Privacy Policy

Privacy & Cookies Policy

Last updated: 01/05/2024

1. Introduction

Wildstone AI, operated by Ryan Bell, ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and share personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

We are committed to protecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

This website is not intended for children and we do not knowingly collect data relating to children.

This policy applies whether you are a client, a visitor to our website, or otherwise engage with us. By using our website, services, or contacting us, you agree to the terms of this Privacy Policy.

We are not required to appoint a Data Protection Officer (DPO) under UK GDPR, but any privacy-related queries can be directed to:
Email: support@wildstoneai.co.uk
Address: Wildstone AI, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA.

2. Who We Are

Wildstone AI is a UK-based chatbot service provider owned and operated by Ryan Bell, trading as a sole trader.

For data protection purposes, Ryan Bell (t/a Wildstone AI) is the Data Controller for any personal data collected through interactions with our chatbot services, website, or directly in relation to our own business activities.

However, when providing chatbot services to our clients, their organisation is the Data Controller, and Wildstone AI acts as the Data Processor for personal data processed as part of those services.

3. Information We Collect

Depending on how you interact with us, we may collect the following personal data:

  • Name and contact details (e.g., email address, phone number) when you provide them through our chatbot or contact forms.

  • Company and project information related to your use of our chatbot services.

  • Enquiry details and communications, including any information you share when interacting with our chatbot or contacting us directly.

  • Marketing preferences that you share with us (e.g., opting in to receive promotional materials).

  • Website usage data, including through cookies or analytics tools, to track interactions with our chatbot and website (e.g., session data, device information).

  • Payment and invoicing data (if applicable) related to the use of our services, including billing details for any paid services you may subscribe to.

  • Advertising data, such as form submissions or custom audience data from platforms like Google Ads or Meta Ads when individuals interact with our ads.

We collect and process the following categories of personal data:

  • Contact Information: Name, email address, phone number, and postal address.

  • Payment Information: Processed securely by Stripe (we do not store payment details).

  • Website Usage Data: IP addresses, device information, and analytics (collected via Squarespace and Chatbase).

  • Customer Support Data: Any information provided when contacting us.

  • Contract and Agreement Data: Documents signed via Docusign.

We may also collect personal data when you contact us via email, chat interfaces, or other communication channels. The data provided in these instances may include your contact details, message content, and any other information shared during your interaction.

4. Special Category Data

Our services are not intended to collect special category data (as defined by UK GDPR, including data relating to health, political opinions, religious beliefs, etc.). We do not request or require you to provide such information.

However, if you choose to voluntarily disclose special category data (e.g. within chatbot messages or support queries), you acknowledge that you are providing this data with your explicit consent under Article 9(2)(a) of UK GDPR.

We do not use or retain such data unless it is essential for delivering the service you requested, and we will take reasonable steps to limit its use and storage. If you are unsure, please avoid submitting sensitive information unless necessary.

Where we process personal data on behalf of a client (e.g., via their chatbot), the client is the Data Controller and is responsible for ensuring their own privacy policies and safeguards are in place.

5. How We Collect Information

We collect data through:

  • Direct Interactions: When you contact us, sign up for services, or provide information via our website.

  • Automated Technologies: Through our website’s analytics, cookies, and chat interactions.

  • Third-Party Services: Information may be collected via Squarespace, Docusign, Chatbase, Stripe, and UK Postbox (see Section 6).

  • When you make a payment or enter into a service agreement

6. How We Use Your Data

We use your data for the following purposes:

  • Responding to enquiries and delivering services: To deliver AI-related services, customer support, and process transactions. We use the data you provide through our chatbot interactions to assist with your queries, provide support, and deliver the chatbot services you request. We also use your data to respond to inquiries, updates, and administrative messages.

  • Sending service updates or marketing content (with your consent): If you’ve opted in, we may send you updates, promotional content, or newsletters related to our chatbot services and new features. We only send marketing emails to individuals who have explicitly opted in by ticking an unchecked box or completing a subscription form. Consent is recorded (including the time and method) using our email provider, Mailchimp. You may withdraw consent or unsubscribe at any time using the link in our emails or by contacting us directly. You can withdraw your marketing consent at any time by clicking the “unsubscribe” link in any email or by contacting us at support@wildstoneai.co.uk.

  • Processing payments and maintaining records: If applicable, we use your payment details to process transactions and maintain records for accounting and billing purposes.

  • Improving our chatbot services, website, and customer experience: Monitoring website usage via Squarespace and Chatbase. We analyse how you interact with our chatbot to enhance its functionality, improve user experience, and ensure it meets your needs.

  • Complying with legal and contractual obligations: To manage agreements signed via Docusign and fulfil legal obligations. We may use your data to meet legal, regulatory, or contractual requirements, including maintaining records of our business relationship.

  • Managing and analysing digital ad campaign performance: If you engage with us through advertising on platforms like Google Ads or Meta Ads, we may use your data to measure and optimise the performance of those campaigns.

We do not sell or rent your personal data to third parties.

7. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Consent – when you opt-in to marketing or analytics

  • Contract – to provide agreed services

  • Legal obligation – to comply with laws and recordkeeping

  • Legitimate interest – to operate and improve our business

8. Squarespace Website Disclosures

Our website is built and hosted on Squarespace. When you use our site, Squarespace may automatically collect:

  • Device and browser information (e.g. IP address)

  • Pages visited and timestamps

  • Referring websites

  • Form submissions (if applicable)

Squarespace processes this data in accordance with their Privacy Policy and stores data primarily in the USA under Standard Contractual Clauses (SCCs).

We use Squarespace’s built-in analytics and form tools to understand site usage and handle enquiries.

We do not currently use tracking pixels (such as Meta Pixel or Google Analytics 4) on this website. Advertising campaigns are managed without the use of behavioural tracking on our site.

9. Third Parties and Sub-Processors

We work with trusted third parties. Where required, we have Data Processing Agreements (DPAs) in place.

1. Mailchimp

  • Purpose: Email marketing

  • Data Involved: Names, emails, engagement data

  • Jurisdiction: USA (SCCs)

2. Stripe

  • Purpose: Payment processing

  • Data Involved: Payment and contact info

  • Jurisdiction: USA/EU

3. Xero

  • Purpose: Invoicing & accounting

  • Data Involved: Client billing/contact data

  • Jurisdiction: NZ/UK (Adequacy)

4. DocuSign

  • Purpose: Electronic signatures

  • Data Involved: Names, emails, agreements

  • Jurisdiction: USA/EU (SCCs)

5. Google Workspace

  • Purpose: Email & file storage

  • Data Involved: Emails, attachments, contracts

  • Jurisdiction: EU/USA (SCCs)

6. Squarespace

  • Purpose: Website hosting & analytics

  • Data Involved: Site and form data

  • Jurisdiction: USA (SCCs)

7. Chatbase

  • Purpose: AI infrastructure for NLP processing and chatbot interaction handling

  • Data Involved: Chatbot interaction data

  • Jurisdiction: Canada (SCCs + UK Addendum)

8. UKPostbox

  • Purpose: Physical mail

  • Data Involved: Names, addresses, contact information, engagement data

  • Jurisdiction: UK

9. Instantly.ai

  • Purpose: Email outreach

  • Data Involved: Names, emails, provided personal data

  • Jurisdiction: US (SCCs + UK Addendum)

10. Google Ads

  • Purpose: Ad campaign management & targeting

  • Data Involved: Audience targeting, ad performance data

  • Jurisdiction: EU/USA (SCCs + UK Addendum)

11. Meta Ads

  • Purpose: Ad campaign management & lead forms

  • Data Involved: Audience targeting, lead form submissions

  • Jurisdiction: EU/USA (SCCs + UK Addendum)

12. Microsoft Teams

  • Purpose: Internal and client communications, chatbot testing, and collaboration

  • Data Involved: Names, email addresses, chat transcripts, shared files, and meeting metadata

  • Jurisdiction: Global (Data stored in Microsoft data centres, typically based on tenant location — US, UK, or EU; compliant with GDPR, SCCs, and UK Addendum where applicable)

 

Note on Client Work

When we process personal data on behalf of our clients in the context of chatbot services (e.g., within chatbot interactions, analytics, or integrations with third-party tools), we act as a Data Processor or Joint Controller, depending on the specific arrangement.

In these cases, our relationship with the client is governed by a separate Data Processing Agreement (DPA) or Joint Controller Agreement (JCA), which outlines the respective roles, responsibilities, and obligations.

When managing chatbot services for clients, we may use tools and platforms to create, monitor, or optimise the performance of the chatbot, including its interactions with end users. The role we play (as Data Processor or Joint Controller) depends on the nature of our involvement with the data collected and how it is used within the service.

Clients are responsible for ensuring that their own privacy policies reflect any data collection carried out through the use of our chatbot services, including data captured via user interactions, tracking integrations, or third-party platform integrations (e.g., CRMs, analytics, or marketing tools).

10. International Data Transfers

Where personal data is transferred outside the United Kingdom or European Economic Area (EEA), we ensure appropriate safeguards are in place, and we rely on Standard Contractual Clauses together with the UK Addendum (or International Data Transfer Agreement) to ensure appropriate safeguards are in place.

11. Data Retention and Deletion of Chatbot Logs

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, data related to client accounts and marketing activities is retained for up to 6 years after the end of the client relationship, unless a shorter or longer retention period is required by law or justified by business needs. 

As part of our commitment to data protection and compliance with UK GDPR, we retain chatbot interaction logs only for as long as necessary for the purposes for which they were collected. Typically, chatbot logs will be retained for a period of 6 months. After this period, all interaction logs will be securely deleted. Chatbot logs may be hosted on third-party platforms such as Chatbase, which stores interaction data in accordance with its own security and retention policies. We retain access to this data for no more than 6 months, after which it is deleted from our systems.

For example, if you interacted with a chatbot between 1 January and 30 June, the corresponding logs will be deleted on 1 July.

However, please note that in certain circumstances, we may be required to retain chatbot logs for longer periods, including but not limited to the following situations:

  1. Legal Obligations:

    • Consumer Protection Laws: If the chatbot logs relate to consumer transactions or contracts, we may need to retain certain data for a longer period to comply with consumer protection regulations. For example, under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013, we may be required to retain transaction records for up to 1 year after the end of the contract.

    • Tax and Accounting Laws: If the chatbot logs contain financial transaction information (e.g., invoice details), HMRC may require us to retain these records for a minimum of 6 years.

    • Industry-Specific Regulations: In certain regulated sectors, such as financial services or healthcare, we may be required by industry regulators (e.g., FCA for financial services) to retain records for specific periods.

  2. Contractual Obligations:
    We may be required to retain chatbot logs for a longer period if specified in any contracts with our clients or third parties. These contracts may require data retention for purposes such as service audits, dispute resolution, or ensuring compliance with service-level agreements (SLAs).

  3. Litigation or Legal Disputes:
    In the event of legal disputes, claims, or litigation, we may need to retain chatbot logs as evidence until the case is resolved, even if the data is not necessary for business operations.

  4. Legitimate Interests:
    We may retain chatbot logs longer if we have a legitimate interest in doing so, such as for security purposes, fraud prevention, or performance analysis. However, any such retention will be balanced against the privacy rights and freedoms of the individuals concerned.

  5. Special Category Data:
    If any chatbot logs contain sensitive personal data (e.g., health information), we will apply stricter retention controls to ensure compliance with the relevant provisions under the UK GDPR for special category data. This data will be retained only for as long as necessary for the specific purpose it was collected.

 

We securely delete or anonymise data when no longer needed.

12. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data.

  • Right to Rectification: Correct inaccurate or incomplete data.

  • Right to Erasure: Request deletion of personal data under certain conditions.

  • Right to Restrict Processing: Limit processing in certain situations.

  • Right to Data Portability: Request data in a structured format.

  • Right to Object: Object to processing for direct marketing.

  • Right to Lodge a Complaint: File a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data rights have been violated.

To exercise your rights, contact us at support@wildstoneai.co.uk.

13. Cookies Policy

What Are Cookies?
Cookies are small text files placed on your device to help us understand site usage and functionality.

Some cookies collect IP, session, browser, and referrer data. We treat this as personal data under GDPR.

Managing Cookies
Visitors can opt in via the cookie banner or manage cookies via browser settings.

We use a cookie consent banner that allows visitors to accept or reject non-essential cookies before any tracking is enabled. Consent choices are recorded and respected across sessions. You can manage or withdraw your consent at any time via your browser settings.

14. Data Security

We implement appropriate technical and organizational security measures, including encryption, access controls, and secure storage, to protect personal data. However, no method of transmission is 100% secure.

15. Business Transition

If Wildstone AI transitions from a sole trader to a limited company, we will:

  • Provide prior notice

  • Issue an updated Privacy Policy

  • Ensure your rights and protections remain unchanged

16. Age Limitations

Our website and services are intended for individuals aged 18 or over. We do not knowingly collect or process the personal data of individuals under the age of 18. If we become aware that we have collected data from a minor, we will take immediate steps to delete such data.

17. Advertising Transparency

We may use advertising platforms such as Google Ads and Meta Ads to promote our services. Where personal data (such as email addresses or lead form responses) is collected through these platforms, it is used solely for the purposes specified at the time of collection and is processed in accordance with this policy.

We do not use behavioural advertising tools (like Meta Pixel or Google Analytics 4) on this website. If this changes, we will update this policy and ask for renewed consent before enabling such tools.

18. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page and dated accordingly.

19. Contact

For questions, data access, or privacy concerns, contact:
Email: support@wildstoneai.co.uk
Address: Wildstone AI, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA
Data Controller: Ryan Bell (t/a Widstone AI)