Privacy policy

Last updated: August 25, 2025

1. Introduction

IRJ.io Ltd (trading as M2North), a company registered in England and Wales with company number 9896416 and registered office at 269 Farnborough Road, Farnborough, Hampshire, United Kingdom, GU14 7LY, operates the website and services at m2ai.io (the "Website" and "Services"). We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, share, and protect your personal data.

2. Data Controller

We are the data controller for personal data processed via the Website and Services. For questions or to exercise your data protection rights, contact us at support@m2north.com or 269 Farnborough Road, Farnborough, Hampshire, United Kingdom, GU14 7LY. We are not required to appoint a DPO under UK GDPR.

3. Personal Data We Collect

We collect the following types of personal data:

  • Identity and Contact Data: Name, email address, phone number, and company details provided when you create an account, submit feedback, or use our Services.

  • Sales Order Data: Customer names, addresses, and transaction details processed through our Services (where you upload or input such data).

  • Usage Data: Information about how you interact with the Website, such as IP address, browser type, pages visited, and time spent, collected via cookies and analytics tools.

  • Communication Data: Information you provide in emails, forms, or support requests.

  • Technical Data: Device information, operating system, and login credentials (hashed for security).

We do not intentionally collect data from individuals under 16. If you believe we have such data, please contact us to request deletion.

4. How We Collect Data

  • Directly from You: When you register, submit forms, or use the Services to process sales orders.

  • Automatically: Via cookies, server logs, and analytics tools (e.g., Google Analytics) when you browse the Website.

  • From Third Parties: If you integrate our Services with third-party platforms (e.g., ERP systems), we may receive data from those platforms with your authorization.

5. Lawful Bases and Purposes of Processing

We process personal data for the following purposes and lawful bases under UK GDPR:

  • To Provide Services (Contract): To manage your account, process sales orders, and deliver functionalities (e.g., integrating with ERP systems).

  • To Improve Our Services (Legitimate Interests): To analyze usage data, enhance Website performance, and develop new features.

  • To Communicate (Consent or Legitimate Interests): To respond to inquiries, send service updates, or, with your consent, marketing communications.

  • To Comply with Legal Obligations (Legal Obligation): To meet requirements under UK law, such as tax reporting or responding to regulatory requests.

  • To Ensure Security (Legitimate Interests): To detect fraud, secure our systems, and protect your data.

You may withdraw consent at any time (where applicable) by contacting us, without affecting the lawfulness of prior processing.

6. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. Cookies may include:

  • Essential Cookies: Necessary for Website functionality (e.g., session management).

  • Analytics Cookies: To track usage patterns (e.g., via Google Analytics).

  • Marketing Cookies: For targeted advertising, only with your consent.

You can manage cookie preferences via our cookie banner or browser settings. Under PECR, we obtain your consent for non-essential cookies before they are set.

7. Sharing Your Data

We may share your personal data with:

  • Service Providers: Third parties providing hosting, analytics, or payment processing services, acting as data processors under UK GDPR-compliant agreements.

  • Business Partners: If you integrate our Services with third-party platforms (e.g., ERP systems), with your authorization.

  • Legal Authorities: When required by law or to protect our rights, safety, or property.

  • Business Transfers: In the event of a merger, acquisition, or sale of assets, subject to confidentiality obligations.

We do not sell your personal data.

8. International Data Transfers

If we transfer personal data outside the UK (e.g., to service providers in the US), we use safeguards such as UK-approved Standard Contractual Clauses or adequacy decisions to ensure compliance with UK GDPR. Contact us for details on these safeguards.

9. Data Security

We implement technical and organizational measures to protect your data, including encryption, access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.

10. Data Retention

We retain personal data only as long as necessary for the purposes outlined above:

  • Account and Sales Order Data: For the duration of your account plus 6 years to comply with UK tax and contract laws.

  • Usage Data: Up to 2 years for analytics purposes.

  • Communication Data: Until the inquiry is resolved or, for marketing, until you unsubscribe.

Data is securely deleted or anonymized when no longer needed, unless required by law.

11. Your Data Protection Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure: Request deletion of your data (subject to legal exceptions).

  • Restriction: Limit processing in certain circumstances.

  • Portability: Receive your data in a structured, machine-readable format.

  • Objection: Object to processing based on legitimate interests, including for marketing.

  • Automated Decisions: Not to be subject to decisions based solely on automated processing (we do not currently use such processing).

To exercise these rights, contact us at support@m2north.com. We will respond within one month, extendable to three months for complex requests. You may also lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113

12. Third-Party Links

The Website may contain links to third-party sites. We are not responsible for their privacy practices. Review their policies before providing personal data.

13. Updates to This Policy

We may update this Privacy Policy to reflect legal or operational changes. We will notify you of material changes via email or a Website notice at least 30 days in advance, where practicable. Continued use of the Website or Services after changes constitutes acceptance.

14. Contact Us

For questions, requests, or complaints, contact us at:
IRJ.io Ltd
269 Farnborough Road, Farnborough, Hampshire, United Kingdom, GU14 7LY
Email: support@m2north.com
Data Protection Officer: Not applicable