Last updated: July 15, 2026
Cerno AI ("Cerno", "we", "us") is an AI-assisted email triage product. This Privacy Policy explains what information we collect, how we use it, and the choices you have. This page is maintained by Cerno AI and is not an independent certification of our practices.
For the purposes of the UK GDPR, the EU GDPR and comparable data protection laws, Cerno AI acts as the data controller for personal data processed through the service, except that our payment reseller Paddle acts as an independent controller for the billing data it collects (see Section 5).
We collect and process the following categories of personal data:
We rely on the following legal bases under GDPR:
Email content you connect to Cerno is transmitted over encrypted channels (TLS) and stored in encrypted databases operated by our infrastructure providers. Access to production data is limited to authorized personnel under least-privilege controls. We do not sell your email content and we do not use it to train foundation models.
To categorize, summarize and draft replies, Cerno sends the minimum necessary email context to large language model (LLM) providers acting as our subprocessors. These providers process your data on our behalf under data-processing terms that prohibit training on your content. Automated outputs (summaries, priorities, draft replies) are AI-generated and should be reviewed before you rely on them.
Categories of recipients of your personal data include:
Some of these recipients may be located outside your country. When personal data is transferred out of the UK or EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions.
We retain triaged email metadata and AI outputs for as long as your account is active or as needed to provide the Service. You can request deletion of your account and associated data at any time by contacting us; we will delete or anonymize your data within a reasonable period, subject to legal retention obligations (e.g. Paddle retains transaction records to comply with tax law).
Depending on your jurisdiction, you may have rights to access, rectify, export, restrict, object to or delete personal data we hold about you, and to withdraw consent where processing is based on consent. UK/EEA users also have the right to lodge a complaint with their local supervisory authority. To exercise these rights, contact us using the details below and we will respond within one month.
We implement appropriate technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and regular review of our security posture. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
We use strictly necessary cookies to keep you signed in and secure the Service. If we add analytics or marketing cookies, we will ask for your consent where required.
Questions about this policy, or to exercise your rights? Reach us at privacy@cerno.email.