This website uses cookies
Read our Privacy policy and Terms of use for more information.
Last Updated: April 28, 2026
Effective Date: November 16, 2025
SECTION 1
Vistergy provides energy-AI infrastructure intelligence through weekly newsletters (The Vistergy Brief and Still Dark), the Permit to Operate podcast, the atlas geospatial platform, the IBM watsonx Orchestrate Agent Connect agents, and advisory services.
SECTION 2
We collect only what is necessary to deliver our services. Here is a breakdown by user type.
Email address (required), name (optional), subscription preferences.
Basic analytics (page views, referral sources), anonymised IP addresses, browser and device information.
Contact information (name, email, company) and project details you share with us.
No account required. No personal data collected. Anonymous usage analytics only.
SECTION 3
We use your data only for the purposes described below. We never sell data, use it for advertising, or share it without consent.
Send weekly briefings (The Vistergy Brief and Still Dark), notify of new Permit to Operate podcast episodes, platform updates and announcements, and event invitations (e.g., IAEA symposium).
Improve user experience, understand content performance, and monitor technical issues.
Deliver consulting services, project communication, and invoice and payment processing.
SECTION 4
You have a number of rights over your personal data. To exercise any of these, email [email protected]; we will respond within 30 days.
Access: Request a copy of data we hold about you
Correct: Update inaccurate information anytime
Delete: Request complete removal (right to be forgotten)
Opt-out: Unsubscribe from emails anytime
Port: Receive your data in machine-readable format
Object: Request we stop processing your data
SECTION 5
We store data securely with appropriate retention periods and technical safeguards.
Newsletters & podcast: Beehiiv (US-based, GDPR compliant) for The Vistergy Brief, Still Dark, and Permit to Operate.
Distribution platforms: LinkedIn (Still Dark), YouTube (@permit2operate). Apple Podcasts and Spotify are separate data controllers; see vistergy.com/sub-processors.
Analytics: Standard web analytics (anonymised).
Advisory client data: Secure encrypted storage.
Newsletter subscribers: until you unsubscribe.
Website analytics: 24 months.
Advisory client data: project duration + 7 years (tax/legal compliance).
Encrypted data transmission (HTTPS), access controls and authentication, regular security reviews.
SECTION 6
We use minimal cookies. There are no advertising or tracking cookies.
Required for site function: session management and security features. Automatically accepted by using our website.
Anonymised page view tracking and user journey analysis. Can be disabled in your browser settings.
SECTION 7
Vistergy uses third-party services to deliver its products. The current list of sub-processors that process personal data is published at vistergy.com/sub-processors.
Each sub-processor's privacy policy and data-processing terms are linked from vistergy.com/sub-processors. This register is kept up to date as our services evolve.
SECTION 8
The following terms govern your use of Vistergy products and services.
Free for research and evaluation. No scraping or bulk redistribution of data. Data provided as-is without warranty. Please credit Vistergy when citing Atlas data.
Free tier available. Content is copyrighted but shareable with attribution. One-click unsubscribe available at any time.
Governed by individual service agreements. Confidentiality and IP rights defined per contract.
No illegal use, no hacking or system interference, no spam, no misrepresentation of Vistergy content or services.
SECTION 9
All Vistergy content and analysis is protected by copyright unless otherwise noted.
General content: © 2025–2026 Vistergy Ltd. All rights reserved.
Newsletters (The Vistergy Brief, Still Dark): © 2025–2026 Vistergy Ltd. May be shared with attribution.
Permit to Operate podcast: © 2025-2026 Vistergy Ltd. Episodes may be shared with attribution to "Vistergy ( / @permit2operate)".
Atlas platform: Proprietary analysis layered on open data (IAEA PRIS, NRC, EIA, national nuclear regulators). Open data credited to source.
Open data sources: IAEA PRIS, NRC, EIA, national nuclear regulators. Their data remains under their respective licenses.
SECTION 10
We may update this policy from time to time. Updates are posted on this page with a new "Last Updated" date.
Significant changes will be notified to newsletter subscribers via email. Continued use of our services after changes constitutes acceptance of the updated policy.
SECTION 11
Our services are not directed to children under 16. We do not knowingly collect personal data from children.
If you believe a child has provided us with personal information, please contact [email protected] and we will promptly delete it.
SECTION 12
Vistergy is committed to preventing modern slavery and human trafficking in all its operations and supply chains.
Our Modern Slavery Act Statement and Modern Slavery Prevention Policies are published and reviewed annually. Please follow these hyperlinks for our Modern Slavery Act Statement and Modern Slavery Prevention Policies. Any concerns can be reported to [email protected]
SECTION 13
Vistergy is committed to reaching Net Zero by 2050, consistent with PPN 06/21 and the GHG Protocol.
Our Carbon Reduction Plan is reviewed annually. Please follow this hyperlink for our Carbon Reduction Plan (PDF). This plan is reviewed annually. Any questions can be directed to [email protected].
SECTION 14
Vistergy is based in the United Kingdom. Where Personal Data is processed outside the UK or EEA; for example, where a sub-processor is US-hosted (see vistergy.com/sub-processors). Vistergy relies on the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or another valid transfer mechanism as set out in the Vistergy Data Processing Addendum.
Transfers outside the UK/EEA are conducted under Standard Contractual Clauses (SCCs) or equivalent mechanisms. Each sub-processor's transfer mechanism is documented on the page.
SECTION 15
California residents have additional rights under the California Consumer Privacy Act (CCPA).
Right to Know: Request details of personal data we collect, use, and share.
Right to Delete: Request deletion of your personal data.
Right to Opt-Out of Sale: We do not sell personal data (not applicable).
Right to Non-Discrimination: We will not discriminate for exercising your rights.
To exercise your rights: [email protected]
SECTION 16
For EU and UK residents, we process your data under the following legal bases in compliance with GDPR/UK GDPR.
Consent: Newsletter and Podcast subscriptions
Contract: Advisory services delivery
Legitimate Interest: Website analytics (anonymized)
Data Controller: Vistergy Ltd, registered in England and Wales, company number 16620720, Surrey, United Kingdom.
Supervisory Authority: You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): https://ico.org.uk
SECTION 17
For questions about this policy or to exercise your data rights, please get in touch.
General enquiries: [email protected]
Data requests: [email protected]; include "Data Request" in the subject line; we aim to respond within 5 business days.
Product enquiries (IBM watsonx Orchestrate Agent Connect): [email protected]
Security vulnerabilities: See Section 18 (Vulnerability Disclosure)
Website: vistergy.com
SECTION 18
Vistergy's product security posture for the IBM watsonx Orchestrate Agent Connect agents and underlying platforms.
Vistergy Ltd holds Cyber Essentials certification, independently verified by IASME via the BlockMark Registry.
Certificate ID
ee467352-31ce-41f0-a073-e29267710ced
January 2026 · Renewed annually
Every Agent query produces an audit record capturing the following fields:
Authorisation tier
Model used
Source citations
Validators run
Guarded responses
Session-linked audit identifier
Customers may request a full audit bundle at any time by contacting [email protected].
Our current sub-processor list is published at vistergy.com/sub-processors.
Controllers are notified 30 days before any material changes to sub-processors, in accordance with the Data Processing Addendum (DPA).
In Scope
atlas.vistergy.com
vistergy.com
IBM watsonx agents
Maximo connector
Vistergy-operated tunnel infrastructure
Out of Scope
Customers' own systems
Third-party platforms not operated by Vistergy
Social engineering attacks
How to Report
Email [email protected] with subject line: Security: Vulnerability Report
Expected Response
Acknowledgement within 5 business days
Triage and initial assessment within 30 business days
Safe Harbour
Researchers who report vulnerabilities in good faith and comply with this policy will not face legal action from Vistergy. This safe harbour is aligned with the NCSC Vulnerability Disclosure Toolkit guidance.
Review Vistergy's full DPA covering controller obligations, data subject rights, and lawful transfer mechanisms.
SECTION 19
Vistergy's AI products augment expert judgement; they do not replace it. Operators, regulators, and engineers make the decisions; the agent provides source-traced evidence to support those decisions.
Source-traced responses. Every agent response cites the published standard or data source it draws from. The audit bundle is exportable on request.
No phantom actions. The agent surfaces the exact affordance for a write (for example, "Create a service request in Maximo") rather than auto-firing the write. Expert sign-off stays with the human.
Guarded boilerplate where retrieval is inconclusive. When the agent cannot find a confident answer, it returns a deterministic message naming what the corpus covers, rather than fabricating a response.
Citation specificity guard. Clause, section, paragraph, note, table, and figure references in the agent's responses are deterministically validated against the source context; references that do not match are substituted with a guarded boilerplate.
ISO 19650-4 Clause 7 evidence-chain requirements for handover compliance.
CFIHOS V2.0 published reference for asset-information completeness.
CII SR19-01 v2.0 for construction work-package compliance.
ISO 18136 (USPI / ISO TC 184/SC 4/WG 3) for facility-information validation.
SECTION 20
For Vistergy IBM watsonx Orchestrate Agent Connect agents:
See the Vistergy Agent Support page for support hours, response commitments, update commitments, and severity classification.
See the Vistergy Agent Status page for current operational status of all agent components.
These pages are the single source of truth for support hours, response and update commitments, severity classification, and current operational status.