Log in

IMAGEINSIGHT TERMS AND CONDITIONS

Last updated: 2025-11-15

Thanks for joining ImageInsight!

Please read these terms and conditions (also referred as "Terms") carefully before using Our Service.

ImageInsight (the Product) is a Saas product owned and operated by Anna Malone Coaching Ltd ((UK registered company 15947464) (The Beeches, Coopers Hill, Eversley, Hampshire, RG27 0QA) (“the Company”, “us”, “we” or “our”)

These Terms with any other terms and policies referenced herein (“Terms”) constitute a legally binding agreement as of the Commencement Date (as defined below), governing your access, use, registration and receipt of the ImageInsight Web Application, as defined below.  

If you are accessing or using the ImageInsight Web Application on behalf of the Customer (as defined below) you hereby confirm that you are authorised by the Customer to do so.

You acknowledge and signify your consent to these terms (on behalf of the Customer, if applicable) by either i) clicking on a button or checking a checkbox for the acceptance of these terms or ii) registering tom using or accessing ImageInsight Web Applications (as defined below)

If you do not agree to comply with, and or be bound by, these terms or do  not have the authority to bind your employer or any entity (as applicable) please do not accept these terms, or access or use the services or the sites of Image Insight Web Application.

  1. Definitions and interpretation

  1. In this Agreement, the following expressions have the following meanings:

Agreement

means this Software as a Service Agreement, which shall comprise the Order, these Terms and Conditions and all attached Schedules.

Charges

the Charges listed in the Order.  

Commencement Date

the commencement date of this Agreement, is the date of acceptance or registration to use the ImageInsight Web Application, whichever is the earlier.

Confidential Information

all data or information (whether technical, commercial, financial or of any other type) in any form acquired under, pursuant to or in connection with, this Agreement and any information used in or relating to the business of the parties (including information relating to the parties’ products (bought, manufactured, produced, distributed or sold), services (bought or supplied), operations, processes, formulae, methods, plans, strategy, product information, know-how, design rights, trade secrets, market opportunities, customer lists, commercial relationships, marketing, sales materials and general business affairs), and which are for the time being confidential to the disclosing party.  

Customer

Customer Data

refers to the person or Company that is purchasing the licences for its authorised users. Referred to as ‘the Customer’ ‘You’ or ‘Your’ in this agreement.

the data inputted by You (including Your affiliates, employees, directors) into the ImageInsight Web Application or otherwise provided to Us as part of Your use of the Services.

Data Protection Laws

all applicable data protection and privacy legislation in force in the United Kingdom including:

  1. the GDPR to the extent that it forms local laws arising from Section 3 of the European Union (Withdrawal Act) 2018 (“UK GDPR”);
  2. the General Data Protection Regulation ((EU) 2016/679) (“GDPR”);
  3. the Data Protection Act 2018;
  4. the Privacy and Electronic Communications Regulations 2003 (SI 2003 No. 2426) as amended and any amendments to these laws as updated from time to time.

The terms Data Subject, Personal Data and processing shall have the meanings set out in the UK GDPR.

Free Trial

refers to a limited period of time that may be free before purchasing a Subscription.

ImageInsight Web Application

means the online ImageInsight Web Application, website and all applications provided by Us to You, as more particularly described at https://imageinsight.app

Intellectual Property Rights

copyright, patents, rights in confidential information, know-how, trade secrets, trademarks, trade names, design rights, get-up, database rights, chip topography rights, mask works, utility models, domain names, rights in computer software and all similar rights of whatever nature and, in each case:

  1. whether registered or not;
  2. including any applications to protect or register such rights;
  3. including all renewals and extensions of such rights or applications;
  4. whether vested, contingent or future; and wherever existing.

Incident

any Vulnerability, Virus or security incident which:

  1. may affect the ImageInsight Web Application or the Services;
  2. may affect Our network and information systems, such that it could potentially affect You or the ImageInsight Web Applicationor the Services; or
  3. is reported to the Supplier by the Customer.

Initial Term

the initial term of this agreement as set out in the Order or otherwise agreed in writing between the parties.

Order

the key commercial terms of this agreement, as set out when You place your order via the online registration process.

Personal Data Breach

shall have the meaning set out in Article 4 of the GDPR.

Renewal Term

any renewal term of this agreement as set out in the Order or otherwise agreed in writing between the parties.

Scope of Use

the scope of use describes how the Customer may use the ImageInsight Web Application.

Services

the services provided by Us to You including providing access to the ImageInsight Web Application, documentation and any applicable Support Services.

Support Services

the related support services provided by Us to You, as described in clause 5b.

Usage Data

information generated by your use of the Services, which does not enable identification of an individual, such as de-identified, aggregated and/or analytics information.

User

Includes both “Authorised Users”, who are authorised by You to use the ImageInsight Web Application and “Guests”. Authorised users have the ability to establish a “session” and invite Guests to participate in that session. Users and Guests are designated within the Services and referred to herein, collectively as “Users”.

Virus

any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network.

Vulnerability

a weakness in the computational logic (for example, code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability.

  1. Clause, schedule and paragraph headings shall not affect the interpretation of this Agreement.

  2. The words include, includes and including are deemed to be followed by the words ‘without limitation.

  3. Reference to writing or written includes e-mail.

  4. Together You and Us are referred to as the “Parties”.

  1. Term

  1. This Agreement shall, unless otherwise terminated as provided in this Clause 12, commence on the Commencement Date and shall continue for the Free Trial (if any).  

  2. Thereafter, unless terminated by either party during the Free Trial on the provision of written notice to the other party, this Agreement shall continue for the Initial Term.

  3. Following the Initial Term, this Agreement shall be automatically renewed for the Renewal Term, unless terminated in accordance with the provisions of this Agreement.

  1. Registration and Users

  1. By accepting the terms of this Agreement, You confirm to Use that you are authorised by the Customer, and any decision or action made by You (or any other person set up by you as an administrator of the Customer’s account), is deemed as a decision or action of Customer.

  2. The Customer is solely liable and responsible for all Users to whom the Customer provides access, and for all use made of the ImageInsight Web Application by both Users and their clients, even if those Users and clients are not from Customer’s organisation. Further, Customer acknowledges that any action taken by anyone via the Customer’s account, is deemed by us as an authorised action by Customer.

  1. Rights to use the ImageInsight Web Application

  1. Under Clause 4b, We grant You a non-exclusive, non-transferable right, to use the Services during the Term and for the Scope of Use.

  2. We will provide the Services to You in accordance with the Scope of Use.

  3. We (or our licensors) own and retain all right title and interest (including all Intellectual Property Rights) in and to the Services and the Usage Data, including (without limitation) all software, apps framework, design, design system, text, editorial materials, informational text, documentation, photographs, illustrations, audio clips, video clips, artwork and other graphic materials, and names, logos, trademarks and services marks (excluding Customer Data), any and all related or underlying know-how, technology or intellectual property, and any modifications, enhancements or derivative works of the foregoing.

  4. This Agreement does not grant You any Intellectual Property Rights in respect of the Services or the Usage Data.

  5. You own all rights (including any Intellectual Property Rights) in your Customer Data.

  6. You acknowledge and agree that we may collect, use and publish Usage Data relating to, or generated by your use of the Services, and disclose it for the purpose of providing, operating, improving and publicising our products and services, and for other business purposes.

  7. Where You or a Coach provides suggestions, comments, feature requests or other feedback in respect of the Services (“Feedback”), such Feedback it shall become Our sole property without restrictions or limitations on use of any kind. We may either implement or reject such Feedback, without any restriction or obligation of any kind. You (i) represent and warrant that such Feedback is accurate, complete, and does not infringe on any third party rights; (ii) irrevocably assign to Us any right, title and interest you may have in such Feedback; and (iii) explicitly and irrevocably waive any and all claims relating to any past, present or future moral rights, artists’ rights, or any other similar rights, worldwide, in or to such Feedback.

  1. Our Obligations

  1. From the Commencement Date, we will provide the Services to each Coach.

  2. For the Term, We will also provide the Support Services, which shall comprise:

  1. Using our reasonable endeavours to correct any errors or issues reported to us;

  2. Providing updates, in our sole discretion.

  1. We agree to provide the Services with reasonable skill and care.

  2. We do not warrant that:

  1. Your use of the Services will be uninterrupted or error-free;

  2. the Services will meet Your requirements; or

  3. the Services will be free from Vulnerabilities or Viruses.

  1. Your Obligations

  1. You will, and you will ensure that all Users:

  1. have a unique login;

  2. co-operate with Us and provided all necessary information to allow Us to provide the Services;

  3. use the Services in accordance with the Scope of Use and these Terms and Conditions.

  4. keep secure all log in information for the use of the Services;

  5. allow Us to audit the use of the Services where We provide You with reasonable prior written notice;

  6. ensure that Your network and systems comply with all relevant security and other specifications notified to you by Us; and

  7. be responsible for obtaining, maintaining and securing Your own internet connection.

  1. You will not, and will procure that Users do not:

  1. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the ImageInsight Web Application and/or documentation (as applicable) in any form or media or by any means;

  2. attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form for all or any part of the ImageInsight Web Application;

  3. access all or any part of the Services in order to build a product or service which competes with the Services;

  4. grant any sublicences to any other party to use the Services;

  5. attempt to obtain, or assist third parties in obtaining, access to the Services;

  6. access, store, distribute or transmit Viruses or any harmful or illegal material during the course of its use of the Services; or

  7. introduce or permit the introduction of, any Virus or Vulnerability into Our network and information systems.

  1. You shall use all reasonable efforts to prevent any unauthorised access to the Services. Upon discovering any unauthorised access, you must immediately notify Us.

  2. You acknowledge that any delay caused by You failing to fulfil any of your obligations under this Agreement may mean that we need to adjust any agreed timescales.

  1. Content

  1. The Services allow You to add content into the ImageInsight Web Application. You are responsible for the content that You add to the Service, including its legality, reliability, and appropriateness.

  2. You expressly understand and agree that You are solely responsible for the content and for all activity that occurs under Your account, whether done so by You or any third person using Your account.

  3. You may not transmit any content that can identify You or anyone else’s personal detail or create unlawful, offensive, upsetting, intended to disgust, threatening, libelous, defamatory, obscene or otherwise objectionable. Examples of such objectionable content include, but are not limited to, the following:

  1. Personal information that can Identify You or the person you are working with

  2. Violating the privacy of any third person.

  3. Unlawful activity.

  4. Defamatory, discriminatory, or mean-spirited content, including references or commentary about religion, race, sexual orientation, gender, national/ethnic origin, or other targeted groups.

  5. Containing or installing any viruses, worms, malware, trojan horses, or other content that is designed or intended to disrupt, damage, or limit the functioning of any software, hardware or telecommunications equipment or to damage or obtain unauthorized access to any data or other information of a third person.

  6. Infringing on any proprietary rights of any party, including patent, trademark, trade secret, copyright, right of publicity or other rights.

  7. Impersonating any person or entity including Us and Our employees or representatives.

  8. False information and features.

  1. Although regular backups of content are performed, We do not guarantee there will be no loss or corruption of data.  You agree to save a complete and accurate copy of any content in a location independent of the Service.

  1. Charges and Payment

  1. You will pay the Charges to Us for the Services in accordance with this Clause 7.

  2. We shall issue invoices in respect of the Charges as set out in the Order, and you shall pay to us the Charges within such period as is set out in the Order or, where there is no period set out in the Order, within 30 days of receipt, except for any amount in respect of which there is a genuine dispute.

  3. All Charges are exclusive of VAT.

  4. If we have not received payment before the due date:

  1. interest shall accrue on a daily basis on such due amounts at an annual rate equal to 4% over the Bank of England Base Rate, commencing on the due date and continuing until fully paid; and

  2. We may, without liability to You, stop providing the Services where any invoices remain unpaid.

  1. We shall be entitled to increase the Charges payable at the start of each Renewal Period upon 30 days' prior notice to You.

  1. Data Protection

  1. The parties shall comply with the provisions and obligations imposed on them by the Data Protection Laws at all times when processing Personal Data in connection with this Agreement.

  2. The parties will comply with the terms of the Data Processing Agreement set out in the Schedule.

  1. Confidentiality

  1. Each party agrees that they will not at any time during this Agreement, and for a period of three (3) years after termination of this Agreement, disclose to any person any Confidential Information belonging to the other party except as permitted by Clause 10c. 

  2. We acknowledge that the Customer Data is Your Confidential Information.

  3. Each party may disclose the other party's Confidential Information: 

  1. to those of its employees, officers, representatives or advisers who need to know such information for the purposes of exercising the party's rights or carrying out its obligations under or in connection with this Agreement. Each party will ensure that its employees, officers, representatives or advisers to whom it discloses the other party's Confidential Information are aware of that party’s obligations under this Clause 9a; and

  2. as may be required by law, a court or any governmental or regulatory authority.

  1. No party will use any other party's Confidential Information for any purpose other than to exercise its rights and perform its obligations under or in connection with this Agreement.

  1. Limitation Of Liability

  1. Except as expressly and specifically provided in this Agreement:

  1. You assume sole responsibility for Your use of the Services and any results You obtain;

  2. Save as otherwise expressly set out herein, We exclude all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law, to the fullest extent permitted by applicable law; and

  3. the Services are provided to You on an "as is" basis.

  1. Neither party excludes nor limits any liability for:

  1. personal injury (including sickness and death) to the extent that such injury results from the negligence or wilful default of a party or its employees; or

  2. fraud or fraudulent misrepresentation;

  3. any other liability to the extent it cannot be excluded or limited by law;

  1. In no event shall any party (including its respective licensors, agents and sub-contractors, if any) be liable for:

  1. any loss of profits, loss of anticipated savings, loss of data, business interruption, loss of use, loss of contracts, loss of goodwill business or business benefit, or the cost of procurement of substitute services by any other party (whether direct or indirect);

  2. any special, indirect, incidental, or consequential damages or losses of any nature whatsoever.

  1. In no event shall we be liable for:

  1. wasted expenditure;

  2. additional costs of procuring and implementing replacements for, or alternatives to, the Services, including consultancy costs, additional costs of management time and other personnel costs and costs of equipment and materials;

  3. losses incurred by You arising out of or in connection with any claim, demand, fine, penalty, action, investigation or proceeding by any third party against You caused by Our act or omission;

  4. anticipated savings; or

  5. loss of, corruption or damage to, data.

  1. Subject to clauses 8.2 and 8.4, the Customer’s and all Users’ sole remedy at any time with respect to any claims arising out of the Agreement shall be limited in the aggregate to the monies paid by the Customer to Us under this Agreement during the twelve (12) month period preceding the earliest event giving rise to such liability.

  2. All parties accept that the limitations and exclusions set out in this Agreement are reasonable having regard to all the circumstances.

  3. You hereby agree to afford Us not less than thirty (30) days (following notification thereof by You) in which to remedy any event of default hereunder.

  1. Termination

  1. Either party may terminate this Agreement at any time during the Free Trial, and thereafter with 30 days prior written notice to the other party, such notice to expire at the end of the Initial Term or any Renewal Term.

  2. Either party may, without affecting its other rights under this Agreement, by notice in writing to the other party immediately terminate this Agreement if the other:

  1. fails to pay any amount due under this Agreement on the due date for payment and remains in default not less than 30 days after being notified in writing to make such payment;

  2. is in material or persistent breach of any of its obligations under this Agreement and if that breach is capable of remedy and the other has failed to remedy that breach within 30 days after receiving written notice requiring it to remedy that breach; or

  3. is unable to pay its debts (within the meaning of section 123 of the Insolvency Act 1986) or becomes insolvent or an order is made or a resolution passed for the administration, winding-up or dissolution of the other (otherwise than for the purposes of a solvent amalgamation or reconstruction) or an administrative or other receiver, manager, liquidator, administrator, trustee or similar officer is appointed over all or any substantial part of the assets of the other or the other enters into or proposes any composition or arrangement with its creditors generally or any analogous event occurs in any applicable jurisdiction; or

  4. ceases or suspends, or threatens to cease or suspend, the carrying on of any part of its business.

  1. In the event of termination of this Agreement for any reason:

  1. all licences granted under this Agreement shall immediately terminate You shall immediately cease all use of the Services; and

  2. each party will within 7 days of such termination return (or, at the other party’s option, destroy) all the other party'sConfidential Information in its possession or under its control and all copies of such information.

  1. General Terms

  1. Costs: Each party is responsible for its legal and other costs in relation to the preparation and performance of this Agreement.

  2. Survival of terms: The parties intend the following terms to survive termination: Clauses 0 ,9, 10, 11, 12, 13 and all clauses required for their interpretation.

  3. Relationship of the parties: The parties are independent businesses and not partners, principal and agent, or employer and employee, or in any other relationship of trust to each other.

  4. Third party rights: For the purposes of the Contracts (Rights of Third Parties) Act 1999, this Agreement is not intended to and does not give any person who is not a party to it any right to enforce any of its provisions. However, this does not affect any rights or remedy of such a person that exists or is available apart from that Act.

  5. Assignment and other dealings: No party may assign, subcontract or encumber any right or obligation under this Agreement, in whole or in part, without the other party’s prior written consent or except as expressly permitted in this Agreement.

  6. Entire agreement: This Agreement, and any document referred to in it, contains the whole Agreement between the parties relating to its subject matter and supersedes any prior agreements, representations or understandings between them unless expressly referred to in this Agreement. Each party acknowledges that it has not relied on, and will have no remedy in respect of, any representation (whether innocent or negligent) made but not covered in this Agreement. Nothing in this clause limits or excludes any liability for fraud or fraudulent misrepresentation.

  7. Variation: We reserve the right, at Our sole discretion, to modify or replace these Terms and Conditions at any time. If a revision is material, We will make reasonable efforts to provide at least 30 days' notice prior to any new terms taking effect. What constitutes a material change will be determined at Our sole discretion.  By continuing to access or use Our Service after those revisions become effective, You agree to be bound by the revised terms. If You do not agree to the new terms, in whole or in part, You should cease using the Services.

  8. Severability: If any clause in this Agreement (or part of a clause) is or becomes illegal, invalid or unenforceable under applicable law, but would be legal, valid and enforceable if the clause or some part of it was deleted or modified (or the duration of the relevant clause reduced), the relevant clause (or part of it) will apply with such deletion or modification as may be required to make it legal, valid and enforceable, and the parties will promptly and in good faith seek to negotiate a replacement provision consistent with the original intent of this Agreement as soon as possible.

  9. Waiver: No delay, act or omission by either party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

  10. Notices: Notices under this Agreement must be in writing and sent to the other party's address or email address, as set out in the Order above. Letters sent in the United Kingdom will be deemed delivered 3 business days (excluding English Bank Holidays), after sending. Emails will be deemed delivered the same day (or the next business day, if sent on a non-business day or after 5pm on any business day at the recipient's location).

  11. Counterparts: This Agreement may be signed in any number of counterparts and by the parties on separate counterparts, each of which when signed and dated will be an original, and such counterparts taken together will constitute one and the same Agreement. This agreement will not be effective until each party has signed one counterpart.

  12. Governing law and jurisdiction: This Agreement is governed by the law of England and Wales. All disputes under this Agreement will be subject to the exclusive jurisdiction of the courts of England and Wales.

Agreed by the parties on the date set out at the beginning of this Agreement.

DATA PROCESSING AGREEMENT

BACKGROUND

 

This Data Processing Agreement (“DPA”) forms part of the Software as a Service Agreement, as updated from time to time, between Anna Malone Coaching Ltd (“Provider,” “we,” “our,” or “us”) and the Customer whose details are set out in the Order (“Customer”). In the event of any conflict or inconsistency between this DPA and the Software as a Service Agreement, this DPA shall prevail.

All capitalised terms shall have the meaning assigned to them in the Software as a Service Agreement, unless otherwise defined in this DPA.

  1. DEFINITIONS

Applicable Law

  1. means as applicable and binding on Customer or Provider:
  1. any law, statute, regulation, byelaw or subordinate legislation in force from time to time to which a party is subject and/or in any jurisdiction that the Services are provided to or in respect of;
  2. the common law and laws of equity as applicable to the parties from time to time;
  3. any binding court order, judgment or decree; or
  4. any applicable direction, policy, rule or order that is binding on a party and that is made or given by any regulatory body having jurisdiction over a party or any of that party’s assets, resources or business;

Appropriate Safeguards

  1. means such legally enforceable mechanism(s) for transfers of Personal Data as may be permitted under Data Protection Laws from time to time;

Business Day

  1. means any day except Saturdays, Sundays, banks holiday and public holidays;

Data Controller

  1. has the meaning given to that term (or to the term ‘controller’) in Data Protection Laws;

Data Processor

  1. has the meaning given to that term (or to the term ‘processor’) in Data Protection Laws;

Data Protection Laws

means any laws and regulations relating to privacy or the use or processing of data relating to natural persons, including:

  1. EU Directive 2002/58/EC (as amended by 2009/136/EC) and any legislation implementing or made pursuant to such directive;
  2. EU Regulation 2016/679 (“GDPR”);
  3. the GDPR as it forms part of the law in England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”) and the Data Protection Act 2018 (“DP Act”);
  4. the Swiss Federal Act on Data Protection of 1 September 2023 and its corresponding ordinances (“Swiss FADP”);
  5. any laws or regulations ratifying, implementing, adopting, supplementing or replacing the GDPR, UK GDPR, DP Act or Swiss FADP;
  6. in each case, to the extent in force, and as such are updated, amended or replaced from time to time; and
  7. any mandatory guidance or codes of practice issued by a Supervisory Authority in each case, to the extent in force and applicable to the parties, and as such are updated, amended or replaced from time to time;

Data Subject

  1. means a natural person who can be identified, directly or indirectly, by the Personal Data;

Data Subject Request

  1. means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws;

International Organisation

  1. means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;

Personal Data

  1. means any information relating to an identified or identifiable natural person, including an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Personal Data Breach

  1. means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data;

processing

  1. means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (and related terms such as process have corresponding meanings);

Processing Instructions

  1. has the meaning given to that term in clause 3.1.1;

Protected Data

  1. means Personal Data received from or on behalf of Customer in connection with the performance of Provider’s obligations under the Agreement and this DPA, including on or through the Platform;

Services

  1. means all services provided by Provider to Customer, including the Platform;

Sub-Processor

  1. means another Data Processor engaged by Provider for carrying out processing activities in respect of the Protected Data on behalf of Customer; and

Supervisory Authority

  1. means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws; and
  1. Data Processor and Data Controller
  1. The parties agree that, for the Protected Data, Customer shall be the Data Controller and Provider shall be the Data Processor.
  1. Provider shall process Protected Data in compliance with:
  1. the obligations of Data Processors under Data Protection Laws in respect of the performance of its obligations under this DPA; and
  1. the terms of this DPA.
  1. Customer shall comply with:
  1. all Data Protection Laws in connection with the processing of Protected Data, the Services and the exercise and performance of its rights and obligations under this DPA, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and
  1. the terms of this DPA.
  1. Customer warrants, represents and undertakes, that:
  1. all data sourced by Customer for use in connection with the Services shall comply in all respects, including in terms of its collection, storage and processing (which shall include Customer providing all of the required fair processing information to, and obtaining all necessary consents from, Data Subjects), with Data Protection Laws;
  1. all instructions given by Customer to Provider in respect of Personal Data shall at all times be in accordance with Data Protection Laws; and
  1. it is satisfied that:
  1. Provider’s processing operations are suitable for the purposes for which Customer proposes to use the Services and engage Provider to process the Protected Data; and
  1. Provider has sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws.
  1. Instructions and details of processing
  1. Insofar as Provider processes Protected Data on behalf of Customer:
  1. unless required to do otherwise by Applicable Law, Provider shall (and shall take steps to ensure each person acting under its authority shall) process the Protected Data only on and in accordance with Customer’s documented instructions as set out in this clause 3 and Schedule 1, Annex 1 to this DPA (“Data processing details”), as updated from time to time (“Processing Instructions”);
  1. notwithstanding any other provision of this DPA, if any Applicable Law requires Provider to conduct Processing of the Personal Data other than in accordance with Customer’s Instructions, such Processing shall not constitute a breach of this DPA;
  2. if Applicable Law requires it to process Protected Data other than in accordance with the Processing Instructions, Provider shall notify Customer of any such requirement before processing the Protected Data (unless Applicable Law prohibits such information on important grounds of public interest); and
  1. Provider shall promptly inform Customer if Provider becomes aware of a Processing Instruction that, in Provider’s opinion, infringes Data Protection Laws, provided that:
  1. this shall be without prejudice to clauses 2.3 and 2.4; and
  1. to the maximum extent permitted by mandatory law, Provider shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities arising from or in connection with any processing in accordance with Customer’s Processing Instructions following Customer’s receipt of that information.

  1. Technical and organisational measures
  1. Provider shall implement and maintain appropriate technical and organisational measures in relation to the processing of Protected Data by Provider, as set out in Schedule 1, Annex 2 to this DPA (“Technical and organisational measures”).
  1. Using staff and other processors
  1. Customer hereby gives Provider a general consent to engage Sub-Processors for Processing of Personal Data on behalf of Customer. Provider’s list of its current Sub-Processors is in Schedule 1, Annex 3. Where Provider adds a new Sub-Processor, the list will be updated promptly. Customer shall notify Provider if it objects to a Sub-Processor. Where such objection is reasonable and is raised within seven (7) days of the Sub-Processor first appearing on the list, Provider shall, at its sole option, either:

  1. remove such Sub-Processor from the list and not engage such Sub-Processor to Process any Protected Data, in which case this DPA shall continue; or

  1. discuss alternative solutions with Customer, in which case, where the parties have failed to agree on a solution within reasonable time, Provider shall have the right to terminate this DPA and the Service with a reasonable notice period. During the notice period, Provider shall not transfer any Personal Data to the Sub-Processor.  

  1. Provider shall enter into appropriate written agreements with all of its Sub-Processors on terms substantially similar to this DPA, including without limitation Customer’s right to conduct audits at the Sub-Processor, or ensure that the Sub-Processor will conduct audits using external auditors at least once per year. Provider shall remain primarily liable to Customer for the performance or non-performance of the Sub-Processor’s obligations.
  2. Upon Customer’s request, Provider shall provide information regarding any Sub-Processor, including name, email address and the Processing carried out by the Sub-Processor.

  1. Assistance with Customer’s compliance and Data Subject rights
  1. Provider shall refer all Data Subject Requests it receives to Customer within three (3) Business Days of receipt of the request.  
  1. Provider shall provide such reasonable assistance as Customer reasonably requires (taking into account the nature of processing and the information available to Provider) to Customer in ensuring compliance with Customer’s obligations under Data Protection Laws with respect to:
  1. security of processing;
  1. data protection impact assessments (as such term is defined in Data Protection Laws);
  1. prior consultation with a Supervisory Authority regarding high risk processing; and
  1. notifications to the Supervisory Authority and/or communications to Data Subjects by Customer in response to any Personal Data Breach,
  1. The Customer shall pay Provider’s reasonable charges for providing the assistance described in this clause 6.
  1. International data transfers
  1. Customer consents that Provider may transfer Protected Data outside the United Kingdom (“UK”), European Economic Area (“EEA”) and Switzerland, where this is reasonably necessary to provide the Services, to a jurisdiction for which the European Commission, the UK Supervisory Authority or the Swiss Supervisory Authority has not issued an adequacy decision (“Data Transfer”), provided that Provider has implemented a transfer solution compliant with Data Protection Laws.
  1. Records, information and audit
  1. Provider shall maintain, in accordance with Data Protection Laws binding on Provider, written records of all categories of processing activities carried out on behalf of Customer.
  1. Provider shall, in accordance with Data Protection Laws, make available to Customer such information as is reasonably necessary to demonstrate Provider’s compliance with its obligations under Article 28 of the UK GDPR (and under any Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by Customer (or another auditor mandated by Customer) for this purpose, subject to Customer:
  1. giving Provider reasonable prior notice of such information request, audit and/or inspection being required by Customer;
  1. ensuring that all information obtained or generated by Customer or its auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure to the Supervisory Authority or as otherwise required by Applicable Law);
  1. ensuring that such audit or inspection is undertaken during normal business hours, with minimal disruption to Provider 's business, the Sub-Processors’ business and the business of other customers of Provider; and
  1. paying Provider's reasonable costs for assisting with the provision of information and allowing for and contributing to inspections and audits.
  1. Breach notification
  1. In respect of any Personal Data Breach involving Protected Data, Provider shall, without undue delay:
  1. notify Customer of the Personal Data Breach; and
  1. provide Customer with details of the Personal Data Breach.
  1. Deletion or return of Protected Data and copies
  1. Provider shall, at Customer’s written request, either delete or return all the Protected Data to Customer in such form as Customer reasonably requests within a reasonable time after the earlier of:
  1. the date on which all payments under the applicable Services have been made and the applicable Service Agreements terminated or expired; or
  1. once processing by Provider of any Protected Data is no longer required for the purpose of Provider’s performance of its relevant obligations under the  applicable Service Agreement this DPA,

and delete existing copies, unless storage of any data is required by Applicable Law and, if so, Provider shall inform Customer of any such requirement.  Notwithstanding the Customer hereby authorises Provider to retain one copy of the Protected Data for backup purposes only.

  1. Dispute Resolution
  1. This DPA shall be governed by the law of England and Wales and the parties hereby submit to the exclusive jurisdiction of the English Courts.

SCHEDULE 1 TO THE DPA

ANNEX 1

DETAILS OF PROCESSING

Under Data Protection Law, Provider shall only Process Personal Data in accordance with Customer’s Processing Instructions, as regulated in the DPA. This document forms part of Customer’s Processing Instructions, directing Provider on the scope, nature, and purpose when Processing Personal Data on behalf of Customer. The Processing Instructions may be amended in writing by Customer from time to time, as communicated in writing to Processor by authorised representative of Customer or through Customer’s use of the Service.

  1. Purpose of Processing

Provider shall process personal data only for the purpose of performance of the Services for Customer.

  1. Categories of Data Subjects
  • Administrator – Data Controller
  • Authorised User
  • Guest Users
  1. Types of Personal Data
  • Name
  • Contact Details
  • Any other information shared by the Client in connection with the Users use of the Services
  1. Special categories of Personal Data

It is not intended that the Services be used for collection of any of any special category data, and You will instruct Users not to collect or process the following types of data through their use of the Services:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data used for identification
  • Health data
  • Sex life
  • Sexual orientation
  1. Processing activities
  • Collection
  • Analysis
  • Storing
  • Accessing, reading or consultation
  • Erasure or destruction
  1. Duration of Processing

Personal Data shall not be processed for a period longer than is necessary for serving its purpose.  The processing of data collected in respect of a project shall cease on expiry or termination of the services provided in connection with such project and all personal data will be returned to customer and all copies destroyed, save for one copy that Provider will keep securely for its own records for 7 years after termination of the applicable services.

  1. Processing Location

Processing takes place in the following country/countries: United Kingdom 

ANNEX 2

TECHNICAL AND ORGANISATIONAL MEASURES

This applies to all employees, contractors, vendors, and third parties who have access to ImageInsight Web Application's information systems or handle customer data.

  1. Roles and Responsibilities

  • Chief Technology Officer (CTO): Responsible for the implementation and maintenance of the security policy.
  • Employees: Must adhere to security guidelines and report any suspicious activities or breaches.
  • Third-Party Contractors: Must comply with security standards outlined in this policy and sign a Non-Disclosure Agreement (NDA) if accessing customer or business data. 

  1. Data Classification and Protection

  1. Data Classification

  • Confidential Data: Includes customer data, intellectual property, financial information.
  • Internal Use Only: Business processes, internal communications, non-public data.
  • Public Data: Marketing materials, publicly available information.

  1. Data Protection Measures

  • All confidential and internal data must be encrypted both in transit and at rest.
  • Regular backups of critical data must be maintained and stored in secure, geographically redundant locations.
  • Access to customer and confidential data is restricted to authorised personnel only.

  1. Access Control

  • User Accounts: All employees and third parties must have unique user accounts. No shared accounts are allowed.
  • Authentication: Multi-factor authentication (MFA) must be enabled for all access to internal systems and confidential data.
  • Password Policy: All passwords used for access to internal systems and confidential data must be at least 12 characters long and randomly generated.

  1. Software Development and Security

  • All software must undergo regular security assessments and code reviews.
  • Use secure coding practices (e.g., input validation, proper error handling, and avoiding hard-coded credentials).
  • Critical software updates and patches must be applied promptly.
  • Third-party libraries and frameworks must be kept up to date, and vetted for security vulnerabilities.

  1. Network Security

  • Use firewalls to segment and protect internal networks.
  • Ensure that all devices connected to the network have up-to-date antivirus software and are regularly scanned for vulnerabilities.
  • Secure Wi-Fi networks with strong encryption and hidden SSIDs.

  1. Incident Response Plan

  • All employees must report any suspected security incidents to the CTO immediately.
  • An incident response plan must be in place and regularly tested.
  • In case of a breach, affected customers will be notified within 72 hours, and corrective actions will be taken immediately to contain and resolve the issue.

  1. Physical Security

  • Equipment such as laptops, servers, and external drives must be secured with strong passwords and encryption.

  1. Compliance and Auditing

  • Regular internal audits will be conducted to ensure compliance with this security policy.
  • We will adhere to all relevant data protection laws and industry standards (e.g., GDPR, SOC 2) as applicable.
  • Any changes to security policies will be communicated to all employees and third-party contractors.

  1. Training and Awareness

  • All employees will undergo annual security awareness training.
  • Employees must stay up to date on the latest security threats and practices, especially those relevant to SaaS businesses.

  1. Vendor and Third-Party Security

  • Vendors and third-party partners must adhere to similar security practices and standards as ImageInsight Web Application.

  1. Policy Review

The security policy will be reviewed and updated annually or whenever there are significant changes in the business, technology, or regulatory environment.

ANNEX 3 - LIST OF SUB-PROCESSORS

The controller has authorised the use of the following sub-processors:

Name of Sub-processor

Address

Description of Processing

Location of Processing

Supabase, Inc.

Primary storage of customer data.

Vercel, Inc.

Web application hosting and API provision, no data storage.

PostHog, Inc.

Web analytics and user session replay.

MessageBird UK Limited

Pusher push notifications API for real-time synchronisation.

        

Copyright © 2025. Anna Malone Coaching Ltd. All rights reserved.