Thembi Platform — Last updated: 9 March 2026
This Privacy Policy explains how Thembi S.r.l. collects, uses, stores, and protects personal data when individuals visit the Thembi website or use the Thembi platform. This policy applies to:
Thembi processes personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable EU data protection laws.
The data controller responsible for personal data processed through the website and platform is:
Thembi S.r.l.
Corso Ventidue Marzo 12
20135 Milano (MI)
Italy
Codice Fiscale / Partita IVA: 14207690968
VAT: IT14207690968
Contact email: info@thembi.ai
Thembi acts as data controller in relation to personal data processed for the operation, administration, security and improvement of the website and platform, including account data, subscription data, usage data, monitoring preferences and interaction signals.
Thembi operates an AI-assisted platform that monitors developments in public policy, regulation, and legislation. The platform provides:
Certain summaries and contextual outputs may be generated using third-party artificial intelligence models. Thembi does not provide legal advice, compliance certification, or professional advisory services. Further details regarding the service are described in the Terms of Service.
Thembi may process the following categories of personal data.
When users create an account or subscribe to the platform:
For subscription management:
Payment details such as credit card numbers are processed directly by the payment service provider. Thembi currently uses Stripe for payment processing.
When users access the platform, certain technical and behavioural information may be collected, including:
This data is used to operate, maintain, and secure the platform.
Users may configure monitoring interests within the platform, such as:
These explicit inputs determine which policy developments are identified as relevant for the user. Relevance assessments within the platform may also be informed by implicit interaction signals derived from the user's use of the platform, such as engagement with alerts, documents accessed, navigation patterns, and documents or materials uploaded by users to the platform. These signals help prioritise information that may be relevant to the user's interests.
The platform may collect signals about how users interact with platform content and materials available within the service. These signals may include:
Such interaction signals help improve the relevance of information delivered by the platform.
The platform may use automated methods, including AI-assisted processing, to determine which policy developments are likely to be relevant to a user. This relevance determination may be based on:
This processing is used solely to prioritise information within the service and does not produce legal effects or similarly significant impacts on individuals.
Users may upload information or documents to the platform. Where such materials contain personal data, users remain responsible for ensuring that they have a lawful basis to upload and use that content within the platform in accordance with applicable data protection laws. Thembi processes such content only as necessary to provide the service and related functionality.
Thembi processes personal data for the following purposes.
To operate and deliver the Thembi platform, including:
To tailor monitoring results to the interests defined by users and inferred from platform usage patterns.
To protect the platform against misuse and unauthorised access. Security measures include:
Thembi currently implements authentication safeguards including two-factor authentication (mobile OTP) and session management controls.
To analyse system performance and improve functionality. This may include analysing aggregated interaction patterns and feedback signals.
To administer subscriptions and process payments.
To comply with legal obligations including accounting, fraud prevention, and regulatory requirements.
Thembi processes personal data under the following legal bases.
Contract Performance
Processing necessary to provide the platform and related services.
Legitimate Interests
Thembi may process personal data where necessary to pursue legitimate interests, including:
Such interests are balanced against the rights and freedoms of users. A legitimate interests assessment has been carried out in relation to processing activities relying on this basis. Users may request further information regarding this assessment by contacting info@thembi.ai.
Legal Obligations
Certain data may be processed to comply with applicable laws.
Consent
Where cookies or similar technologies require consent, such consent is obtained through the website's consent management system.
Thembi uses cookies and similar technologies on its website. Cookie preferences are managed using Cookiebot by Usercentrics, a consent management platform. Users can control whether categories of cookies are enabled, including:
Necessary cookies required for operation of the website may always be active. Users may modify their cookie preferences at any time via the cookie settings interface available on the website.
Thembi relies on certain third-party service providers to operate the platform. These may include providers of:
AI-assisted processing within the platform does involve third-party AI model providers. These providers process data under their own terms and applicable data processing agreements. A current list of AI model providers used by Thembi is available on request by contacting info@thembi.ai.
These providers may process personal data on Thembi's behalf and, in some cases, may act as independent controllers under their own terms and privacy policies. Where required, Thembi implements appropriate contractual safeguards with such providers.
Some service providers used by Thembi process personal data outside the European Economic Area. Where such transfers occur, Thembi takes steps to ensure that appropriate safeguards are in place in accordance with applicable data protection law, including through Standard Contractual Clauses adopted by the European Commission where applicable.
Personal data is retained only as long as necessary to fulfil the purposes described in this policy. Retention periods may depend on:
Data may be retained longer where required by law.
Thembi implements appropriate technical and organisational measures designed to protect personal data. These measures may include:
While no system can guarantee absolute security, reasonable safeguards are implemented to protect user data.
In the event of a personal data breach that is likely to result in a high risk to the rights and freedoms of affected individuals, Thembi will notify those individuals without undue delay, in accordance with Article 34 of the GDPR. Notification to the competent supervisory authority will be made in accordance with Article 33 of the GDPR where required.
Individuals whose personal data is processed may have the following rights under the GDPR:
Requests regarding these rights may be submitted to the contact address below.
Individuals may lodge complaints regarding data protection matters with the competent supervisory authority. For Thembi, the competent authority is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), reachable at www.garanteprivacy.it.
Thembi is committed to ensuring that its website and digital services are accessible. Information regarding accessibility measures is available in the Accessibility Statement published on the website.
This Privacy Policy may be updated periodically. Any changes will be published on the website with an updated revision date.
Questions regarding this Privacy Policy or personal data processing may be directed to: info@thembi.ai