Data Protection

Privacy Policy & Data Protection

BespokeWorks.ai is committed to protecting your privacy and ensuring full compliance with UK data protection laws, including GDPR and the Data Protection Act 2018.

UK GDPR
Compliant
DPA 2018
Certified
PECR
Compliant

Last updated: 1st February 2026

Quick Overview

What We Collect

  • Contact information (name, email, phone)
  • Business information for AI analysis
  • Website usage analytics
  • Communication preferences
  • B2B business outreach data processing

How We Protect It

  • AES-256 encryption for all data
  • UK-based secure data centres
  • Regular security audits
  • Minimal data retention periods

1. Introduction

BespokeWorks.ai ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our AI automation services.

As a UK-based company, we comply with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018 (DPA 2018)
  • Privacy and Electronic Communications Regulations (PECR)
  • Relevant industry-specific data protection requirements

Data Controller: BespokeWorks.ai, United Kingdom
Contact: privacy@bespokeworks.ai

2. Information We Collect

2.1 Personal Information You Provide

  • Contact Details: Name, email address, phone number, company name, job title
  • Business Information: Company size, industry, current processes, automation requirements
  • Communication: Messages, feedback, support requests, consultation notes
  • Financial Information: Billing details, payment information (processed by secure third parties)

2.2 Information We Collect Automatically

  • Website Analytics: Pages visited, time spent, browser type, device information
  • Technical Data: IP address, location data (city/region level), referral sources
  • Cookies: Preference settings, session information, analytics data
  • Usage Patterns: How you interact with our AI analysis tools

2.3 Information from Third Parties

  • Business Databases: Publicly available company information
  • Social Media: Professional profiles (LinkedIn) when you connect with us
  • Referrals: Information from business partners or referral sources

3. How We Use Your Information

3.1 Service Delivery

  • Providing AI automation analysis and consultation services
  • Developing custom AI solutions for your business
  • Technical support and customer service
  • Project management and implementation

3.2 Communication

  • Responding to your enquiries and requests
  • Sending service updates and important notifications
  • Providing relevant AI automation insights (with your consent)
  • Follow-up on consultations and implementations

3.3 Legal Basis for Processing

Contract Performance: Processing necessary to deliver our AI automation services

Legitimate Interest: Business development, service improvement, fraud prevention

Consent: Marketing communications, cookies, optional data sharing

Legal Obligation: Compliance with UK tax, accounting, and regulatory requirements

4. B2B Business Outreach

BespokeWorks conducts targeted business-to-business outreach to UK limited companies that may benefit from our AI automation and web development services. This section explains how we process business contact data for this purpose.

Data We Process

  • Company name, registered address, and company number (from Companies House public register)
  • Business website URL, phone number, Google rating, and business category (from Google Places)
  • Business contact email addresses (from publicly available company websites)

Legal Basis

We process this data under legitimate interest (UK GDPR Article 6(1)(f)). We have completed a Legitimate Interest Assessment confirming that our interest in marketing relevant AI automation and web development services to qualifying UK businesses is proportionate and does not override the rights of data subjects. We only contact corporate subscribers (limited companies, PLCs, LLPs, CICs) as permitted under the Privacy and Electronic Communications Regulations (PECR).

Data Sources

  • Companies House public register
  • Google Places / Google Maps
  • Publicly available company websites

Data Retention

Business contact data collected for outreach purposes is retained for a maximum of 12 months from collection. Data is automatically deleted after this period unless the business becomes a client, in which case our standard client data retention policies apply.

Your Rights

You have the right to object to this processing at any time. Every outreach email includes a one-click unsubscribe link. You can also contact us at contact@bespokeworks.co.uk to request deletion of your data or to be added to our permanent suppression list.

5. Your Rights Under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

Right of Access

Request a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete information

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests

Right to Complain

Lodge a complaint with the ICO (Information Commissioner's Office)

How to Exercise Your Rights

Email us at privacy@bespokeworks.ai or use our contact form. We'll respond within one month of receiving your request.

6. Data Security

We implement strong security measures to protect your personal data:

Technical Safeguards

  • AES-256 encryption in transit and at rest
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • Automated backup systems

Organisational Measures

  • Staff training on data protection
  • Access controls and role-based permissions
  • Data breach response procedures
  • Regular compliance reviews

UK Data Centres: All personal data is processed and stored within UK-based secure facilities, ensuring compliance with UK data residency requirements.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

  • Customer Data: 7 years from end of business relationship (for tax and legal compliance)
  • Marketing Data: Until you unsubscribe or 2 years of inactivity
  • Website Analytics: 26 months (Google Analytics default)
  • Support Communications: 3 years from last interaction
  • Financial Records: 7 years (UK legal requirement)

We regularly review and securely delete data that's no longer needed. You can request earlier deletion by contacting us.

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience on our website:

Essential Cookies

Required for basic website functionality, security, and user authentication. These cannot be disabled.

Analytics Cookies

Help us understand how visitors use our site (Google Analytics with IP anonymisation). You can opt out.

Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness. Requires your consent.

You can manage cookie preferences through our cookie banner or browser settings. For more information, visit our Cookie Policy.

9. Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

Data Protection Officer

Email: privacy@bespokeworks.ai

Phone: +44 7480 066637

Available: 9AM – 5PM GMT

ICO Registration

Registration pending

File a complaint with ICO →

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of significant changes by:

  • Email notification to registered users
  • Prominent notice on our website
  • Updated "last modified" date at the top of this policy

We encourage you to review this policy periodically to stay informed about how we protect your data.

Have questions about your data? We're happy to help.

Contact Us Email Privacy Team