Privacy Policy.

1. Who We Are (Data Controller)

  • Company Name: Bamboo AI Limited (referred to as "we", "us", or "our").

  • Company Number: 16700776

  • Registered Address: 43 Franche Court Road, SW17 OJX

  • Contact Email: founders@wearebambooai.com

  • Our Role: We are the Data Controller for the personal data collected through our website and marketing channels. This means we determine the purposes and means of processing that data.

  • Compliance: We are committed to protecting your data in accordance with the UK General Data Protection Regulation (GDPR) and other applicable laws.

2. The Data We Collect About You

We primarily collect basic personal data that you provide to us directly through forms on our website.

  • Identity Data: Your Name (First & Last).

  • Contact Data: Your Email Address and, optionally, your phone number.

  • Enquiry Data: Details of your message or the nature of your project/enquiry.

  • Technical Data: Limited information about your device and how you use our website (e.g., IP address, browser type) collected through basic website analytics.

3. How Your Personal Data is Collected

We only collect data directly from you when you:

  • Fill in a contact or enquiry form on our website.

  • Subscribe to a newsletter or mailing list.

  • Correspond with us by email or phone.

  • Interact with our website via essential tracking tools (cookies/analytics).

4. The Legal Basis for Processing Your Data

We will only use your personal data when the law allows us to. Our primary legal grounds for processing are:

  • Legitimate Interest:

    • To respond to your enquiry and manage pre-contractual discussions (our interest in growing our business and answering your questions).

  • Consent:

    • To send you marketing and newsletters about our services (You must give us clear consent via a checkbox for this).

    • Note: You may withdraw this consent at any time.

  • Legal Obligation:

    • For internal administrative tasks, compliance with legal requirements (e.g., tax, accounting), and internal record-keeping.

5. How We Store and Share Your Data

  • Data Security: Your data is stored securely using services like Google Workspace and our website host. We implement appropriate technical and organisational security measures to protect your data from accidental loss or unauthorised access.

  • Data Retention: We only retain your personal data for as long as necessary to fulfil the purposes we collected it for, or as required by legal, accounting, or reporting obligations.

  • Third-Party Sharing: We may share your data with essential third-party service providers (e.g., our website host, email marketing platform) but only for the purpose of running our business. We ensure all such parties have contracts in place to treat your data securely and lawfully.

6. Crucial Distinction: Client Operational Data (Our Consulting Work)

This section defines the roles when we are delivering an AI automation project for you:

  • Client Data Control: You remain the sole Data Controller and/or Processor for all of your own client data and business operational data (e.g., customer names, sales figures, CRM contents).

  • Our Limited Access: We do not use our own platform accounts (Zapier, Make, etc.) to process your operational data. We only build automations within your own systems and accounts.

  • Temporary Processor Status: We will only have temporary, defined access to your systems as a Data Processor for the duration of the build/setup (as defined in our Statement of Work or Master Services Agreement).

  • Data Retention: We do not store or retain this operational or client data after the project is complete and access is formally revoked.

7. Your Rights

Under GDPR, you have the right to contact us to:

  • Request Access to the personal data we hold about you.

  • Request Rectification of any incomplete or inaccurate data we hold.

  • Request Erasure of your personal data (the 'right to be forgotten').

  • Object to Processing where we are relying on a legitimate interest.

  • Request Restriction of processing your personal data.

  • Request the Transfer of your personal data to another party (data portability).

  • Withdraw Consent at any time where we are relying on consent (e.g., for marketing).

To exercise any of these rights, please contact us at founders@wearebambooai.com.

8. Complaints

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.