Privacy Policy

1. About Us

Eighty Eight AI Limited is a UK-based company (company registration 16254924) that provides AI-powered workflow automation for businesses. We are committed to protecting your privacy and handling your personal data in accordance with UK GDPR and data protection laws.

2. Information We Collect

2.1 When You Visit Our Website

• Contact information you provide through forms (name, email address, company details)
• Technical information (IP address, browser type, pages visited)
• Cookies and similar tracking technologies

2.2 When You Use Our Services

• Customer account information and billing data
• Authentication tokens and login credentials
• Communications processed through our automation workflows
• Service usage analytics and system logs

2.3 End-Customer Data (When We Act as Data Processor)

When providing automation services to our business customers, we may process personal data contained in their inbound communications, including:

• Names and contact details
• Message content and communication history
• Any other information voluntarily shared in customer communications

3. How We Use Your Information

3.1 Website Visitors

• To respond to your enquiries and provide information about our services
• To send marketing communications (with your consent)
• To improve our website and services
• For security and fraud prevention

3.2 Service Customers

• To provide and deliver our AI automation services
• To maintain customer accounts and process billing
• To analyse and improve our services
• For customer support and technical assistance

3.3 End-Customer Data Processing

• To analyse inbound queries and generate appropriate responses
• To maintain context and continuity in automated workflows
• To integrate with connected tools and systems
• For aggregated, anonymised research and service improvement

4. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract Performance (Article 6(1)(b)): For service delivery, authentication, and core automation functions
• Legitimate Interests (Article 6(1)(f)): For email analysis, workflow optimisation, system security, and business development
• Consent: For marketing communications and non-essential cookies

5. Data Controller vs Data Processor Roles

5.1 We Act as Data Controller for:

• Website visitor information and enquiries
• Customer account information and billing data
• Authentication tokens and system access
• Service usage analytics and marketing preferences

5.2 We Act as Data Processor for:

• End-customer communications processed through our automation workflows
• Third-party integrations processed per customer instructions

5.3 Joint Controller Situations:

• AI-powered analysis and insights
• Workflow optimisation decisions based on usage patterns

6. Data Storage and International Transfers

Personal data is stored and processed in:

• Netherlands (GCP europe-west-4)
• Ireland (AWS eu-west-1)
• United Kingdom (AWS eu-west-2)

All data processing occurs within the European Economic Area, ensuring adequate protection under UK GDPR.

7. Third-Party Processors

We engage carefully selected third-party processors, all compliant with data protection standards:

• Netcup GmbH (Germany/Netherlands): Hosting of dedicated customer servers
• Pinecone Systems Inc. (Ireland/Netherlands): Vector database storage for AI memory
• Supabase Inc. (United Kingdom): Authentication and encrypted storage
• OpenAI Ireland Ltd (Ireland): AI processing with 30-day retention limit and EU-based processing

8. Data Retention

• Authentication tokens: Retained during service provision, deleted upon termination
• Website enquiries: Retained for 3 years unless otherwise requested
• Email processing data: Personal data removed before long-term storage
• AI processing: Maximum 30-day retention by OpenAI Ireland Ltd
• Vector embeddings: Anonymised data retained for service improvement
• System logs: Automatically purged after defined security monitoring periods

9. Your Rights

Under UK GDPR, you have the following rights:

• Right to Access: Request records of what personal data we process
• Right to Rectification: Update incorrect or outdated personal data
• Right to Erasure: Request deletion of stored personal data
• Right to Restrict Processing: Temporarily pause processing of your personal data
• Right to Data Portability: Receive your data in exportable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at security@eightyeight.ai

10. Data Security

We implement comprehensive security measures including:

• AES-256 encryption for data at rest and in transit
• SOC 2 Type II certified infrastructure
• Access controls and authentication systems
• Regular security monitoring and auditing
• Secure deletion procedures ensuring data cannot be recovered

11. Cookies and Tracking

Our website uses cookies for:

• Essential functionality and security
• Analytics to improve our services
• Marketing (with your consent)

You can manage cookie preferences through your browser settings.

12. Marketing Communications

We may send you marketing communications about our services if:

• You have given explicit consent, or
• You are an existing customer and we have legitimate interests

You can unsubscribe at any time using the links in our emails or by contacting us.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through our website.

14. Contact Us

For any questions about this privacy policy or our data practices:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).