// KNOW.MORE · by OCN.ai
Privacy Notice & Acceptable Use Terms
Version 1.1 · Effective 10 June 2026 · Operated by OCN.ai ("we", "us")
Each time you sign in you confirm that you have read this notice and agree to these
terms for that session. Your acceptance is recorded (account, timestamp, IP address,
notice version) in the platform audit trail. If you do not agree, do not sign in.
1. What this platform does
KNOW.MORE produces due-diligence intelligence reports on individuals and organizations
("report subjects") from publicly available and licensed sources, including sanctions and
watchlist screening, litigation records, regulatory actions, corporate registries, and adverse
media. Reports are decision-support material for compliance, KYC/AML, and counterparty
due-diligence purposes.
2. Data we collect about you (the user)
- Account data: name, email address, organization, role.
- Credentials: stored only in hashed form, never in plain text.
- Security and audit data: IP address, sign-in and sign-out events, failed
login attempts, and a record of actions you take on the platform (reports requested,
records viewed, exports). We keep this audit trail to secure the platform and to meet
our customers' compliance requirements.
- Billing data: subscriptions and payments are processed by Stripe. We do not
store card numbers; we hold your Stripe customer reference, plan, and invoice status.
- Support communications you send us.
3. Why we process it (lawful bases)
- To provide the service you have an account for (performance of contract).
- To secure the platform, prevent abuse, and maintain audit trails (legitimate interest).
- To bill for the service and keep required financial records (contract and legal obligation).
- To comply with law, regulation, and lawful requests from authorities (legal obligation).
4. Report-subject data
When you request a report on a person or organization, the platform gathers and analyzes
information about that subject from public and licensed sources. You are responsible for
having a lawful purpose and, where you act for an organization, your organization is responsible
as data controller for the reports it commissions. The platform processes that data to
fulfil your instruction. Reports may contain inaccuracies inherent to public sources; they are
advisory inputs, not findings of fact.
5. Acceptable use (binding each session)
By signing in you agree, for that session, that you will:
- use the platform only for lawful due-diligence, compliance, risk, or research purposes;
- not make any decision producing legal or similarly significant effects on a person
based solely on a report, risk score, or recommendation without meaningful human review;
- not use the platform to stalk, harass, intimidate, or discriminate against any person;
- keep reports confidential within your organization and not republish or resell them;
- not attempt to probe, disrupt, or test the security of the platform without written authorization.
We may suspend accounts that breach these terms. All activity is logged.
6. Who we share data with
- Infrastructure: Amazon Web Services (hosting).
- Payments: Stripe (billing only).
- Screening data: licensed sanctions/watchlist data providers, queried with subject names.
- Analysis infrastructure: the report engine and its supporting services.
We do not sell personal data. We disclose data when required by law.
7. International transfers
Some service providers process data outside the UK/EEA. Where they do, we take steps to
ensure appropriate safeguards consistent with applicable data protection law.
8. Retention
- Account and audit data: for the life of the account plus the period our customers'
compliance obligations require.
- Uploaded files: deleted after processing, 90 days at most.
- Reports: retained for as long as needed for the commissioning customer's compliance
purposes and our legal obligations.
9. Security
We apply appropriate technical and organizational measures, including encryption in
transit, role-based access control, audit logging, and lockouts on repeated failed sign-ins.
10. Your rights
Where GDPR or UK GDPR applies, you have the right to access, rectify, erase, restrict, or
object to the processing of your personal data, the right to portability, and the right to
complain to your supervisory authority. To exercise any right, or to ask anything about this
notice, contact privacy@ocn.ai. If you believe you are the
subject of a report and wish to exercise your rights, contact the same address and we will
route the request to the responsible controller.
11. Changes
We may update this notice. The version and effective date appear at the top; signing in
after a change constitutes acceptance of the current version for that session.