TELOS
Template only. Have this reviewed by a UK-qualified solicitor or data protection specialist before publishing. Ensure it accurately reflects your actual data practices at the time of launch.

Privacy Policy

Last updated: [DATE]

ICO Registration Number: [ADD ONCE REGISTERED AT ico.org.uk]

Who we are

Telos AI is the trading name of William Robert Gouldsmith, a sole trader registered in England.

  • Data controller: William Robert Gouldsmith, trading as Telos AI
  • Address: [YOUR ADDRESS]
  • Email: william.gouldsmith@telosai.co.uk
  • Website: telosai.co.uk

We are registered with the Information Commissioner’s Office (ICO) as a data controller. For questions about this policy or your personal data, contact us at the email above.

What personal information we collect

Information you give us directly

  • Your name and business name
  • Your email address and phone number
  • Your job title or role
  • The content of any message, enquiry, or form submission
  • Any information you provide when creating a portal account (business name, contact name, phone, email, password)
  • Information provided during onboarding (business details, current tools, operational challenges, service preferences)

Information collected automatically when you visit our website

  • Your IP address
  • Browser type, version, and device type
  • Pages visited, time spent, and navigation path
  • Referring website or search term
  • General location at country and region level, derived from your IP address

Information collected through the client portal

  • Login credentials (email and encrypted password, managed via Supabase Auth)
  • Business performance data, leads, and metrics you or we enter on your behalf
  • Communications and change requests submitted through the portal
  • Billing and payment records

We do not collect special category data (health, financial, biometric, or similar sensitive information) through this website or portal.

How we use your information and our lawful basis

Under UK GDPR, we rely on the following lawful bases:

PurposeData usedLawful basis
Responding to enquiries and contact form submissionsName, email, message contentLegitimate interests
Assessing whether our services suit your needsAll enquiry dataLegitimate interests
Delivering the services you have engaged us forAll client and portal dataContract performance
Managing billing and paymentsBusiness details, payment recordsContract performance
Maintaining the security and integrity of the portalAuth and login dataLegitimate interests
Improving the website and understanding how it is usedAnalytics dataLegitimate interests
Complying with legal obligations (tax records, etc.)Financial recordsLegal obligation
Sending marketing communicationsEmail addressConsent only

We will never send you marketing emails unless you have explicitly opted in. You can withdraw consent at any time by emailing us.

Third parties who process your data

To deliver our services and operate our website, we use the following third-party processors. Each has been assessed for UK GDPR compliance:

ProviderPurposePrivacy information
SupabaseSecure database, authentication, and portal infrastructuresupabase.com/privacy
StripeProcessing payments and managing billingstripe.com/gb/privacy
VercelHosting this website and portalvercel.com/legal/privacy-policy
Google (Workspace and Analytics)Business email, calendar, and optional website analyticspolicies.google.com/privacy
Anthropic / OpenAI / third-party AI providersProviding AI-powered automations to clients (data shared only as necessary to deliver agreed services)anthropic.com/legal/privacy
Cal.com or Google CalendarManaging consultation and client meeting bookingscal.com/privacy

We do not sell, rent, or share your personal data with any third party for their own marketing purposes. We only share data with processors as necessary to deliver the services you have engaged us for.

Where processors are based outside the UK, we ensure adequate safeguards are in place, including UK adequacy decisions or Standard Contractual Clauses.

How long we keep your information

DataRetention period
Website enquiries that did not become engagements12 months from the enquiry date
Client portal and service delivery data6 years from the end of the engagement
Financial records and invoices6 years (HMRC requirement)
Marketing consent recordsUntil consent is withdrawn, plus 12 months
Website analytics dataAs configured in the analytics platform (typically 26 months)

After the applicable period, data is securely deleted or anonymised.

Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erasure (the right to be forgotten) in certain circumstances
  • Restrict how we process your data in certain circumstances
  • Data portability, where technically feasible
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where we rely on consent

To exercise any right, email us at william.gouldsmith@telosai.co.uk. We will respond within one calendar month.

If you are not satisfied with how we handle your data, you have the right to complain to the ICO at ico.org.uk/make-a-complaint or by telephone on 0303 123 1113.

Cookies

We use cookies on this website. For full details of which cookies we use and how to control them, see our Cookie Policy.

Changes to this policy

We update this policy when our practices change. The date at the top of this page reflects the most recent update. Material changes will be noted on the website.

Contact us

William Robert Gouldsmith, trading as Telos AI

Email: william.gouldsmith@telosai.co.uk

Address: [YOUR ADDRESS]