Privacy Policy

1. Introduction

Crouch End Media Ltd T/A enginetree AI ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are the data controller for the personal data we process, unless otherwise stated.

2. Information We Collect

We collect and process the following types of personal data:

2.1 Information You Provide

• Contact information (name, email address, phone number)
• Company information (company name, position)
• Technical information about your case management systems
• Communication preferences and audit requests
• Any other information you choose to provide

2.2 Information We Collect Automatically

• IP address and location data
• Browser type and version
• Device information
• Pages visited and time spent on our website
• Referring website addresses

3. How We Use Your Information

We process your personal data for the following purposes:

• Service Delivery: To provide AI automation services and technical solutions
• Communication: To respond to enquiries and provide customer support
• Audits and Assessments: To conduct technical audits of your systems
• Contract Performance: To fulfill our contractual obligations
• Legal Compliance: To comply with legal and regulatory requirements
• Service Improvement: To improve our services and develop new features
• Marketing: To send relevant information about our services (with your consent)

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: Where you have given explicit consent for specific processing
• Contract: Where processing is necessary for contract performance
• Legal Obligation: Where we must comply with legal requirements
• Legitimate Interests: Where processing is necessary for our legitimate business interests

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

5.1 Service Providers

Trusted third-party service providers who assist us in operating our business, including:

• Cloud hosting providers (UK/EU based)
• Email service providers
• Analytics providers
• Payment processors

5.2 Legal Requirements

We may disclose your information where required by law, court order, or governmental authority.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity.

6. International Data Transfers

Your data is processed and stored within the United Kingdom and European Union. We do not transfer personal data outside the UK/EU unless:

• You have explicitly consented
• The transfer is to a country with adequate data protection laws
• We have implemented appropriate safeguards (such as Standard Contractual Clauses)

7. Data Security

We implement robust security measures to protect your personal data:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Strict access controls and authentication
• Employee training on data protection
• Incident response procedures
• Regular backups and disaster recovery plans

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Client Data: For the duration of the contract plus 7 years (legal requirement)
• Marketing Data: Until you withdraw consent or request deletion
• Website Analytics: 26 months from collection
• Financial Records: 7 years (legal requirement)

9. Your Rights

Under UK GDPR, you have the following rights:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Rights Related to Automated Decision-Making: Not be subject to solely automated decisions

To exercise these rights, please contact us using the details in Section 13.

10. Cookies and Tracking

Our website uses minimal cookies and tracking technologies:

• Essential Cookies: Required for website functionality
• Analytics: To understand how visitors use our website

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

11. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy, to exercise your rights, or to raise concerns, please contact us:

14. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):