Privacy Policy

Kelpie AI ("we", "us", "our") is a digital and AI automation agency based in Scotland, operating across the United Kingdom. We build websites, CRMs, automation systems, and AI-powered tools for businesses.

You can contact us at info@kelpieai.co.uk.

This policy explains what personal data we collect from you when you use kelpieai.co.uk, why we collect it, how we use it, and what your rights are under UK GDPR.

We collect the following categories of personal data:

• Contact form submissions: Your name, email address, business name, team size, industry, and any details you share about your project or enquiry.
• Tech audit requests: Your email address and, optionally, your consent to receive marketing communications from us.
• Email correspondence: Any messages you send us directly at info@kelpieai.co.uk.
• Usage data: Basic analytics about how visitors interact with our website (pages visited, time on site, referral source). This is collected in aggregate and is not linked to your identity unless you submit a form.

We do not collect payment card details directly. Any payment processing is handled by third-party providers with their own privacy policies.

We process your personal data on the following legal grounds:

• Legitimate interests: To respond to your enquiry, understand what you need, and assess whether we can help you. This is the lawful basis for contact form and tech audit data.
• Consent: Where you have ticked the box to receive marketing updates from Kelpie AI. You can withdraw this consent at any time.
• Contract performance: Where we enter into a working relationship with you, we process your data as necessary to deliver the services you have paid for.

We use your data to:

• Respond to your enquiries and provide quotes or proposals
• Conduct the free tech audit you requested
• Send you service updates, onboarding information, and project communications where we have an active working relationship
• Send you occasional marketing updates about Kelpie AI, only where you have given consent
• Improve our website and services based on aggregate usage patterns

We do not sell your data to third parties. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

We share your data only where strictly necessary to operate our business:

• Resend: Our email delivery provider, used to send confirmation and notification emails. Data is processed in accordance with Resend's privacy policy.
• Vercel: Our website hosting provider. Form submissions pass through Vercel's infrastructure.
• Other tools: We may use project management or CRM tools to manage client relationships. Any such tools are selected with data privacy in mind and are used only within the EEA or with appropriate safeguards.

We will disclose your data if required to do so by law or by a regulatory authority.

We retain your data for as long as necessary to fulfil the purpose for which it was collected:

• Enquiry data — retained for up to 12 months from your last contact with us, unless you become a client.
• Client data — retained for 6 years from the end of your contract, as required for UK tax and legal purposes.
• Marketing consent records — retained until you withdraw consent, and for a reasonable period thereafter as a compliance record.

After these periods, your data is securely deleted or anonymised.

Our website may use cookies and similar technologies to remember your preferences and understand how visitors use the site.

Essential cookies are necessary for the website to function and cannot be switched off. They do not store personally identifiable information.

Analytics cookies, if used, help us understand how people interact with the site. Where we use these, we do so in a privacy-friendly manner and will notify you via a cookie banner where required.

You can control cookies through your browser settings at any time.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: You can ask us for a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct any inaccurate data we hold about you.
• Right to erasure: You can ask us to delete your personal data ("right to be forgotten") in certain circumstances.
• Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
• Right to data portability: You can ask us to provide your data in a portable format where technically feasible.
• Right to object: You can object to us processing your data on the basis of legitimate interests.
• Right to withdraw consent: Where we process your data on the basis of consent, you can withdraw that consent at any time.

To exercise any of these rights, email us at info@kelpieai.co.uk. We will respond within one month.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. This includes using encrypted connections (HTTPS), access controls, and selecting reputable third-party providers.

No method of transmission over the internet is completely secure, but we take our obligations seriously and will notify you and the ICO if a breach occurs that is likely to affect your rights and freedoms.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. If we make significant changes, we will make reasonable efforts to notify you.

If you have any questions about this Privacy Policy or how we handle your data, please get in touch:

Email: info@kelpieai.co.uk
Website: kelpieai.co.uk