Privacy Policy

Last updated: 2026-02-08

This Privacy Policy explains how SafePolicy AI (“we”, “us”, “our”) collects, uses, and shares personal data when you visit our website, submit our intake form, purchase our services, or communicate with us.

1. Who we are

SafePolicy AI provides governance-focused documentation under the product “AI Governance Essentials — Powered by SafePolicy AI”.

2. Personal data we collect

We may collect and process the following categories of personal data:

• Contact details: email address (and any other contact details you provide).
• Organisation details: organisation name, industry/sector, size band, country of operation.
• AI usage information: how AI is used in your business, tools used, and governance-related selections you provide in the intake form.
• Communications: messages you send to us and our responses.
• Technical data: basic website log data (such as IP address, device information, and timestamps) as typically recorded by hosting providers for security and reliability.

We do not intentionally collect special category data (e.g. health data) and we ask you not to submit sensitive personal data via the intake form.

3. How we collect data

• Directly from you when you complete our intake form or contact us.
• Automatically when you visit our website (limited technical/usage data).
• Via service providers we use to run the website, intake form, and payments.

4. How we use your data

We use personal data to:

• Provide and deliver “AI Governance Essentials — Powered by SafePolicy AI”.
• Process your payment and confirm your order.
• Communicate with you about your order, delivery, and support requests.
• Maintain internal records related to service delivery and quality assurance.
• Protect the security and integrity of our services (e.g. fraud prevention and troubleshooting).

5. Lawful bases for processing

We rely on the following lawful bases under UK GDPR (and, where applicable, EU GDPR):

• Contract: to provide the service you request and manage delivery.
• Legitimate interests: to operate, secure, and improve our services, and to maintain appropriate records.
• Legal obligation: where we must comply with applicable laws (e.g. tax/accounting requirements).
• Consent: where required for certain cookies or marketing/analytics tracking (see Cookies and Tracking).

6. Payments

Payments are processed by Stripe. We do not receive or store your full card details. Stripe processes payment details in accordance with its own privacy practices.

7. Intake forms

We use Tally to collect intake information. Tally processes data submitted via the form in order to deliver it to us and enable confirmation emails. Tally may process data in accordance with its own privacy practices.

8. Delivery of documents

We typically deliver completed documentation via a secure link with access restricted to the email address provided at purchase. We may use cloud storage and sharing tools (such as Google Drive) for controlled access delivery and the ability to revoke access where appropriate (for example, after a refund).

9. Cookies and tracking

Our website may use essential cookies required for core functionality (for example, enabling embedded forms or payment-related processes).

If we implement non-essential analytics or marketing tracking (for example, LinkedIn’s Insight Tag for advertising performance measurement), we will present a cookie consent banner and provide controls to accept or reject non-essential cookies before such tracking is enabled.

10. Sharing your data

We may share personal data with trusted service providers who help us operate our services, including:

• Tally (intake form collection and notifications)
• Stripe (payment processing)
• Website hosting and infrastructure providers
• Cloud storage/sharing providers used for controlled delivery (e.g. Google Drive)

We do not sell personal data.

11. International transfers

Some of our service providers may process data outside the UK. Where this occurs, we aim to ensure appropriate safeguards are used (such as adequacy regulations or contractual protections) consistent with applicable data protection requirements.

12. Data retention

We retain personal data only for as long as necessary to deliver the service, maintain appropriate records, and meet legal or operational requirements. Retention periods may vary depending on the nature of the data and the purpose for which it is processed.

13. Your rights

Depending on your location and applicable law, you may have rights to:

• Access your personal data
• Correct inaccurate data
• Request deletion of data (where applicable)
• Object to or restrict certain processing
• Request data portability (where applicable)
• Withdraw consent where processing is based on consent

To exercise these rights, contact us using the details below.

14. Security

We take reasonable measures to protect personal data. No method of transmission or storage is completely secure, but we work to reduce risk through appropriate technical and organisational measures.

15. Contact

If you have questions about this Privacy Policy or how we handle personal data, contact us at: safepolicyai@gmail.com

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The version published on our website at the time of your purchase or submission will apply.