Privacy Policy

Introduction & Data Controller

The AI Leap Ltd ("The AI Leap", "we", "our", or "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy describes how we collect, use, store, and share personal information when you visit our website at theaileap.com, enquire about our services, or engage us as a client.

The AI Leap acts as the data controller in respect of personal data collected through this website and in the course of providing our AI consultancy and development services. We are committed to processing personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable privacy legislation.

Information We Collect

We collect personal data that you provide to us directly, as well as certain data collected automatically when you use our website.

Information you provide directly

• Full name and job title
• Business email address and telephone number
• Company name, size, and industry
• Project details, requirements, and correspondence shared during enquiries or engagements
• Billing and payment information (processed via secure third-party providers)
• Communications you send us via email, contact forms, or our chatbot widget

Information collected automatically

• IP address and approximate geographic location
• Browser type, version, and operating system
• Pages visited, time on site, and referring URLs
• Device identifiers and session data
• Analytics data collected via Google Analytics (with IP anonymisation enabled)

Lawful Basis & Purpose of Processing

We only process your personal data where we have a lawful basis to do so. The table below sets out our primary processing activities and their legal basis:

• Responding to enquiries and providing quotes — Legitimate interests / Pre-contractual steps
• Delivering contracted services — Performance of a contract
• Sending service-related communications — Performance of a contract / Legitimate interests
• Sending marketing communications (where opted in) — Consent
• Website analytics and improvement — Legitimate interests
• Complying with legal and regulatory obligations — Legal obligation
• Fraud prevention and security — Legitimate interests / Legal obligation

Where we rely on legitimate interests as our lawful basis, we have carried out a balancing test to ensure our interests are not overridden by your rights and freedoms.

How We Use Your Information

We use the personal data we collect for the following purposes:

• To respond to your enquiries, schedule calls, and provide project proposals
• To deliver, manage, and invoice for our AI development and consultancy services
• To communicate project updates, progress reports, and post-delivery support
• To send you relevant content, case studies, or service updates where you have opted in
• To improve the performance, security, and usability of our website
• To maintain accurate business records and comply with our accounting and legal obligations
• To protect against fraudulent activity and ensure the integrity of our services

We will never use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

Sharing & Disclosure of Personal Data

We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

• Service providers and sub-processors — We use trusted third-party tools (e.g., Google Analytics, calendar booking software, CRM platforms, cloud infrastructure providers) that may process personal data on our behalf. All sub-processors are subject to appropriate data processing agreements.
• Professional advisers — Including solicitors, accountants, and insurers where necessary for business operations.
• Law enforcement and regulators — Where we are required to disclose information by applicable law, court order, or government authority.
• Business transfers — In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same protections set out in this policy.

Any third parties with whom we share data are required to maintain its confidentiality and security and to use it only for the purposes for which it was shared.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

• Client and project records — 7 years following the end of the engagement (for accounting and legal compliance)
• Enquiry and prospect data — 24 months from the date of last contact, unless a project commences
• Marketing opt-in records — Until consent is withdrawn
• Website analytics data — 26 months (Google Analytics default)
• Legal and compliance records — As required by applicable legislation

At the end of applicable retention periods, personal data is securely deleted or anonymised.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and collect analytics data. Cookies are small text files stored on your device.

Types of cookies we use

• Strictly necessary cookies — Required for the website to function. These cannot be disabled.
• Analytics cookies — Used to understand how visitors interact with our website (Google Analytics). These are only placed with your consent.
• Preference cookies — Remember your settings and choices across sessions.

You may withdraw your consent for non-essential cookies at any time by adjusting your browser settings or our cookie preference centre. Note that disabling certain cookies may affect website functionality.

International Data Transfers

Some of our service providers are located outside the UK or European Economic Area (EEA). Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

• Transfers to countries with an adequacy decision from the UK Secretary of State or European Commission
• Standard Contractual Clauses (SCCs) approved by the relevant authority
• Binding Corporate Rules where applicable

Your Rights Under UK GDPR

Subject to applicable law, you have the following rights in relation to your personal data:

• Right of access — Request a copy of the personal data we hold about you (Subject Access Request)
• Right to rectification — Request correction of inaccurate or incomplete data
• Right to erasure — Request deletion of your data ("right to be forgotten") where there is no compelling reason for continued processing
• Right to restrict processing — Request that we limit how we use your data in certain circumstances
• Right to data portability — Receive your data in a structured, machine-readable format
• Right to object — Object to processing based on legitimate interests or for direct marketing purposes
• Rights related to automated decision-making — Not be subject to solely automated decisions that have significant effects on you

To exercise any of these rights, please contact us at info@theaileap.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data appropriately.

Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include encrypted data transmission (TLS/SSL), access controls, regular security reviews, and secure cloud infrastructure.

Despite these measures, no method of electronic transmission or storage is completely secure. If you have reason to believe that your data has been compromised, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technology. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through a notice on our website.

We encourage you to review this policy periodically to stay informed about how we protect your information.