Privacy Policy

1. Who We Are

AI Security Consult Ltd
Registered in England & Wales

AI Security Consult Ltd is the data controller for personal data collected through this website and through advisory engagements, under UK GDPR and EU GDPR.

Contact: hello@aisecurityconsult.com

2. What Data We Collect

We may collect personal data through the following channels:

• Newsletter: Email address, submitted via our website subscription form
• Discovery call: Name, email address, and calendar availability, processed through our booking tool
• Intake form: Company name, industry, employee count, and information about AI tool usage and governance practices
• Client engagement: Business contact details and information shared during advisory sessions

We do not intentionally collect special category data (such as health, political, or biometric data). Please do not include such data in communications with us.

3. Legal Basis for Processing

We process personal data on the following legal bases:

• Consent (Article 6(1)(a) UK GDPR) — for newsletter subscriptions. You may withdraw consent at any time by clicking the unsubscribe link in any email.
• Contractual necessity (Article 6(1)(b) UK GDPR) — for processing intake form data and delivering advisory services.
• Legitimate interests (Article 6(1)(f) UK GDPR) — for responding to enquiries and managing business relationships.

4. Data Processors

We use the following third-party processors to deliver our services:

• MailerLite — email newsletter delivery (UAB "MailerLite", Vilnius, Lithuania). GDPR-compliant. Privacy policy at mailerlite.com/privacy-policy.
• Calendly — discovery call booking. Privacy policy at calendly.com/privacy.
• Stripe Payments Europe Ltd — payment processing. We do not store full payment card details. Stripe is PCI DSS compliant. Privacy policy at stripe.com/gb/privacy.

5. Confidentiality of Engagement Data

Information shared during advisory engagements — including intake form responses, session discussions, and findings — is treated as confidential. It is used solely to deliver the agreed services and is not shared with third parties without your consent.

6. Security Measures

We take reasonable steps to protect personal data, including:

• Use of secure, reputable cloud-based systems and processors
• Access controls limiting data to authorised individuals
• Role-based restrictions on sensitive information
• Encrypted communication where appropriate

7. Data Retention

• Newsletter subscribers: Email address retained until you unsubscribe
• Enquiries and discovery call records: Retained for a reasonable administrative period
• Engagement data: Retained for up to 24 months following completion of the engagement, unless a longer period is required by law

8. Your Rights

Under UK GDPR and EU GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request erasure of your personal data
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with a supervisory authority (in the UK: the ICO at ico.org.uk; in the EU: your local data protection authority)

To exercise any of these rights, please contact us:

9. Cookies

This website does not set any first-party cookies.

Third-party widgets embedded on the site (including MailerLite, Calendly) may set their own cookies when you interact with them. Please refer to the respective privacy policies listed in section 4.

10. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or applicable law. The current version will always be available at this page. The date at the top of this page indicates when it was last updated.