Privacy Policy
Last updated: 8 June 2026
This Privacy Policy explains how DEFORM GEOSCIENCE LTD collects, uses, stores, shares and protects personal data when you use our websites, products and related services, including Faultwise and Deform.
We have written this policy to be clear and practical. If you have any questions, you can contact us at privacy@deform.app.
1. Who we are
DEFORM GEOSCIENCE LTD is the company responsible for the personal data described in this Privacy Policy.
Company name: DEFORM GEOSCIENCE LTD
Company number: 16188177
Registered office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
ICO registration reference: ZB928230
Contact for privacy matters: privacy@deform.app
For the purposes of UK data protection law, DEFORM GEOSCIENCE LTD is the controller of the personal data we collect for our own business purposes, including account registration, demo requests, sales communications, support, billing, website analytics and security.
In some cases, business customers may upload files or project data into our products. If those files contain personal data and we process them only to provide the service to that customer, we may act as a processor for that specific customer data. Where we act as a processor for customer personal data contained in uploaded files, we process that data on the customer's documented instructions and subject to an applicable Data Processing Agreement where required.
2. What this policy covers
This Privacy Policy applies to:
- Faultwise, including the Faultwise website, account registration, web application, uploaded files, AI-assisted features, support and related communications;
- Deform, including the Deform website, demo requests, waitlist forms, feedback forms, guided demos, desktop application, licence checks and related communications;
- our websites at faultwise.app and deform.app;
- any product documentation or related pages that link to this Privacy Policy;
- demo booking pages, waitlist forms, feedback forms, support emails, product communications and billing communications.
This policy does not replace any product-specific Terms of Service, licence terms, Data Processing Agreement or other contract that may apply to your use of Faultwise or Deform.
3. Which parts apply to you?
Some parts of this policy apply to both products. Some parts are product-specific.
If you use Faultwise, the sections about account registration, uploaded files, temporary server-side processing, AI-assisted features, website analytics, support and billing may apply to you.
If you use Deform, the sections about the website, demo requests, desktop application, licence checks, local project files, support and billing may apply to you.
If you only visit our websites, join a waitlist, book a meeting, request a demo, request Academic Access or contact us, the sections about websites, forms, communications, analytics, service providers, retention and your rights may apply to you.
4. Data we collect across our websites, forms and communications
This section applies to both Faultwise and Deform.
Demo, waitlist, Academic Access and booking data
When you request a demo, join a waitlist, book a meeting, request Academic Access or contact us, we may collect:
- name;
- email address;
- organisation;
- professional role or category;
- academic status, institution, course, research project or intended use where relevant;
- meeting booking details;
- messages you send to us;
- information you provide in forms, surveys or feedback requests.
We may collect this information through tools such as Tally, Cal.com, Google Workspace, Google Calendar, Google Meet and email.
Website, product and technical data
When you use our websites or products, we may collect technical and usage data such as:
- IP address, where processed by our hosting, security or rate-limiting systems;
- browser type and version;
- operating system;
- device type;
- country or approximate location derived from technical data;
- pages visited;
- request paths;
- timestamps;
- error logs;
- session identifiers;
- security and authentication events;
- product interactions needed to operate, secure and improve the service.
We use this information to keep the service working, investigate errors, prevent abuse, improve reliability and understand how our websites and products are used.
Support, feedback and bug reports
If you contact us for support, submit feedback or report a bug, we may collect:
- your name and email address;
- organisation;
- message content;
- screenshots or files you choose to send;
- technical information needed to investigate the issue;
- internal notes about the support request.
Please avoid sending sensitive personal data or confidential third-party information unless it is necessary for the support request.
Billing and customer records
If you become a paying customer, we may collect and process:
- billing contact details;
- company name;
- billing address;
- invoice details;
- payment status;
- VAT, tax or accounting information where relevant;
- contract, licence or subscription records.
We may use ANNA or other accounting, invoicing or payment tools to manage billing and business records.
5. Data we collect when you use Faultwise
This section applies specifically to Faultwise.
Faultwise account data
When you create a Faultwise account, we may collect:
- first name;
- last name;
- email address;
- password authentication data;
- organisation;
- professional category, such as consultant, company employee, academic, student or other;
- account verification status;
- security settings, such as two-factor authentication status where enabled;
- login and session information.
We do not store your password in plain text. Passwords are stored as password hashes.
Faultwise uploaded files and project data
Faultwise allows users to upload geological and related technical files for analysis.
Current supported file types may include:
- CSV files for fault geometry data;
- GOCAD TSurf files;
- GeoTIFF files;
- PNG and JPG images;
- YAML files for stress tensor or related configuration data.
These files may contain technical, geological, geospatial, project, image, metadata or other customer data. They are not normally personal data, but they may contain personal data if a user includes names, email addresses, identifiers or other information about individuals in filenames, metadata or file contents.
Faultwise currently stores uploaded files temporarily during the active session. The current implementation deletes uploaded files after inactivity, session reset or redeployment. Faultwise does not currently provide long-term project storage for uploaded customer files.
We do not use customer uploaded files to train or fine-tune general AI models unless separately agreed in writing.
We do not use the contents of customer uploaded files or project data for product training, internal QA datasets, benchmarking, model training, model fine-tuning or general product development unless separately agreed in writing. This does not prevent limited access where necessary to provide the service, respond to a support request, troubleshoot a technical issue, investigate a security incident, comply with law, or protect the security and integrity of the services.
Faultwise temporary file processing
Faultwise is designed to analyse geological and fault-related data.
When you upload files into Faultwise, those files are processed to provide the functionality you request, such as visualisation, analysis, calculations and AI-assisted explanation.
Our current approach is:
- uploaded files are stored temporarily on the server during the active session;
- uploaded files are not stored as long-term customer projects;
- uploaded files are deleted after inactivity, session reset or redeployment;
- uploaded files may also be deleted after termination, suspension, security review, compliance review or operational need;
- uploaded files are not copied into Google Workspace;
- uploaded files are not used for internal QA datasets, product training, benchmarking, model training, model fine-tuning or general product development unless separately agreed in writing;
- our team does not have a normal admin dashboard for browsing customer uploaded files.
In limited cases, authorised technical staff may access temporary files or logs if necessary to investigate a technical issue, security incident or support request. Any such access is limited to what is necessary.
6. Faultwise AI-assisted features
Faultwise uses AI-assisted features to help explain fault behaviour, calculated metrics and related geological concepts.
Our current AI service provider is Groq. We currently use the openai/gpt-oss-120b model through Groq. We may change the AI provider or model in the future if needed to operate or improve the service.
When you use the Faultwise AI chat, we send:
- your current question;
- a compact text summary of calculated fault metrics for your current session;
- contextual instructions needed for the AI feature to work.
We do not intentionally send:
- raw uploaded files;
- full project files;
- passwords;
- user email addresses;
- user IDs;
- billing data;
- unrelated account data.
Faultwise does not currently store AI chat history, prompts or responses in its own database. The chat history exists only during the user session in the browser interface.
We configure Zero Data Retention for Groq where available. When enabled, Groq does not retain customer inputs or outputs for inference API requests. Groq may still process usage metadata that does not contain customer inputs or outputs.
We do not use customer uploaded files, AI prompts or AI outputs to train or fine-tune general AI models unless separately agreed in writing.
The AI feature is read-only and advisory. It does not make automated decisions about you, your account, your licence, your pricing or your access to the service.
7. Data we collect when you use Deform
This section applies specifically to Deform.
Deform desktop licence data
Deform is designed as a desktop application. Some versions of Deform may contact our licence server to check whether a demo, trial or licence is valid.
When this happens, we may process limited licence and technical data such as:
- licence token or licence identifier;
- licence status, such as active, expired or invalid;
- date and time of the licence check;
- IP address and server logs;
- application version;
- session identifier or request identifier.
We use this information to operate licensing, prevent misuse of demo or trial access, troubleshoot licensing issues and maintain security.
Deform does not upload your local project files as part of the licence check. Geological files processed locally in Deform remain on your computer unless you choose to send them to us separately, for example for support.
Deform local project files
Deform is intended to run locally on your computer. Local project files, geological data and modelling files processed in Deform remain on your device unless you choose to provide them to us separately.
For example, you may choose to send us a file, screenshot or project information if you ask for support or provide feedback. In that case, we process that information only for the purpose for which you sent it, unless otherwise agreed.
8. Website analytics, cookies and similar technologies
We use Umami Cloud for privacy-friendly website analytics.
Umami helps us understand website usage, such as page views, referrer URLs, browser type, operating system, device type and country of origin. We do not use Umami to identify individual users, and we do not link Umami analytics to your Faultwise account or email address.
Umami's tracking code does not use cookies.
Our websites and products may use strictly necessary cookies, local storage or similar technologies for essential functions such as:
- keeping you logged in;
- maintaining your session;
- protecting your account;
- security and authentication;
- remembering technical state needed for the application to work.
We do not currently use Google Analytics, Meta Pixel, LinkedIn Insight Tag, Hotjar, session replay tools or similar non-essential tracking tools.
If we introduce non-essential cookies or similar tracking technologies in the future, we will update this policy and, where required, ask for your consent.
9. How we use personal data and our lawful bases
We only use personal data when we have a lawful basis to do so under UK data protection law.
The main lawful bases we rely on are:
- Contract: where processing is needed to provide a product, account, demo, trial, support or paid service you request.
- Legitimate interests: where we have a business or security reason to process data and your rights do not override that interest.
- Legal obligation: where we need to keep or use data to comply with tax, accounting, regulatory or legal requirements.
- Consent: where we ask for your specific consent, such as for certain types of marketing or non-essential tracking if introduced in the future.
We use personal data for the following purposes:
| Purpose | Examples of data | Lawful basis |
|---|---|---|
| Creating and managing Faultwise accounts | email, password hash, name, organisation, professional category | Contract |
| Verifying accounts and resetting passwords | email, verification/reset tokens, authentication logs | Contract; legitimate interests |
| Providing Faultwise and Deform services | account data, session data, uploaded files, technical data | Contract |
| Running demos, waitlists and booking meetings | name, email, organisation, role, booking details | Steps before contract; legitimate interests |
| Managing Academic Access requests | name, email, organisation, academic status, institution, course, research project or intended use | Contract; legitimate interests |
| Checking Deform desktop demos, trials or licences | licence token, licence status, timestamp, IP address, application version, session or request identifier | Contract; legitimate interests |
| Responding to enquiries and support requests | contact details, messages, screenshots, technical details | Contract; legitimate interests |
| Providing AI-assisted features | user prompt, aggregated fault metrics, generated response | Contract; legitimate interests |
| Improving reliability and debugging issues | logs, error details, session data, request paths | Legitimate interests |
| Protecting accounts and preventing misuse | IP address, login events, rate-limiting data, security logs | Legitimate interests |
| Preventing repeated misuse of free demos, trials, licences or Academic Access | limited demo, trial, account, licence and Academic Access records | Legitimate interests |
| Website analytics | anonymised page views, referrers, browser/device data, country | Legitimate interests |
| Sending relevant B2B product or demo follow-up messages | contact details, previous interaction history | Legitimate interests; consent where required |
| Managing business, investor, sales, due diligence and corporate discussions | limited business contact details, organisation, role, relationship history and non-confidential customer or account status information | Legitimate interests |
| Managing invoices, payments and accounting | billing details, invoices, payment records | Legal obligation; contract |
| Complying with legal requests or resolving disputes | relevant account, billing, support or communication records | Legal obligation; legitimate interests |
10. Who we share personal data with
We do not sell your personal data. We do not sell customer uploaded files. We do not share non-public customer project data with other customers.
We may share personal data with service providers who help us operate our business and products. These may include:
- Railway — hosting, application infrastructure, logs, databases and related backend services where used;
- hosting providers for licence checks or related backend services;
- Resend — transactional emails, such as verification, password reset and welcome emails;
- Google Workspace — business email, documents, spreadsheets, calendar, meetings and internal records;
- Tally — waitlist, demo, feedback or survey forms;
- Cal.com — meeting booking;
- Google Calendar and Google Meet — scheduling and conducting meetings;
- Umami — website analytics;
- Groq — AI inference for Faultwise AI-assisted features;
- ANNA — invoicing, payments and accounting if you become a paying customer;
- professional advisers, such as accountants, lawyers or tax advisers where needed;
- authorities, regulators or law enforcement where required by law.
We may also use internal software development and issue-tracking tools to manage bugs, support requests and product development. We try to avoid including personal data or customer confidential data in such tools unless it is necessary.
We may share limited business contact, customer, user or relationship information with professional advisers, investors, potential investors, acquirers or counterparties in sales, financing, due diligence, corporate or business development discussions where reasonably necessary.
We do not disclose confidential project data, uploaded files, detailed usage information or personal testimonials for these purposes unless permitted by contract, required by law or separately agreed.
Our service providers may only process personal data for the purposes of providing services to us, subject to their applicable contractual, privacy and data processing terms.
11. International transfers
We are based in the United Kingdom.
Some of our service providers may process personal data in the UK, the EEA, the United States or other countries. For example:
- our application infrastructure may be hosted in the UK, EEA or other suitable regions depending on the product or service;
- our AI service provider, Groq, may process AI requests in the United States or other locations;
- other providers we use for email, forms, booking, analytics, invoicing, licence checks or business operations may operate internationally.
Where personal data is transferred internationally, we take steps designed to ensure that the transfer is lawful and protected. This may include relying on adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, EU Standard Contractual Clauses, or other lawful transfer mechanisms made available under our service providers' data processing terms.
You can contact us at privacy@deform.app for more information about the safeguards used for relevant international transfers.
We review the privacy and data processing terms of key service providers where appropriate.
12. How long we keep personal data
We keep personal data only for as long as we need it for the purposes described in this policy, unless a longer period is required or permitted by law.
Our current retention approach is:
| Data category | Typical retention |
|---|---|
| Faultwise uploaded files | Temporarily during the active session; currently deleted after inactivity, session reset or redeployment. Uploaded files may also be deleted after termination, suspension, security review, compliance review or operational need |
| Faultwise AI chat history | Not stored in the Faultwise database in the current implementation |
| Deform local project files | Not collected as part of the normal desktop application or licence check |
| Deform licence check logs | Kept for a limited period needed to operate licensing, prevent misuse, troubleshoot licensing issues and maintain security. Core licence and customer records may be kept for the duration of the licence relationship and longer where needed for legal, accounting, dispute resolution or anti-abuse purposes |
| Technical logs | Kept for a limited period depending on the relevant service provider and plan |
| Demo, waitlist, Academic Access and sales enquiry records | Up to 24 months after the last meaningful interaction, unless the record becomes part of an active customer relationship or needs to be kept longer |
| Support and feedback records | Usually up to 24 months after the last interaction, unless needed for an active customer relationship, product issue, legal matter or security investigation |
| Account data | For as long as your account remains active, and for a reasonable period afterwards where needed for security, legal, support or anti-abuse purposes |
| Demo, trial, licence or Academic Access anti-abuse records | We may keep limited records where necessary to prevent misuse of free demos, trials, licences or Academic Access, enforce our terms, resolve disputes or protect our legitimate interests. We aim to keep only the minimum information needed for this purpose and review these records periodically |
| Billing, invoice and accounting records | Usually up to 6 years, or longer if required by law |
| Do-not-contact records | As long as necessary to make sure we respect your opt-out request |
We may retain limited information where needed to:
- comply with legal, tax or accounting obligations;
- resolve disputes;
- enforce our terms;
- prevent fraud, abuse or repeated misuse of free demos, trials, licences or Academic Access;
- maintain security;
- respect opt-out or do-not-contact requests;
- establish, exercise or defend legal claims.
We do not keep personal data indefinitely just in case it might be useful.
13. Security
We use technical and organisational measures designed to protect personal data.
These include, where appropriate:
- password hashing for Faultwise accounts;
- email verification and password reset controls;
- two-factor authentication for key service accounts where available;
- access controls for business systems;
- use of corporate Google Workspace accounts;
- limited access to infrastructure and production systems;
- Zero Data Retention configuration for Groq where available;
- temporary storage of uploaded Faultwise files rather than long-term file storage;
- licence checks for Deform that do not upload local project files;
- logging and monitoring for security and reliability;
- use of reputable service providers.
No system can be guaranteed to be completely secure. If we become aware of a personal data breach, we will assess it and, where required by law, notify the relevant regulator and affected individuals.
14. Marketing and product communications
We may contact business users, potential customers or existing customers about Faultwise, Deform, demos, product updates, meetings or related professional opportunities.
Where we rely on legitimate interests for B2B communications, we consider the context of your interaction with us, the relevance of the message and your reasonable expectations.
You have the right to object to direct marketing at any time. If you object or opt out, we will stop sending you marketing messages and may keep a limited do-not-contact record to make sure we respect your request.
You can opt out of marketing or follow-up communications at any time by replying to the message or contacting privacy@deform.app.
If we introduce automated newsletters or marketing mailing lists in the future, we will provide an appropriate unsubscribe mechanism.
15. Your rights
Depending on your location and the circumstances, you may have rights under data protection law.
Under UK GDPR, these may include:
- the right to be informed about how we use your personal data;
- the right to access your personal data;
- the right to correct inaccurate or incomplete personal data;
- the right to request deletion of your personal data;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to withdraw consent where processing is based on consent;
- rights relating to automated decision-making and profiling.
These rights are not absolute. For example, we may need to keep certain information to comply with legal obligations, maintain accounting records, enforce our terms, prevent misuse, respect do-not-contact requests, or establish, exercise or defend legal claims.
To exercise your rights, contact us at privacy@deform.app.
We may need to verify your identity before responding. We aim to respond to valid requests within one month, unless the request is complex or we are legally allowed more time.
16. Automated decision-making
We do not use personal data to make solely automated decisions that produce legal or similarly significant effects on individuals.
Faultwise AI-assisted features provide advisory, decision-support information only. They do not automatically determine access, pricing, licences, billing, account status or legal rights.
Deform licence checks are used only to determine whether a demo, trial or licence appears to be valid for software access. They do not involve profiling or decisions with legal or similarly significant effects on individuals.
17. Professional use and children
Faultwise and Deform are intended for business, professional, academic and research users in geoscience and related fields.
Our websites and services are not directed at children, and we do not knowingly collect personal data from children.
18. Your right to complain
If you have concerns about how we handle your personal data, please contact us first at privacy@deform.app so we can try to resolve the issue.
You also have the right to complain to the UK Information Commissioner's Office.
Information Commissioner's Office (ICO)
Website: https://ico.org.uk/
Telephone: 0303 123 1113
If you are located outside the UK, you may also have the right to contact your local data protection authority, depending on your location.
19. Changes to this policy
We may update this Privacy Policy from time to time, for example if we change our products, service providers, legal obligations or data processing practices.
When we make changes, we will update the "Last updated" date at the top of this page. If the changes are significant, we may provide additional notice where appropriate.
20. Contact us
For questions about this Privacy Policy or how we handle personal data, contact:
DEFORM GEOSCIENCE LTD
71-75 Shelton Street
Covent Garden
London
United Kingdom
WC2H 9JQ
Email: privacy@deform.app