Privacy Policy

Your privacy matters to us. This policy explains how we collect, use, and protect your personal information in accordance with UK GDPR requirements.

1. About This Privacy Policy

This privacy policy explains how Resultsense Limited ("we", "our", "us") collects, uses, and protects your personal information when you interact with our website and services.

Regulatory Compliance: This policy complies with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations 2003 (PECR)
  • Equality Act 2010 (accessibility requirements)

2. Information We Collect

2.1 Contact Form Data

When you contact us through our website form, we collect:

  • Full name - to address you personally in our response
  • Email address - to send our reply
  • Phone number (optional) - for follow-up calls if you prefer
  • Your message - to understand your enquiry and provide relevant assistance

2.2 Website Usage Data

We operate a privacy-first website. The data automatically collected is:

  • Server logs: IP addresses, timestamps, pages visited, and browser information for security and technical maintenance purposes (processed by Cloudflare as our hosting provider, retained for 30 days)
  • Contact form rate limiting: IP addresses temporarily stored for up to 2 minutes in Cloudflare KV to prevent abuse (5 submissions per minute limit)

2.3 Data We Don't Collect

We operate a privacy-first approach and don't collect cookies, tracking data, user accounts, payment information, or special category personal data.

4. How We Use Your Information

4.1 Primary Uses

  • Responding to enquiries: Providing information about our AI consulting services
  • Service delivery: Managing projects and client relationships
  • Business communication: Updates on projects, invoicing, and administrative matters
  • Legal compliance: Meeting statutory requirements and professional obligations

5. Data Retention

We keep your personal information only as long as necessary:

5.1 Retention Schedule

Data Type Retention Period Reason

Contact enquiries

 6 months Business follow-up and improvement

Client project data

 6 years after contract end HMRC requirement

Legal correspondence

 6 years Statute of limitations

Website server logs

 30 days Security monitoring (managed by Cloudflare)

Rate limiting data

 2 minutes Contact form abuse prevention (Cloudflare KV)

5.2 Secure Deletion

At the end of retention periods, we securely delete electronic records and notify processors to delete data from their systems.

6. Data Sharing and Third Parties

6.1 Service Providers (Data Processors)

We carefully select processors who provide adequate guarantees for data protection. All processors operate under their standard terms of service which incorporate appropriate data protection safeguards:

Email Services: Resend (US-based) for enquiry responses. Resend's standard terms include Data Protection Act 2018 compliance and Standard Contractual Clauses for international transfers.

Website Hosting: Cloudflare Inc for hosting and security. Cloudflare operates under EU-US Data Privacy Framework safeguards and their standard data processing terms.

Anti-Spam: hCaptcha for form protection. Data shared: hCaptcha token, IP address, browser fingerprint data. hCaptcha's standard terms include Standard Contractual Clauses for international transfers.

6.2 Professional Service Providers

We share necessary data with professional advisors (accountants, legal advisors) for regulatory compliance and business operations under legal obligation and legitimate interest bases.

7. International Data Transfers

7.1 Transfer Safeguards

When we transfer data outside the UK, we ensure adequate protection:

United States Transfers:

  • EU-US Data Privacy Framework for participating organisations
  • Standard Contractual Clauses as primary safeguard
  • Supplementary measures including encryption and access controls
  • Regular reviews of transfer arrangements and adequacy decisions

8. Your Data Protection Rights

8.1 Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

  • Request copies of your personal data
  • Information about how we process your data
  • Details of retention periods and sharing arrangements
  • How to exercise: Email privacy@resultsense.com with identification

Right to Rectification (Article 16)

  • Correct inaccurate personal data
  • Complete incomplete personal data
  • How to exercise: Contact us with correct information and evidence

Right to Erasure (Article 17)

  • Request deletion of your personal data
  • Limitations: Legal obligations may prevent immediate deletion (e.g., tax records)
  • How to exercise: Email privacy@resultsense.com with specific deletion request

Right to Restrict Processing (Article 18)

  • Limit how we process your data while disputes are resolved
  • Circumstances: When accuracy is contested, processing is unlawful, or you object to processing

Right to Object (Article 21)

  • Object to processing based on legitimate interests
  • Absolute right: For direct marketing purposes
  • Balanced consideration: For other legitimate interests

Right to Data Portability (Article 20)

  • Receive your data in machine-readable format
  • Transfer data to another service provider
  • Applies to: Data provided with consent or for contract performance

8.2 Response Times

  • Acknowledgement: Within 72 hours
  • Full response: Within 30 days (may extend to 90 days for complex requests)
  • Free of charge unless requests are manifestly unfounded or excessive

9. Data Security Measures

We protect your personal data using appropriate technical and organisational security measures, including:

Technical Measures:

  • Encryption of data in transit and at rest
  • Multi-factor authentication for system access
  • Web Application Firewall and DDoS protection
  • Regular security updates and monitoring

Organisational Measures:

  • Staff training on data protection
  • Confidentiality agreements for all personnel
  • Documented procedures for data handling
  • Secure disposal of devices and documents

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the ICO within 72 hours of discovery
  • Notify affected individuals without undue delay
  • Provide clear information about the nature of the breach
  • Explain steps taken to address the breach
  • Offer practical advice on protecting yourself

11. Cookies and Tracking Technologies

11.1 Our Cookie Policy

We use cookies only with your explicit consent to improve our website and understand how visitors use our services. We implement a consent-first approach that complies with UK Privacy and Electronic Communications Regulations (PECR).

11.2 Analytics Cookies (Optional - Requires Consent)

With your consent, we use Google Analytics 4 (GA4) to understand website usage and improve our services. These cookies are managed through Cloudflare Zaraz, which processes analytics server-side for enhanced privacy and performance.

Google Analytics 4 Cookies:

Cookie Name Purpose Retention Period
`_ga` Distinguishes unique visitors 2 years
`_ga_*` Maintains session state and tracks page views 2 years

Data Retention on Google's Servers:

Google Analytics stores your event data and user-level data for 14 months on their servers. After this period, the data is automatically deleted. This is separate from the cookie retention period above, which determines how long cookies remain in your browser.

What We Track:

  • Pages visited and time spent on pages
  • How you arrived at our website (e.g., search engine, direct visit)
  • General location (country/city level only, not precise location)
  • Device type and browser information
  • Contact form submissions (event tracking only, no form content)

What We Don't Track:

  • Personal identification without consent
  • Precise geolocation data
  • Cross-site tracking or user profiling
  • Sensitive personal information

11.3 Consent Management

When you first visit our website, you'll see a consent banner asking for your permission to use analytics cookies. You can:

  • Accept analytics: Allow GA4 cookies for website improvement
  • Reject analytics: Use our website without any tracking cookies
  • Change your mind: Modify your preferences at any time by clearing your browser cookies and revisiting our site

Technical Implementation:

  • Cloudflare Zaraz manages consent with Google Consent Mode v2
  • Analytics cookies load only after you explicitly accept
  • Your consent choice is stored locally in your browser
  • We honour "Do Not Track" browser settings where technically feasible

11.4 Essential Website Functions (No Consent Required)

Our website hosting provider (Cloudflare) processes basic server logs for security and technical maintenance purposes. This is not tracked via cookies and doesn't require consent as it's necessary for legitimate website operation.

Server-side Processing:

  • IP addresses (anonymised and retained for 30 days maximum)
  • Request timestamps and visited URLs
  • Browser and device information for compatibility
  • Security threat detection and DDoS protection

11.5 Managing Your Preferences

To Withdraw Consent or Delete Cookies:

1. Clear your browser cookies for resultsense.com

2. Revisit our website - the consent banner will reappear

3. Select your new preference

Browser-Specific Instructions:

Questions About Cookies?

Contact privacy@resultsense.com for assistance with cookie management or privacy concerns.

11.6 Future Changes

Should we implement additional cookies or tracking technologies, we will:

  • Update this privacy policy with clear descriptions
  • Request explicit consent for any non-essential cookies
  • Maintain compliance with UK PECR and GDPR requirements

12. Children's Privacy

Our B2B AI consulting services are designed for business users aged 18 and over. We do not knowingly collect data from children under 18. If we become aware of such data, we will delete it immediately unless legal obligations prevent this.

13. Business Development Activities

We maintain records of business professionals who may benefit from our AI consulting services to conduct targeted outreach and build relationships with potential clients.

13.1 What Information We Collect

When researching potential clients, we may collect:

  • Professional contact details (name, job title, company name)
  • Publicly available business information
  • Professional platform profile URLs
  • Topics and business challenges you discuss publicly
  • Records of our professional interactions with your public content

13.2 Where We Obtain This Information

  • Professional networking platforms (LinkedIn public profiles, Twitter/X public posts)
  • Business directories (Companies House) and company websites
  • Industry publications and professional forums
  • Public business events and conferences

13.3 Legal Basis for Processing

Legal Basis: Legitimate Interests (Article 6(1)(f) UK GDPR)

Our Interest: Conducting B2B business development and identifying potential clients who may benefit from our human-led AI consulting services.

Balancing Consideration: We process only publicly available professional information within a business-to-business context. We believe this processing is reasonable given:

  • Information is voluntarily shared publicly for professional networking purposes
  • Processing occurs in a professional, not personal, context
  • We collect minimal data necessary for business development
  • No special category or sensitive personal data is processed

13.4 Retention Periods

Prospect Status Retention Period
Active business development prospects 12-18 months from last engagement
Prospects with no meaningful response 6 months after last contact attempt
Converted to clients 6 years after contract end (HMRC compliance)
Opted out or objected Immediate deletion or permanent "Do Not Contact" status

We conduct quarterly reviews to ensure compliance with these retention periods.

13.5 Your Rights

Right to Object: You have the absolute right to object to this processing at any time. If you prefer we do not track or contact you for business development purposes, email privacy@resultsense.com with "Remove from business development database" in the subject line. We will action your request within 30 days.

Other Rights: You retain all standard UK GDPR rights detailed in Section 8, including:

  • Access to your information
  • Correction of inaccurate details
  • Deletion of your data
  • Restriction of processing

No Automated Decision-Making: All business development decisions are made by real people based on professional relevance and potential business fit. We do not use automated profiling or algorithmic targeting.

14. Complaints and Concerns

14.1 Contact Us First

If you have concerns about our data processing:

  • Email: privacy@resultsense.com
  • We will acknowledge your complaint within 72 hours
  • Full investigation and response within 30 days

14.2 Information Commissioner's Office (ICO)

If you're not satisfied with our response, you can complain to the ICO:

  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Phone: 0303 123 1113
  • Website: ico.org.uk/make-a-complaint

15. Changes to This Privacy Policy

We may update this privacy policy from time to time. For significant changes, we will:

  • Post a notice on our website
  • Update the "Last Updated" date at the top of this policy

Minor changes (such as contact details or clarifications) will be updated immediately with a new effective date.

16. Contact Information

Data Protection Enquiries:

Email: privacy@resultsense.com

Response time: Within 72 hours for acknowledgement, 30 days for full response

Business Enquiries:

Email: hello@resultsense.com

Company Information:

Resultsense Limited

Company Registration Number: 16733701

Registered Office: 15 Skyline Court, 9 Grange Yard, London SE1 3AN

Your privacy matters to us. We're committed to protecting your data and being transparent about how we use it. If you have questions about this policy or our data practices, please don't hesitate to contact us at privacy@resultsense.com.