Skip to main content
Legal

Privacy Policy.

Last updated: 11 May 2026

1. Overview

This policy explains how Kaizen AI Solutions Ltd ("Kaizen", "we") handles personal data when you visit kaizenai.co.uk, book a discovery call, or work with us as a client.

It is written in plain English. Where legal terms matter, we explain them.

2. Who We Are

Kaizen AI Solutions Ltd

  • Registered in England & Wales — Company No. 16581268
  • Registered office: 128 Turner Avenue, Gosport, Hampshire, PO13 0BX
  • ICO registration: ZC141029
  • Contact: harvey@kaizenai.co.uk

Harvey Woodford, founder, is the point of contact for any data protection question. We don't appoint a separate Data Protection Officer — at our scale, UK GDPR doesn't require one.

3. What This Policy Covers

This policy covers personal data we process about:

  • Visitors to kaizenai.co.uk
  • Prospects who book a discovery call or contact us before signing a contract
  • Clients in their interactions with us as a business (not the data we handle on their behalf during a build)

Personal data we process on a client's behalf during a build engagement is governed by the Data Processing Agreement signed alongside the Statement of Work, not this policy.

4. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you (a Subject Access Request)
  • Correct data that's wrong or incomplete
  • Erase data ("right to be forgotten") where applicable
  • Restrict processing while you contest it
  • Receive a portable copy of your data
  • Object to processing based on legitimate interest
  • Withdraw consent where we rely on it
  • Not be subject to automated decisions producing legal or similarly significant effects on you (see Section 7)
  • Complain to the ICO at any time, with no need to come to us first — Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF — 0303 123 1113 — ico.org.uk

To exercise any of these, email harvey@kaizenai.co.uk. We respond within one month (extendable by two months for complex requests, with notice within the first month).

5. What We Collect, Why, and Our Lawful Basis

Personal data we collect, why we collect it, and the lawful basis under UK GDPR Article 6
WhatWhyLawful basis (UK GDPR Art. 6)
Name, email, phone, business name, job title (when you book a discovery call or email us)To prepare for and run the call, follow up afterwardsLegitimate Interest — you initiated contact
Discovery-call notes and transcripts (when you consent to recording)To understand your business and decide whether we can helpLegitimate Interest — you came to us for advice
Project requirements and engagement communications (after we sign a contract)To deliver the work you've contracted us to doContract
Billing details (when invoiced)To collect fees and meet HMRC obligationsContract + Legal Obligation (UK tax law requires 6-year retention)
IP address, browser type, security logsTo keep the site secure and detect misuseLegitimate Interest

On Legitimate Interest: before relying on this basis we apply a three-part test — is there a real interest, is the processing necessary, does our interest balance against your rights. You can always object — email us and we'll review.

We don't currently send marketing communications. We don't process special category data (health, ethnicity, religion, etc.) without explicit written agreement.

6. Cookies

We don't set non-essential cookies on kaizenai.co.uk. We don't run analytics, advertising pixels, or tracking scripts. Strictly necessary cookies may be used to make the site function.

If this changes, we'll publish a Cookies Policy and consent banner in line with current ICO guidance.

7. AI Processing Notice

This section explains how AI features in our work with you.

Where we use AI in interactions with you:

  • Drafting emails and proposals
  • Summarising meeting notes and transcripts (with your consent to recording)
  • Researching prospective clients before a call (publicly available information only)

What we don't do:

  • We don't use your personal data to train AI models.
  • We don't make automated decisions about you that produce legal or similarly significant effects without human review. Any quote, recommendation, or proposal AI helps generate is reviewed by Harvey before it reaches you.

You have rights under UK GDPR Article 22 in relation to automated decision-making. If you ever feel a decision affecting you was made by AI without human review, contact us — we'll investigate.

8. Who We Share Data With

We share data only with third-party service providers who help us run the business, and only as much as they need. Categories include hosting, scheduling, email, meeting-notes, CRM, payments, accounting, and AI processing.

We maintain an internal Record of Processing Activities (RoPA) that names every sub-processor — available to the ICO on request and to clients on request as part of their DPA.

We don't sell your data. We don't share it with advertisers. We don't share it with anyone outside the categories above without your consent or a legal obligation.

9. Where Data Is Stored and International Transfers

We store data in the UK and EEA wherever possible. Some service providers operate from the United States. Where transfers leave the UK/EEA, we rely on:

  • An adequacy decision (e.g. the UK-US Data Bridge for certified US providers), or
  • The UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses

We apply appropriate technical and organisational measures to keep data secure, in line with UK GDPR Article 32.

10. How Long We Keep Data

How long we keep each type of personal data
DataRetention
Discovery-call enquiries that don't progress12 months from last contact
Active client engagement recordsDuration of engagement + 6 years (HMRC requirement)
Invoicing and financial records6 years from end of tax year (HMRC requirement)
Website security logs90 days

If you ask us to delete data and we have a legal obligation to keep it (e.g. tax records), we'll explain why and confirm when we can.

11. Contact and Changes

For any data protection question or request:

We may update this policy as the business changes. Material changes will be notified by email to anyone we have contact details for. The "Last updated" date at the top always reflects the current version.

This policy is governed by the laws of England and Wales.