Privacy Policy

Last updated: 9 April 2026

1. Introduction

AI-Assist for SMEs (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI automation platform and related services (the “Service”).

We are registered in England and Wales (Company No. 17118425). Our registered office is 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), we are the data controller. Our ICO Registration Number is ZC106782.

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Contact at info@aiassistsmes.co.uk.

2. Information We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

  • Account Information: Full name, email address, company name, phone number, and password when you register for an account.
  • Payment Information: Billing details processed securely via Stripe. We do not store your full card number on our servers.
  • Communications: Messages, support requests, and any information you provide when contacting us.
  • Service Data: Business data you input into our AI tools, chatbot conversations, and automation configurations.

2.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device information.
  • Usage Data: Pages visited, features used, time spent on the Service, clickstream data.
  • Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy).

3. Lawful Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

  • Contract (Article 6(1)(b)): Processing necessary to perform our contract with you, including providing the Service, managing your account, and processing payments.
  • Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, such as improving our Service, preventing fraud, and ensuring platform security, where those interests are not overridden by your rights.
  • Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for specific purposes, such as marketing communications and non-essential cookies.
  • Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, such as tax and accounting requirements.

4. How We Use Your Information

We use your personal data for the following purposes:

  • To create and manage your account
  • To provide, maintain, and improve our AI automation services
  • To process subscription payments and manage billing
  • To send you service-related communications (e.g. account verification, security alerts, subscription updates)
  • To provide customer support and respond to your enquiries
  • To analyse usage patterns and improve user experience
  • To detect, prevent, and address fraud, abuse, and security issues
  • To send marketing communications (only with your explicit consent)
  • To comply with legal obligations

4A. AI-Assisted Features and Automated Processing

Certain features of our platform are powered by artificial intelligence. This section explains how AI is used so you can make informed decisions about your interactions with our Service.

AI Chatbot (Aria)

Our website includes an AI assistant called Aria, powered by Anthropic’s Claude AI service (Anthropic PBC, USA). When you interact with Aria, your conversation — including your name, email address, and any information you share — is transmitted to Anthropic’s API to generate responses. This data is subject to Anthropic’s data processing terms.

Aria is designed to assist you with questions, provide information about our platform, and facilitate appointment bookings. If you prefer to speak with a person, you can contact us directly at info@aiassistsmes.co.uk or call 0121 516 0273.

Business Customer Chatbots

If you interact with an AI chatbot deployed by one of our business customers on their own website, that conversation is also processed via Anthropic’s Claude API. The relevant business customer is the data controller for data you share with their chatbot; AI-Assist for SMEs acts as a data processor on their behalf.

No Solely Automated Decision-Making

We do not use AI or automated processing to make decisions that produce legal or similarly significant effects about you as an individual (for example, we do not use automated profiling to grant or deny credit, employment, or housing). Our AI tools are designed to assist and respond — all significant decisions involve human oversight. Your rights under Article 22 of the UK GDPR are therefore not engaged in the ordinary use of our Service.

For further information about how Anthropic handles data, please refer to Anthropic’s Privacy Policy.

5. Data Sharing and Third Parties

We do not sell your personal data. We share your information only with the following categories of third-party service providers who process data on our behalf:

  • Supabase (Database & Authentication): Stores your account data and handles authentication. Data is hosted in the EU/UK.
  • Stripe (Payment Processing): Processes subscription payments securely. Stripe is PCI DSS Level 1 certified.
  • Vercel (Hosting): Hosts our web application. May process technical data such as IP addresses.
  • Anthropic (AI Processing): Powers our AI chatbot features. Business data you submit may be processed by Anthropic's API.

All third-party processors are bound by data processing agreements and are required to process your data in accordance with UK GDPR.

6. International Data Transfers

Some of our third-party service providers are located outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the ICO
  • UK adequacy regulations where the destination country has been deemed to provide adequate data protection
  • Binding Corporate Rules where applicable

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: Retained for the duration of your account, plus 30 days after deletion to allow for account recovery.
  • Payment records: Retained for 7 years as required by UK tax law (HMRC requirements).
  • Usage data: Retained for up to 24 months for analytics purposes, then anonymised or deleted.
  • Support correspondence: Retained for 3 years after your last interaction with us.
  • Marketing consent records: Retained for as long as consent is active, plus 3 years after withdrawal.

8. Your Rights Under UK GDPR

Under the UK GDPR and DPA 2018, you have the following rights regarding your personal data:

  • Right of Access (Article 15): You can request a copy of all personal data we hold about you.
  • Right to Rectification (Article 16): You can ask us to correct inaccurate or incomplete data.
  • Right to Erasure (Article 17): You can request deletion of your personal data (“right to be forgotten”).
  • Right to Restrict Processing (Article 18): You can ask us to limit how we use your data.
  • Right to Data Portability (Article 20): You can request your data in a machine-readable format (JSON).
  • Right to Object (Article 21): You can object to processing based on legitimate interests or direct marketing.
  • Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects.

To exercise any of these rights, please visit your account settings (for data export and deletion) or email us at info@aiassistsmes.co.uk. We will respond within one month of receiving your request, as required by law.

9. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Secure password hashing (bcrypt)
  • Role-based access controls
  • Regular security reviews and updates
  • PCI DSS Level 1 compliant payment processing via Stripe
  • Row-level security on all database tables

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected individuals without undue delay.

10. Cookies

We use cookies and similar technologies on our Service. For full details about the cookies we use, why we use them, and how you can control them, please see our Cookie Policy.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised “Last updated” date, and where appropriate, by email notification. We encourage you to review this Privacy Policy periodically.

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk/make-a-complaint
  • Helpline: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at info@aiassistsmes.co.uk.

14. Contact Us

For any questions about this Privacy Policy or to exercise your data protection rights:

  • Email: info@aiassistsmes.co.uk
  • Address: AI-Assist for SMEs, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
    Operational team based in Birmingham, UK
← Back to HomeTerms of ServiceCookie Policy