Skip to content
LIMIT SYSTEMS
Privacy Policy

Privacy Policy

Effective: 25 May 2026 · Last updated: 25 May 2026

Your privacy matters to Limit Systems. We maintain a policy of respecting privacy and complying with applicable laws regarding personal data collected across https://limitsystems.ai and related properties.

1. Understanding personal data

“Personal data” means any information that enables identification of an individual or business, directly or indirectly. This includes names, addresses, email addresses, IP addresses, device identifiers, and website usage patterns.

Third-party sites linked from limitsystems.ai maintain their own privacy policies. This policy does not cover activities on external sites.

2. Data controller

The data controller for this website is Limit Systems. For privacy-related questions, corrections, or to exercise any of the rights described below, contact legal@limitsystems.ai. Our full company information, including registered address and Chamber of Commerce details, is in section 17.

3. Information we collect

We distinguish between information you voluntarily provide and information automatically collected by our systems.

3.1 Voluntarily provided

When you email us at contact@limitsystems.ai or legal@limitsystems.ai, your message contents and reply-to address are processed by our email provider.

3.2 Automatically collected

When you visit this website, our servers and front-end may collect:

  • Log data: IP address (anonymized before analytics storage), pages visited, time and date of visit, visit duration, and error data.
  • Device data: browser type and version, operating system, screen size, language preference, and user agent.
  • Approximate location: the ISO country code inferred from your IP via CloudFront geo-headers, used to decide whether to show the cookie consent banner.
  • Analytics data: pages visited and links clicked, recorded only after you grant analytics consent.

3.3 Sales and prospect inquiries

When you contact us about Limit Platform by email, through introductions, or via other channels, we process your name, email address, employer, and any business information you choose to share. We use this information only to respond to your inquiry, to evaluate fit, and to maintain our records of business correspondence.

We do not use a customer relationship management (CRM) tool, marketing automation platform, or third-party prospect database. Prospect correspondence resides in our email provider's systems and in our local business records. We do not enrich your contact information from external sources.

4. Why we collect it

  • To operate and maintain the website (essential)
  • To measure aggregate traffic patterns and improve content (analytics, with consent)
  • To respond to messages and business inquiries
  • To negotiate, conclude, and perform contracts with customers and partners
  • To comply with our legal obligations

5. Lawful basis

For visitors in the EU, EEA, UK, or Switzerland: our lawful basis for analytics cookies is your consent (GDPR Art. 6(1)(a), ePrivacy Directive Art. 5(3)). Essential cookies (consent storage, location detection) are processed on the basis of our legitimate interest in operating the site (GDPR Art. 6(1)(f)). Sales and prospect correspondence is processed on the basis of our legitimate interest in conducting B2B business and, where a contract is contemplated, on the basis of pre-contractual steps under GDPR Art. 6(1)(b). For visitors in other jurisdictions, we rely on legitimate interest for both essential and analytics cookies, except where local law requires consent.

6. Current third-party partners

We rely on the following processors to operate the website:

  • Amazon Web Services EMEA SARL: hosting (AWS Amplify Hosting) and content delivery (CloudFront). EU-based legal entity. Servers in EU regions.
  • Google LLC: Google Tag Manager (tag deployment) and Google Analytics 4 (traffic measurement). IP anonymization enabled. GA4 data retention set to 2 months.
  • Google Fonts (build-time only): IBM Plex fonts are fetched once at build time and served from our own origin. No runtime requests to Google for fonts.

7. Customer deployments and Limit Platform

Limit Platform is designed to deploy inside the customer's own infrastructure. When a customer deploys the platform, that customer is the controller of the data the platform processes. Limit Systems may act as a processor under a separate Data Processing Agreement (DPA) negotiated per customer.

By default, no customer data is transmitted to Limit Systems. Telemetry, support diagnostics, and update channels, when used at all, are opt-in and governed by the customer's DPA. For details on a specific deployment's data flows, refer to the DPA signed with that customer.

8. AI governance and the EU AI Act

Limit Systems builds infrastructure on which AI applications run. We track developments under the EU AI Act and align platform features with its requirements as they enter into force.

Specific Limit Systems applications (including predictive maintenance, sensitive-data handling, and legal document operations) may fall within categories regulated by the AI Act depending on the customer's deployment context and use case. Limit Platform's governance, audit, and evidence-trail capabilities are available to support customer compliance obligations.

Limit Systems does not train foundation models on customer data. Customers select which models run on Limit Platform; the platform provides the infrastructure but is model-agnostic.

9. International transfers

Google Analytics may transfer data to the United States. Such transfers are covered by the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs). AWS services are operated from EU regions.

10. Data security

We protect personal data within commercially acceptable means to prevent loss, theft, unauthorized access, disclosure, copying, use, or modification. We acknowledge that no method of electronic transmission or storage is 100% secure.

11. Retention

  • GA4 user-level data: 2 months (the shortest GA4 setting)
  • Aggregated analytics: retained indefinitely in anonymized form
  • Operational and access logs: 30 days
  • Business correspondence (emails, prospect inquiries, contract negotiations): kept for the duration of the relationship plus seven years thereafter (Dutch Civil Code Art. 2:10 administrative-records obligation) or longer if required by law

12. Your rights

Under GDPR, UK-GDPR, and equivalent laws, you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected
  • Request erasure of your data
  • Restrict processing of your data
  • Receive your data in a portable format
  • Object to processing
  • Withdraw your consent at any time (use the “Cookie preferences” link in the footer)
  • Lodge a complaint with the Autoriteit Persoonsgegevens (the Dutch Data Protection Authority) or your local data protection authority

To exercise any of these rights, contact legal@limitsystems.ai. We respond to verified requests within 30 days as required by GDPR Art. 12(3). We will not discriminate against you for exercising these rights and will comply with applicable data breach notification laws.

13. Children's privacy

This site is not directed at children under the age of 16 and we do not knowingly collect personal data from children.

14. Cookies

For details on the specific cookies we set, their purpose, and how to manage them, see our Cookie Policy.

15. Policy changes

We reserve the right to modify this policy at our discretion, with notice for significant changes. When this policy changes materially, the “Last updated” date at the top will change. For substantive changes, we will show a banner on your next visit notifying you of the change.

16. Data Protection Officer

Limit Systems has not appointed a Data Protection Officer. Article 37 of the GDPR does not require one for our current operations. Data protection inquiries are handled directly by legal@limitsystems.ai.

17. Company information

The data controller responsible for this website is:

  • Limit Systems
  • Vincent van Goghweg 18, 1506 JC Zaandam, Noord-Holland, the Netherlands
  • Chamber of Commerce (KvK): 85487074
  • VAT (BTW): NL004103109B89

18. Contact

For any questions or concerns regarding your privacy, contact us at legal@limitsystems.ai.