Privacy Policy

BespokeWorks AI Ltd respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information when you use our website or engage our services.

Data Controller: BespokeWorks AI Ltd, registered in England and Wales (Companies House 14553823), Unit 9, Magreal Industrial Estate, Freeth Street, Birmingham B16 0QZ.

Contact: privacy@bespokeworks.ai

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and relevant industry-specific requirements.

Information you provide directly

• Contact details: Name, email address, phone number, company name, job title
• Business information: Company size, industry, current processes, automation requirements
• Communications: Messages, enquiries, feedback, consultation notes, support requests
• Financial information: Billing details (processed by third-party payment providers, we do not store card data)

Information collected automatically

• Website analytics: Pages visited, time on page, browser type, device information
• Technical data: IP address, approximate location (city/region), referral sources
• Cookies: Session data, preferences, analytics identifiers, see our Cookie Policy for full details

Information from third parties

• Publicly available company information from business databases
• Professional profile information (e.g. LinkedIn) where you connect with us
• Referral information from business partners

Service delivery

• Providing AI automation analysis and consultation
• Developing and implementing custom AI solutions
• Technical support and client service
• Project management and delivery tracking

Communication

• Responding to enquiries and consultation requests
• Sending service updates, project notifications, and delivery milestones
• Providing AI automation insights and educational content (with your consent)

Legal basis for processing

• Contract performance: Processing necessary to deliver our services
• Legitimate interest: Business development, service improvement, fraud prevention
• Consent: Marketing communications, optional cookies, data sharing
• Legal obligation: UK tax, accounting, and regulatory compliance

BespokeWorks conducts targeted business-to-business outreach to UK limited companies that may benefit from our AI automation services.

Data we process for outreach

• Company name, registered address, and Companies House number
• Business website URL, phone number, and sector information
• Publicly available business contact email addresses

Legal basis

We process this data under legitimate interest (UK GDPR Article 6(1)(f)). A Legitimate Interest Assessment has been completed. We contact only corporate subscribers in accordance with PECR.

Data sources

• Companies House public register
• Google Places / Google Maps
• Publicly available company websites

Your rights regarding outreach

You can object to this processing at any time. Every outreach email includes a one-click unsubscribe. To request data deletion or permanent suppression, email privacy@bespokeworks.ai.

Business contact data is retained for a maximum of 12 months from collection, unless you become a client.

You have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete information
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interest
• Right to restrict processing: Request that we limit how we use your data
• Right to complain: Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, email privacy@bespokeworks.ai or use our contact form. We will respond within one calendar month.

Technical safeguards

• AES-256 encryption in transit and at rest
• Multi-factor authentication on all systems
• Regular security audits and penetration testing
• Automated backup systems with geographic redundancy

Organisational measures

• Staff training on data protection obligations
• Role-based access controls and least-privilege permissions
• Documented data breach response procedures
• Regular compliance reviews

All personal data is processed and stored within UK-based secure facilities, ensuring compliance with UK data residency requirements.

• Customer data: 7 years from the end of the business relationship (for tax and legal compliance)
• Marketing data: Until you unsubscribe, or 2 years of inactivity
• Website analytics: 26 months (Google Analytics default retention)
• Support communications: 3 years from the last interaction
• Financial records: 7 years (UK legal requirement)
• B2B outreach data: 12 months from collection, unless you become a client

We use cookies and similar tracking technologies on our website. See our Cookie Policy for a full breakdown of what we use and how to control it.

• Essential cookies: Required for basic functionality and security. Cannot be disabled.
• Analytics cookies: Help us understand how visitors use our site. Opt-out available.
• Marketing cookies: Used for relevant advertising. Require explicit consent.

We may update this policy to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by email (if you are a client or subscriber) and update the date at the top of this page.

Continued use of our website or services after an update constitutes acceptance of the revised policy.