LEGAL
Privacy Policy
This policy explains what personal data Reality AI collects, why we collect it, how we use and protect it, and the rights you have over it under UK data protection law.
Last updated: [DATE — TO BE CONFIRMED]
Who we are
Reality AI is a UK-based AI consulting agency. We help organisations become AI-native — we assess where you are, train your teams, and transform your operations, powered by RealityOS. This policy applies to our website at www.aireality.io and to the personal data we handle in the course of enquiries, bookings, and our consulting engagements.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is:
Reality AI [REGISTERED COMPANY NAME — TO BE CONFIRMED]
Company number: [COMPANY NUMBER — TO BE CONFIRMED]
Registered office: [REGISTERED ADDRESS — TO BE CONFIRMED]
Contact: privacy@aireality.io
What data we collect
We only collect the personal data we need to respond to you, deliver our services, and run our website. In practice, that means:
Contact enquiries
When you complete a contact form on our website, we collect the information you choose to provide — typically your name, email address, company or organisation, and the content of your message. Our contact forms are handled by Formspree, which processes and forwards your submission to us.
Bookings and discovery calls
When you book a call or an assessment through our scheduling links, Calendly collects the details you provide — such as your name, email address, and any information you add to the booking — so we can confirm and hold the meeting.
Payments
When you purchase a service, payment is processed by Stripe. We do not see or store your full card details — Stripe handles card data directly as a PCI-DSS compliant payment processor. We receive confirmation of the transaction and the associated billing details needed to fulfil your order and meet our accounting obligations.
Analytics and technical data
Like most websites, we collect a limited amount of technical and usage data when you visit — such as pages viewed, approximate location (derived from IP address), device and browser type, and referring source. We use privacy-conscious analytics to understand how the site is used and to improve it. Where required, we ask for your consent before setting non-essential cookies (see the Cookies section below).
How we use your data
We use the personal data we collect to:
- respond to your enquiries and provide the information you ask for;
- arrange, confirm, and follow up on calls, assessments, and meetings;
- deliver, administer, and support the services you engage us for;
- process payments and keep accurate financial and tax records;
- understand how our website is used so we can improve it;
- send you service-related messages, and — where you have agreed or where the law allows — occasional updates about our services; and
- comply with our legal, regulatory, and contractual obligations.
We do not sell your personal data, and we do not use it to make solely automated decisions that produce legal or similarly significant effects about you.
Our legal basis for processing
Under UK GDPR we must have a lawful basis for processing your personal data. Depending on the situation, we rely on one or more of the following:
- Legitimate interests — to respond to your enquiries, run and secure our website, understand how it is used, and operate and promote our business, in each case balanced against your rights and freedoms.
- Contract — to take steps at your request before entering into a contract (for example, scoping an assessment) and to perform a contract once you engage us.
- Legal obligation — to meet our accounting, tax, and other legal requirements.
- Consent — for non-essential cookies and analytics, and for optional marketing communications. Where we rely on consent, you can withdraw it at any time without affecting processing carried out before withdrawal.
Who we share data with
We do not sell your personal data. We share it only with the service providers (processors) who help us run our business, and only to the extent needed for them to provide their service to us. These currently include:
- Formspree — processes and delivers contact-form submissions.
- Calendly — handles scheduling and booking details for calls and assessments.
- Stripe — processes payments and card data securely.
- Our analytics provider — provides website usage insights [NAME ANALYTICS PROVIDER — TO BE CONFIRMED].
Each of these providers acts on our instructions under a data processing agreement. We may also disclose personal data where required by law, to establish or defend legal claims, or in connection with a reorganisation or sale of our business.
Some of these providers may process data outside the UK. Where personal data is transferred internationally, we rely on appropriate safeguards recognised under UK data protection law — such as UK adequacy regulations or the International Data Transfer Agreement (or the UK Addendum to the EU Standard Contractual Clauses).
How long we keep it
We keep personal data only for as long as we need it for the purposes described in this policy, and then delete or anonymise it. In general:
- enquiry and booking data is kept while we are in contact with you and for a reasonable follow-up period afterwards;
- client and engagement records are kept for the duration of the engagement and for a period afterwards to meet contractual and legal requirements;
- financial and transaction records are kept for the period required by UK tax and accounting law (currently at least six years); and
- analytics data is retained in aggregated or limited form in line with our analytics provider's settings.
Our specific retention periods are set out in our internal retention schedule [RETENTION SCHEDULE — TO BE CONFIRMED] and are reviewed periodically.
Your rights
Under UK data protection law you have rights over your personal data. Subject to certain conditions and exemptions, you have the right to:
- be informed about how your data is used (this policy);
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased in certain circumstances;
- restrict or object to certain processing, including direct marketing;
- data portability, where processing is based on consent or contract; and
- withdraw consent at any time where we rely on it.
To exercise any of these rights, contact us at privacy@aireality.io. We will respond within the timeframes required by law and will not charge a fee unless your request is manifestly unfounded or excessive.
If you are unhappy with how we handle your data, you have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk. We would appreciate the chance to address your concerns first, so please do contact us.
Cookies
Cookies are small text files stored on your device when you visit a website. We use a small number of cookies and similar technologies:
- Essential cookies — needed for the site to work securely and reliably. These do not require consent.
- Analytics cookies — help us understand how the site is used so we can improve it. We set these only where you have given consent, if consent is required.
- Third-party cookies — embedded services such as Calendly may set their own cookies when you interact with them; these are governed by that provider's own privacy and cookie policies.
You can manage or block cookies through your browser settings, though some parts of the site may not work as intended if you do. Where we use a cookie consent tool, you can change your preferences at any time [COOKIE CONSENT TOOL / LINK — TO BE CONFIRMED].
How we protect your data
We take the security of your personal data seriously. We maintain technical and organisational measures — including access controls, encryption in transit, and vendor due diligence — designed to protect data against unauthorised access, loss, or misuse. Our practices are ISO 27001-aligned, and governance and compliance are built into how we work.
No method of transmission or storage is completely secure, but we work continuously to keep our safeguards appropriate to the risk.
Changes to this policy
We may update this policy from time to time to reflect changes in our practices or in the law. When we do, we will revise the "last updated" date at the top of this page. For significant changes, we will take reasonable steps to bring them to your attention.
GET IN TOUCH
Questions about your data?
If you have any questions about this policy or how we handle your personal data, we are happy to help.