3. Lawful bases (GDPR / UK GDPR)

Where applicable, we rely on:

  • Contract: processing needed to provide the service you signed up for
  • Legitimate interests: security, fraud prevention, product improvement, and limited analytics, balanced against your rights
  • Legal obligation: records required by tax, accounting, or regulatory rules
  • Consent: where explicitly requested (e.g. optional marketing, if offered)

4. Subprocessors

We maintain a processor chain necessary to run automated reports. Key categories include cloud infrastructure, authentication/database, payment, AI inference, and web data APIs. We select vendors with appropriate security commitments and contractual data protection terms where available.

A current list of categories is described in our Privacy Policy. Enterprise customers may request additional subprocessor detail or notification provisions by contacting us.

5. International transfers

Your data may be processed in the United States or other countries where our providers operate. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms offered by our vendors.

6. Security measures

We apply measures including, where configured:

  • TLS encryption for data in transit
  • Authenticated access to application data with row-level security
  • Service-role isolation for server-side pipeline operations
  • Rate limiting and abuse detection on sensitive API routes
  • Least-privilege access to production systems

7. Data subject rights

If you are in the EEA, UK, or similar jurisdictions, you may request access, rectification, erasure, restriction, portability, or objection. You may also lodge a complaint with your supervisory authority. Submit requests to support@talonanalysis.com; we respond within applicable statutory timelines.

8. Incident response

We maintain procedures to assess and respond to suspected personal data breaches. Where notification to regulators or affected individuals is required by law, we will act without undue delay.

9. AI and automated processing

Reports are produced using automated retrieval and AI analysis. Outputs may contain errors. Automated processing does not produce legal effects solely based on automated decision-making about you as an individual consumer; it generates business intelligence from public and submitted commercial data.

10. Data Processing Agreement (DPA)

Business customers who need a signed DPA or custom data protection terms should contact support@talonanalysis.com. Standard self-serve use is governed by the Terms and policies on this site.