Voodoo AIVoodoo AI
Legal

Privacy Policy

This policy explains how Voodoo AI collects, uses, and protects your personal data. We are committed to transparency and compliance with the UK General Data Protection Regulation (UK GDPR).

Last updated: April 2026

1. Who we are

Voodoo AI is a UK-based technology consultancy specialising in AI systems, cloud infrastructure, data engineering, and web application development. We operate under the laws of England and Wales.

For data protection purposes, Voodoo AI is the data controller of any personal information submitted through this website or provided during the course of our business relationship.

2. Information we collect

We collect and process the following categories of personal data:

  • Contact details — name, email address, phone number, and company name, provided through our enquiry forms, consultation bookings, or direct correspondence.
  • Business information — job title, industry, company size, and service interests to help us assess project fit and allocate the right expertise.
  • Project details — technical requirements, budgets, timelines, and other information you choose to share during scoping discussions.
  • Technical data — IP address, browser type, device information, and cookies used for website performance analytics and security purposes.
  • Communication records — emails, meeting notes, and call recordings (where consent is obtained) related to our engagement.

We do not collect special category data (such as health, racial, or religious information) unless explicitly required for a specific engagement and with your explicit consent.

3. How we use your information

We process personal data for the following lawful purposes:

  • To respond to enquiries — using your contact details to reply to consultation requests, technical audits, or general questions about our services.
  • To deliver services — managing the client relationship, project delivery, invoicing, and ongoing support during and after an engagement.
  • To improve our services — analysing website usage patterns and feedback to enhance user experience and service offerings.
  • For legal compliance — maintaining records for tax, accounting, and regulatory obligations under UK law.
  • With your consent — sending occasional updates, insights, or event invitations where you have opted in. You may withdraw consent at any time.

4. Legal basis for processing

Under UK GDPR, we rely on the following legal bases to process personal data:

  • Contractual necessity — processing required to perform our services or take steps at your request before entering a contract.
  • Legitimate interests — managing our business operations, improving services, and ensuring website security, provided these interests do not override your rights.
  • Legal obligation — compliance with tax, employment, and company law requirements.
  • Consent — for marketing communications and optional data processing where none of the above bases apply.

5. How we share your data

Voodoo AI does not sell or rent personal data. We only share information in the following limited circumstances:

  • Service providers — trusted third parties who assist in delivering our services, such as cloud hosting providers, email delivery services (Postmark), and payment processors. All are bound by data protection agreements.
  • Subcontractors — specialist engineers or consultants engaged on a specific project, under confidentiality and data processing agreements.
  • Legal requirements — when required by law, court order, or regulatory authority.

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as UK-approved standard contractual clauses.

6. Data retention

We retain personal data only for as long as necessary for the purposes outlined in this policy:

  • Enquiry data — retained for 24 months from last contact, unless you request deletion earlier.
  • Client project data — retained for the duration of the engagement plus 7 years for legal and accounting purposes.
  • Website analytics — retained for 26 months in anonymised form.
  • Marketing data — retained until you unsubscribe or withdraw consent.

7. Your rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your data where there is no compelling reason for continued processing.
  • Right to restrict processing — request that we suspend processing of your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format and transfer it to another controller.
  • Right to object — object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the details below. We will respond within one month of receiving your request.

8. Data security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction:

  • SSL/TLS encryption for all data transmitted via our website
  • Secure, access-controlled cloud infrastructure for data storage
  • Role-based access controls limiting who can view client data
  • Regular security reviews and penetration testing
  • Staff training on data protection and confidentiality obligations

9. Cookies and tracking

Our website uses cookies and similar technologies for the following purposes:

  • Essential cookies — required for the website to function, such as maintaining session state and security tokens.
  • Analytics cookies — Google Analytics (if enabled) helps us understand how visitors interact with our site. You can opt out via your browser settings or Google's opt-out tool.
  • Preference cookies — remember your settings and choices for future visits.

You can manage or disable cookies through your browser settings. Please note that disabling essential cookies may affect website functionality.

10. AI and automated processing

As an AI consultancy, we may use automated tools to analyse project requirements, assess technical feasibility, or support service delivery. We do not use automated decision-making that produces legal or similarly significant effects on individuals without human oversight.

Where AI systems process personal data on behalf of clients, we act as a data processor under a formal Data Processing Agreement that defines roles, responsibilities, and safeguards.

11. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can address the issue.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.ukor by calling their helpline on 0303 123 1113.

12. Contact us

For privacy-related enquiries, data subject access requests, or to exercise your rights, please contact:

Voodoo AI

Email: support@voodooai.co.uk

Website: voodooai.co.uk