1. Who We Are
This Privacy Policy is issued by Calculus Management LLC, a Delaware limited liability company operating under the brand Calculus Research and acting through its managed entity Calculus Labs LLC (Delaware) (collectively, "Calculus Research," "we," "us," or "our"). Our registered offices are in Providence, Rhode Island, USA, with a representative office in London, United Kingdom.
We operate a private capital and lending platform, AI-powered analytical tools, and the Calculus AI Labs portal at calculusresearch.io.
For the purposes of UK and EU data protection law, Calculus Management LLC is the data controller in respect of personal data processed through this website.
Questions about this Policy: finance@calculusresearch.io
2. What Data We Collect
2.1 Data You Provide Directly
- Enquiry and contact forms — name, email address, phone number, company name, message content, project or deal details you choose to share
- Loan or capital enquiries — property address, loan amount sought, deal type, business financials, and other information relevant to evaluating a lending request
- AI Portal registration — name, email, organization, job title, intended use case
- Email correspondence — all information contained in emails you send us
2.2 Data We Collect Automatically
- IP address, browser type and version, operating system, device type
- Pages visited, time spent, referring URLs, click paths
- Form interaction events (via HubSpot)
- Cookie identifiers (see Section 7 and our Cookie Policy)
2.3 Data From Third Parties
We may receive information about you from credit reference agencies, public records, or business intelligence tools in connection with evaluating lending or partnership enquiries, where permitted by applicable law.
3. How We Use Your Data
| Purpose | Legal Basis (UK/EU GDPR) | Retention |
|---|---|---|
| Responding to your enquiries and communications | Legitimate interests / pre-contract steps | 3 years from last contact |
| Evaluating lending or capital requests | Pre-contractual steps; legitimate interests | 7 years (legal/regulatory obligation) |
| Providing access to the AI Labs portal | Contract performance | Duration of access + 2 years |
| Improving and securing our website | Legitimate interests | 13 months (analytics data) |
| Sending relevant updates and market insights | Consent or legitimate interests (existing contacts) | Until opt-out |
| Legal compliance and fraud prevention | Legal obligation; legitimate interests | As required by law (minimum 7 years) |
| Automated credit/deal analysis (UnderwriteAI) | Pre-contractual steps; legitimate interests | Duration of deal file + 7 years |
For US residents: we process data as described above. We do not sell your personal information. See Section 10 for California rights.
4. Automated Decision-Making and AI
We use AI-powered analytical tools, including our proprietary UnderwriteAI system, to assist in evaluating lending and investment opportunities. We want to be transparent about how this works:
- What AI does: AI models process deal and financial data to generate preliminary assessments, risk scores, and analytical summaries
- What AI does not do: AI does not make final credit decisions. All material decisions involving lending, financing, or partnerships involve human review by authorized Calculus Research personnel
- Your right to human review: If you are subject to a decision that significantly affects you and that involved automated processing, you have the right to request human review of that decision. Contact us at finance@calculusresearch.io
- AI Portal: If you use the Calculus AI Labs portal, outputs generated by AI models are analytical aids only and do not constitute advice. See our Disclaimers
5. Who We Share Data With
5.1 Service Providers
We use the following categories of third-party service providers who process data on our behalf under data processing agreements:
- CRM and marketing: HubSpot (form capture, email, analytics)
- Infrastructure: Google Cloud Platform, Cloudflare
- AI model providers: Anthropic, OpenAI, Google (for AI Labs portal queries)
- Legal and compliance professionals where necessary
5.2 Legal Requirements
We may disclose data where required by law, court order, or governmental authority, or where necessary to protect our rights or the safety of others.
5.3 Business Transfers
In connection with a merger, acquisition, or asset sale, data may be transferred as a business asset. We will notify you in advance if your data becomes subject to a different privacy policy.
5.4 No Sale of Data
We do not sell personal information to third parties for marketing, advertising, or any other purpose.
6. International Data Transfers
Our primary infrastructure is located in the United States. If you are in the UK or European Economic Area, your data may be transferred to and processed in the USA. We rely on the following mechanisms for such transfers:
- UK International Data Transfer Agreements (IDTAs) for transfers from the UK
- EU Standard Contractual Clauses (SCCs) where applicable for EEA transfers
Transfers to AI model providers (Anthropic, OpenAI, Google) are similarly protected by SCCs or adequacy decisions where available. You may request a copy of the relevant transfer safeguards by contacting us.
7. Cookies
We use cookies and similar tracking technologies. Our Cookie Policy provides full details. In summary:
- Essential cookies — required for website functionality; no consent needed
- Analytics cookies — HubSpot, Google Analytics; require your consent
- Functional cookies — form state, preferences; require your consent
You can manage cookie preferences through the cookie banner on our website or by contacting us.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law. Our general retention periods are:
- Enquiry and contact data: 3 years from last contact, unless a lending or business relationship develops
- Lending and deal files: 7 years from transaction close or last activity (accounting, regulatory, and legal obligations)
- AI Portal usage logs: 2 years
- Website analytics: 13 months
- Email records: 3 years unless part of a transaction file
- Legal correspondence: As required by the applicable statute of limitations
At the end of the applicable retention period, data is securely deleted or anonymized.
9. Security
We implement appropriate technical and organizational measures including:
- TLS encryption for all data in transit
- Encryption at rest on cloud infrastructure
- Access controls and role-based permissions
- Regular security reviews of third-party service providers
No transmission over the internet is 100% secure. If you have reason to believe data has been compromised, contact us immediately at finance@calculusresearch.io.
10. Your Rights
UK and EU Residents (UK GDPR / GDPR)
- Access — request a copy of your data
- Rectification — correct inaccurate data
- Erasure — request deletion (subject to legal retention obligations)
- Restriction — restrict processing in certain circumstances
- Portability — receive your data in a portable format
- Objection — object to processing based on legitimate interests or for marketing
- Automated decision review — request human review of AI-assisted decisions (see Section 4)
- Complaint — lodge a complaint with the ICO (UK: ico.org.uk) or your local supervisory authority
California Residents (CCPA / CPRA)
- Know — request disclosure of categories and specific pieces of personal information collected
- Delete — request deletion of personal information
- Correct — request correction of inaccurate personal information
- Opt-out of sale/sharing — we do not sell or share data; no action needed
- Non-discrimination — we will not discriminate for exercising your rights
To exercise any rights, contact us at finance@calculusresearch.io with the subject "Privacy Rights Request." We will respond within 30 days (or as required by law). We may verify your identity before processing requests.
11. Children
Our website and services are not directed to individuals under 18. We do not knowingly collect data from minors. If we learn we have, we will delete it promptly.
12. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware (where required by law). Where a breach is likely to result in high risk to affected individuals, we will notify those individuals without undue delay. Notices will be sent to the email address associated with your account or enquiry.
13. Changes to This Policy
We may update this Policy periodically. Material changes will be communicated by email (where we have your address) or via a prominent notice on our website, with at least 14 days' advance notice. The "Effective Date" at the top indicates when the current version took effect.
14. Contact and Complaints
Calculus Management LLC (d/b/a Calculus Research)
Data Privacy
finance@calculusresearch.io
Subject line: Privacy Inquiry / Privacy Rights Request
UK residents may also contact the Information Commissioner's Office: ico.org.uk/concerns