Privacy Policy
PYPER AI LTD — HOW WE COLLECT, USE,
AND PROTECT YOUR DATA
Last updated: March 2026
Company Number: 17064403 | ICO Registration: ZC101535
1. Who We Are
Pyper AI Ltd is an AI consultancy and software developer based in Durham, North East England. We help businesses adopt artificial intelligence safely and effectively.
When we refer to “we”, “us”, or “our” in this policy, we mean Pyper AI Ltd.
| Company Name | Pyper AI Ltd |
| Company Number | 17064403 |
| Registered Address | 382 Lugtrout Lane, Catherine de Barnes, Solihull, B91 2TN |
| Registered In | England and Wales |
| ICO Registration | ZC101535 |
| Website | pyperai.co.uk |
| General Contact | hello (at) pyperai.co.uk |
| Data Protection Contact | suzanne (at) pyperai.co.uk |
2. What Data We Collect
We collect different types of personal data depending on how you interact with us:
2.1 Through Our Website
Website Analytics
We use Umami, a privacy-focused analytics tool. Umami does not use cookies, does not collect personal data, and does not track visitors across websites. All data is aggregated and anonymous. We collect page views, referrer sources, browser type, and country-level location data only.
Contact Form
If you submit our contact form, we collect your name, your email address, and your message content. This data is processed by Formspree and forwarded to us via email. We use this solely to respond to your enquiry.
Live Chat
Our website may include a live chat feature. If this feature is active and you choose to use it, we collect your name (required to start a conversation), your email address (optional), your message content, the page you were on when you started the chat, and your referral source.
Where a chat feature is active, initial responses may be generated by an AI assistant powered by Anthropic’s Claude. Your messages are sent to Anthropic’s API for the purpose of generating responses only. Anthropic does not use this data for model training. A human team member may take over the conversation at any time. Chat data is stored on our servers and is not shared with third parties.
Marketing Attribution
We store UTM parameters and referrer information in your browser’s local storage to understand how visitors find our website. This data is anonymous and is not linked to any personal information unless you voluntarily provide it via the chat or contact form.
2.2 Through Our Services
When you engage us as a client, we may also collect:
- Contact details of your team members involved in projects
- Business data you share with us during AI consultancy engagements
- Data processed through AI systems we build or configure on your behalf
- Communication records between you and our team
Where we process personal data on your behalf as part of our services, this is governed by a separate Data Processing Agreement (DPA) between us and you.
2.3 Through Marketing
If you opt in to marketing communications, we may collect:
- Your email address (when you download resources, sign up for newsletters, or complete lead magnets such as our AI Readiness Scorecard)
- Responses to assessment tools and scorecards
3. How We Use Your Data
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Responding to enquiries | Legitimate interest | Name, email, message |
| Providing AI consultancy services | Contract performance | Contact details, project data |
| Processing client data through AI systems | Contract performance | As defined in your DPA |
| Sending marketing communications | Consent | Email address |
| Improving our website | Legitimate interest | Anonymous analytics data |
| Compliance with legal obligations | Legal obligation | As required by law |
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. AI Services and Data Processing
As an AI consultancy, we take additional care with data handled through our services:
- When we build AI systems (chatbots, agents, MCP servers, or integrations) for your business, any data processed through those systems is governed by a separate Data Processing Agreement (DPA) between us and you.
- We never use your business data to train AI models for other clients or for any purpose outside our agreement with you.
- We configure AI systems to use enterprise-grade, private API connections (not consumer tools like ChatGPT) to ensure your data stays within controlled environments.
- Where we use third-party AI providers (such as Anthropic or AWS), your data is processed under their enterprise data processing terms, which prohibit the use of your data for model training.
5. Who We Share Your Data With
| Service | Purpose | Location |
|---|---|---|
| Cloudflare | Website hosting, CDN, and security | Global (US HQ) |
| Formspree | Contact form processing | US |
| Umami | Privacy-focused, cookieless website analytics | EU |
| Google Fonts | Web font delivery | US |
| DigitalOcean | Backend server hosting | UK/EU |
| Anthropic | AI-powered chat responses (no data used for training) | US |
| AWS | Cloud infrastructure for client services | UK/EU |
We do not sell your personal data to any third party, ever.
Professional advisors (accountants, legal advisors) may receive personal data where necessary. Law enforcement or regulatory bodies may receive data where required by law.
6. International Data Transfers
Some of our service providers are based outside the UK. Where we transfer personal data internationally, we ensure appropriate safeguards are in place:
- EU–US Data Privacy Framework (for US-based providers such as Cloudflare, Formspree, and Anthropic)
- UK Standard Contractual Clauses where applicable
- Adequacy decisions where the UK Government has determined a country provides adequate data protection
7. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Contact form enquiries | 24 months from last contact, unless you become a client |
| Live chat data | 24 months from last interaction |
| Client project data | Duration of engagement plus 6 years (legal and contractual obligations) |
| Marketing data | Until you unsubscribe or withdraw consent |
| Website analytics | Aggregated and anonymous — no personal data retained |
| Financial records | 6 years (as required by HMRC) |
You may request earlier deletion of your data at any time.
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — ask us to correct inaccurate or incomplete data
- Right to erasure — ask us to delete your personal data (where there is no compelling reason to continue processing)
- Right to restrict processing — ask us to limit how we use your data
- Right to data portability — receive your data in a structured, commonly used format
- Right to object — object to processing based on legitimate interest or for direct marketing
- Automated decision-making — we do not make solely automated decisions that significantly affect you
To exercise any of these rights, email hello (at) pyperai.co.uk. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully. You can contact the ICO at ico.org.uk or on 0303 123 1113.
9. Data Security
We take the security of your data seriously and implement appropriate technical and organisational measures, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls limiting data access to authorised personnel only
- Regular security reviews of our systems and processes
- Use of enterprise-grade, private AI infrastructure (not consumer AI tools) for all client work
- Secure deletion of client data upon project completion (unless retention is required)
Our website is hosted on Cloudflare Pages with SSL encryption. Our backend services run on DigitalOcean servers. Chat data and lead information are stored securely on our servers with access restricted to authorised personnel only.
10. Data Breaches
In the event of a personal data breach that poses a risk to individuals’ rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, as required under UK GDPR Article 33. Where a breach is likely to result in a high risk to individuals, we will also notify those individuals directly without undue delay.
We maintain an internal record of all data breaches, including those that do not require notification.
11. Cookies
We do not use tracking cookies. Our analytics tool (Umami) is cookieless. Cloudflare may set a strictly necessary security cookie (__cf_bm) to protect against automated abuse. This cookie does not track your browsing activity and is exempt from consent requirements under UK GDPR.
For full details, please see our separate Cookie Policy.
12. Children
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.
14. Contact
If you have any questions about this privacy policy or how we handle your data, please contact us at hello (at) pyperai.co.uk. For data protection queries specifically, you can also contact us at suzanne (at) pyperai.co.uk.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: ico.org.uk
Telephone: 0303 123 1113