Privacy Policy
Last updated: 18 April 2026
Workloft.ai LTD (“Workloft”, “we”, “us”) is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, and how we handle it across all Workloft products and services.
Workloft.ai LTD is registered with the Information Commissioner’s Office (ICO). Registration reference: C1912528.
1. Who we are
Workloft.ai LTD is a software development and AI consultancy registered in England. We build software products, AI tools, and automation services for businesses and public sector organisations.
- Data controller: Workloft.ai LTD
- Contact: alfred@workloft.ai
- ICO registration: C1912528
2. What data we collect
The data we collect depends on how you interact with us:
| Context | Data collected | Legal basis |
|---|---|---|
| Website visitors | No tracking, no cookies, no analytics. We don’t collect any data from visitors to workloft.ai. | N/A |
| Business enquiries | Name, email, company, message content | Legitimate interest |
| Clients (consulting) | Name, email, phone, company details, project data | Contract performance |
| Product users (e.g. Conexus, CRM tools) | Account details, usage data, content you create in the product | Contract performance |
| Public sector engagements | As specified in the relevant Data Processing Agreement | Public task / legal obligation (via DPA with the controller) |
3. How we use your data
- To deliver the services you’ve engaged us for
- To communicate with you about your project or account
- To comply with legal obligations
- To improve our products (using aggregated, non-personal data only)
We do not sell your data. We do not use your data for marketing unless you’ve explicitly opted in.
4. AI and automated processing
Some of our products use artificial intelligence to process data (e.g. natural language parsing, document analysis, workflow automation). Where AI is used:
- We use it as a tool to assist, not to make autonomous decisions with legal or significant effects
- A human is always available to review AI-assisted outputs on request
- We do not use your data to train AI models
- AI processing is covered by the same data protection standards as all other processing
5. Where your data is stored
- Primary hosting: UK and EU regions (Supabase EU-West-2, Hetzner EU, Vercel)
- AI processing: Anthropic (Claude) and Google (Gemini) APIs — data is sent for processing only, not stored or used for training under our agreements
- We do not transfer personal data outside the UK/EEA without appropriate safeguards (UK IDTA or equivalent)
6. Who we share data with
We only share data with third parties who are necessary to deliver our services:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database hosting | EU (London) |
| Vercel | Application hosting | EU / Global CDN |
| Anthropic | AI processing (Claude) | US (with safeguards) |
| Hetzner | Server infrastructure | EU (Germany/Finland) |
| Zoho | EU |
For public sector engagements, the full sub-processor list is included in the Data Processing Agreement.
7. How long we keep data
- Client project data: for the duration of the engagement plus 12 months, unless otherwise agreed
- Business contact details: until you ask us to delete them
- Product user data: for as long as your account is active, plus 30 days after deletion
- Legal/financial records: as required by law (typically 6 years)
8. Your rights
Under UK GDPR, you have the right to:
- Access — request a copy of the data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data (subject to legal obligations)
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interest
To exercise any of these rights, email alfred@workloft.ai. We will respond within 30 days.
9. Security
We take appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (TLS) and at rest
- Row-level security on all database tables
- Access controls and least-privilege principles
- Regular security reviews and monitoring
- Audit logging on sensitive operations
10. Cookies
workloft.ai does not use cookies, tracking pixels, or analytics tools. No consent banner is needed because we don’t track you.
11. Changes to this policy
We may update this policy from time to time. The “last updated” date at the top will always reflect the current version. Material changes will be communicated to affected clients directly.
12. Complaints
If you’re unhappy with how we’ve handled your data, you can complain to the ICO:
- Website: ico.org.uk/make-a-complaint
- Phone: 0303 123 1113
We’d appreciate the chance to address your concern first — please email alfred@workloft.ai.