Privacy Policy

Last updated: 10 July 2025

Thank you for choosing Unlocked Potential AI Ltd . Protecting your privacy and your personal data is central to our mission of delivering responsible artificial‑intelligence solutions. This Privacy Policy explains how we collect, use, disclose and safeguard information when you visit https://www.unlocked-potential.uk(the “Site“), communicate with us, or use any of our products, services and applications (collectively, the “Services“).

1 Who we are

Unlocked Potential AI Ltd

Registered in England & Wales No. 13987654
Data‑protection contact: unlockedpotential25@gmail.com
Supervisory authority: UK Information Commissioner’s Office (ICO)

2 Scope of this Policy

This Policy applies to personal data processed by UPAI in the context of:

visitors to the Site and any microsites we operate;
prospective and existing business clients, suppliers and partners;
individuals who interact with our AI models, demos or chatbots;
recipients of our marketing communications and event invitations.

It does not apply to anonymised or aggregated data from which you cannot be identified.

3 Definitions

“Personal data” – any information relating to an identified or identifiable natural person.
“Processing” – any operation performed on personal data, such as collection, storage, use, disclosure or erasure.
“GDPR” – Regulation (EU) 2016/679 and the UK GDPR (as incorporated into UK law by the Data Protection Act 2018).

4 What data we collect

Category	Examples	Source
Identity & Contact	name, job title, company, email, telephone, postal address	you (web forms, emails, calls), event sign‑up
Business Information	project brief, scope requirements, feedback, contractual docs	you
AI Interaction Logs	prompts, uploaded files, model outputs, usage metadata	you when you use our demos or production models
Technical & Usage	IP address, browser type, device ID, referral URL, time‑on‑page, clickstream	automated by cookies, server logs, analytics tags
Marketing Preferences	newsletter opt‑in, consent status, email engagement metrics	you; Mailchimp & HubSpot
Payment & Billing	invoicing address, VAT number, bank details (B2B)	you; Stripe, banking partners

We do not knowingly collect data about children under 16.

5 How and why we use your data

	Purpose	Legal basis (UK/EU)	Typical retention
Respond to enquiries, provide proposals and perform contracts	Art 6 (1)(b) Contract	6 years after contract end	1 year
Operate, secure and improve the Site & Services (incl. model fine‑tuning)	Art 6 (1)(f) Legitimate interest (service delivery, cybersecurity, R&D)	24 months for raw logs; aggregated thereafter	1 year
Send newsletters, event invites, product updates	Art 6 (1)(a) Consent OR Art 6 (1)(f) Legitimate interest (B2B soft opt‑in)	Until you unsubscribe or 24 months of inactivity	1 year
Comply with legal obligations (tax, accounting, sanctions screening)	Art 6 (1)(c) Legal obligation	7 years	1 year
Detect, prevent and investigate fraud or misuse	Art 6 (1)(f) Legitimate interest	as long as necessary for investigation	1 year

We will seek your explicit consent before processing special‑category data or using personal data for materially new purposes.

6 Cookies and similar technologies

We use first‑ and third‑party cookies, pixels and local‑storage objects to:

enable core site functions (WordPress, Cloudflare);
analyse traffic and performance (Google Analytics 4 with IP‑anonymisation);
measure ad campaign effectiveness (Meta Pixel, LinkedIn Insight Tag).

You can control cookies through your browser settings and the cookie‑consent banner displayed on your first visit. Detailed cookie lifetimes and providers are listed in our Cookie Notice.

7 Sharing and disclosure

We never sell, rent or lease your personal data. We may share it with:

Service providers acting as processors (e.g. AWS, Vercel, OpenAI, HubSpot, Mailchimp, Stripe, Cloudflare) under written contracts;
Professional advisers (lawyers, auditors, insurers);
Authorities where required by law or court order;
Successors in the event of a merger, acquisition or asset sale (with prior notice where legally required).

All processors are vetted for GDPR compliance and bound by confidentiality.

8 International data transfers

Some processors are based outside the UK/EEA. Where we transfer personal data internationally, we rely on:

Adequacy regulations (e.g. EU–UK data bridge);
UK/EE Standard Contractual Clauses + UK Addendum;
Supplementary security measures (encryption in transit & at rest).

9 Security measures

TLS 1.3 encryption for data in transit; AES‑256 for data at rest.
Role‑based access controls & MFA on all admin consoles.
Quarterly penetration testing; daily automated vulnerability scans.
Incident‑response plan aligned with ISO 27001.

10 Data retention

We retain personal data no longer than necessary for the purposes set out in Section 5. Criteria include: contractual requirements, statutory limitation periods, regulatory guidance and your own deletion requests.

11 Your rights

Under the UK GDPR/EU GDPR you have the right to:

access a copy of your personal data;
rectify inaccurate or incomplete data;
erase data (“right to be forgotten”);
restrict or object to processing;
data portability to another controller;
withdraw consent at any time (marketing);
lodge a complaint with the ICO (or your local DPA).

To exercise any right, email unlockedpotential25@gmail.com. We will respond within one month.

12 Automated decision‑making

Our AI models may generate predictive scores (e.g. lead‑quality) but we do not deploy fully automated decisions that produce legal or similarly significant effects without human review.

13 Links to third‑party sites

The Site may contain links to external sites we do not control. We are not responsible for their privacy practices. We encourage you to review their policies.

14 Changes to this Policy

We update this Policy from time to time. Material changes will be notified via a banner on the Site or by email where legally required. The “Last updated” date at the top indicates the latest revision.

15 Contact us

Questions, requests or concerns?
Email: unlockedpotential25@gmail.com