Compliance

GangoAI (Gango Group Ltd, UK company 15267354) designs privacy-first systems aligned to UK GDPR principles and industry best practice.

Data minimisation

We collect the least data necessary to deliver our service.

Purpose limitation

We use data only for clearly defined, legitimate purposes.

Security by design

Encryption in transit/at rest and least-privilege access.

Security controls

Encryption in transit (TLS) and encryption at rest.
Role-based access control, MFA for privileged accounts.
Network segmentation and audit logging.
Secure SDLC with code review and dependency scanning.

Privacy & data

Where possible, processing occurs at the edge to reduce personal data exposure.
Data retention is limited to the minimum required and then deleted or anonymised.
We support data subject requests (access, rectification, erasure, restriction).

Sub-processors

We maintain a list of any sub-processors used to deliver our service and will update customers before material changes. Contact us for the current list.

Data protection contact

For privacy queries or data subject requests, please use our contact page.