Privacy Policy
Last updated: 18 March 2026
1. Who We Are
SME AI Consultancy Ltd ("we", "us", "our") is a company registered in England & Wales. We operate the website and digital discoverability audit platform available at smeaiconsultancy.com (the "Service").
We are the data controller for personal data collected through this Service. If you have any questions about how we handle your personal data, you can contact our data controller at: [email protected].
2. What This Policy Covers
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and what your rights are under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all visitors to our website and users of our Service.
3. Data We Collect and Why
We collect personal data in the following circumstances:
3.1 Website Audit Submissions
When you submit a URL for a free discoverability audit, we collect the website URL you provide and, if you choose to enter it, your email address. We use this information to run the audit, generate your report, and (where you have consented) send you a copy of the report by email. Our lawful basis is legitimate interests (to provide the service you have requested) and, for email communications, consent.
3.2 Contact Form Submissions
When you complete our contact form, we collect your name, email address, company name, phone number (optional), and the message you send. We use this to respond to your enquiry. Our lawful basis is legitimate interests.
3.3 Account Registration and Authentication
If you create an account or log in via our OAuth provider, we collect your name, email address, and a unique identifier. We use this to authenticate you, provide access to your audit history and client portal, and manage your subscription. Our lawful basis is performance of a contract.
3.4 Payment Information
Payments are processed by Stripe, Inc., a third-party payment processor. We do not store your full card number, CVV, or card expiry date on our servers. We receive and store a Stripe customer ID and subscription reference for the purpose of managing your subscription. Our lawful basis is performance of a contract.
3.5 Usage and Technical Data
We automatically collect certain technical data when you visit our website, including your IP address, browser type and version, pages visited, time and date of access, and referring URL. We use this data to maintain the security and performance of our Service and to understand how visitors use our website. Our lawful basis is legitimate interests.
4. Cookies
We use strictly necessary cookies to maintain your login session and ensure the Service functions correctly. We do not currently use advertising or tracking cookies. If we introduce analytics or marketing cookies in the future, we will update this policy and seek your consent where required.
5. How We Share Your Data
We do not sell your personal data. We may share your data with the following categories of third parties:
| Recipient | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | United States (Standard Contractual Clauses apply) |
| Cloud hosting provider | Infrastructure and database hosting | European Economic Area / UK |
| Email delivery provider | Sending transactional emails and reports | EEA / UK |
| Analytics provider | Aggregated, anonymised website analytics | EEA / UK |
We require all third-party processors to process your data only on our instructions and in accordance with applicable data protection law.
6. International Transfers
Where we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) approved by the European Commission. Stripe processes data in the United States under Standard Contractual Clauses.
7. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Audit results and reports | 24 months from the date of the audit, or until you request deletion |
| Contact form submissions | 12 months from receipt |
| Account data | For the duration of your account, plus 6 months after closure |
| Payment records | 7 years (required for UK tax and accounting purposes) |
| Technical / server logs | 90 days on a rolling basis |
8. Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
| Right | What It Means |
|---|---|
| Right of access | Request a copy of the personal data we hold about you. |
| Right to rectification | Ask us to correct inaccurate or incomplete data. |
| Right to erasure | Ask us to delete your personal data in certain circumstances. |
| Right to restrict processing | Ask us to limit how we use your data in certain circumstances. |
| Right to data portability | Receive your data in a structured, machine-readable format. |
| Right to object | Object to processing based on legitimate interests. |
| Right to withdraw consent | Withdraw consent at any time where processing is based on consent. |
To exercise any of these rights, please email us at [email protected]. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS/TLS), access controls, and regular security reviews. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
10. Children's Privacy
Our Service is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or via a notice on the Service. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: