Real Security Controls | Real Peace of Mind

How We Handle Your Data

Your data is handled under a clear, UK GDPR-aligned data agreement that explains exactly what we do and how your data is protected.
We only use it in the way you approve (no “freestyling”). You stay the Data Controller and we act as your Data Processor, so roles, permissions, and compliance are always clear.
We only keep your data for as long as is necessary.

We protect your data with encryption by default while it is moving and while it is stored, and we limit access to authorised staff using role-based permissions and multi-factor authentication.
We also keep it protected over time by logging and monitoring key activity and running regular security checks to reduce human error.

We clearly state which tools and providers we use (including AI providers), and we manage them with strict, documented controls.
All sub-processors must follow written data-protection terms (with safeguards like SCCs/UK transfer rules if needed).
By default we work inside your accounts—so we don’t store or move your customer data into our own tools unless you instruct us in writing.

For data lifecycle protection, we keep your data footprint as small as possible by working inside your systems, and we securely delete or return any extra copies when the project ends (or before if you ask in writing).
If there’s ever a personal data breach, we tell you quickly and help fix it, and if any data must be processed outside the UK/EU, we use recognised safeguards (like SCCs or equivalent) to protect it.

Let’s build a lead-capture & follow-up system that books appointments automatically so you stop losing revenue to missed calls & unanswered DMs.

Your data is handled under a formal UK GDPR-aligned DPA that defines exactly what we do, how we do it, and how it’s protected.
We don’t “freestyle” with your customer data. Everything runs strictly within the agreed scope and approvals you provide.
You remain the Data Controller, and we operate as your Data Processor—so responsibilities, permissions, and compliance are always crystal clear.

Encryption by default: Your data is encrypted when it’s moving and when it’s stored.
Tight access control: Only authorised staff can access client systems/data, using role-based permissions and multi-factor authentication.
Continuous protection: Ongoing logging/monitoring, and regular security checks, to reduce human error.

We disclose the key tools/providers we rely on (including AI model providers) and manage them under strict, documented controls.
All sub-processors are engaged under written terms that include data-protection commitments (and where needed, safeguards like SCCs / UK transfer mechanisms)
By default, we operate primarily within your accounts and don’t store or transfer your customer data into our internal tools unless you instruct us to in writing.

We keep your data footprint as small as possible, work inside your systems where practical, and securely delete/return any incidental copies when the engagement ends (or on written request).
If a personal data breach affects your data, we notify you without undue delay and cooperate on investigation, mitigation, and remediation.
If any processing involves data outside the UK/EU, we rely on recognised transfer safeguards (e.g., SCCs / equivalent mechanisms) to protect your data.

Let’s build a lead-capture, and follow-up system that books appointments automatically so you stop losing revenue to missed calls & unanswered DMs.