Privacy Policy
Circadian AI(“we”, “our”, or “us”) operates the website circadian.co.uk and is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
1. Information we collect
We collect personal data when you interact with us, including when you visit our website, communicate with us, or use our services. The types of personal information we may collect include:
- Contact information: name, email address, phone number, and company name.
- Technical information: IP address, browser type, device identifiers, and cookies.
- Service usage data: information about how you use our services, including interaction data, analytics, and log files.
- Project data: documents, transcripts, credentials and system access you share with us so we can build the automations we've been engaged to deliver.
- Marketing data: information related to your preferences and interactions with marketing communications.
- Billing information: payment details, billing address, and financial data (for clients).
2. Purpose of data collection
We collect and process personal data for the following purposes:
- To provide our AI automation services, including workflow automation, AI integrations, internal RAG systems, and AI training.
- To build, test, and maintain automations we've been engaged to deliver for you.
- To improve our services and optimise client outcomes.
- To communicate with you about our services, including sending invoices, notices, updates, and marketing materials.
- To comply with legal obligations, such as tax reporting, UK GDPR, CCPA, and contractual obligations.
3. Legal basis for processing (UK GDPR)
We rely on the following legal grounds for processing personal data:
- Contractual necessity: when we process personal data to provide our services or fulfil a contract with you.
- Consent: when we obtain your explicit consent for certain processing activities, such as marketing communications.
- Legitimate interests: for purposes such as improving our services and communicating with clients, where our legitimate interests do not override your rights.
- Legal obligation: when processing is necessary to comply with legal obligations (for example, tax reporting).
4. Your data protection rights (UK GDPR and CCPA)
You have several rights regarding your personal data, including:
- Right to access: you may request a copy of the personal data we hold about you.
- Right to rectification: you have the right to request corrections to any inaccurate or incomplete data.
- Right to erasure: you may request that we delete your personal data, subject to certain legal exceptions.
- Right to restrict processing: you can request that we limit the processing of your personal data in certain circumstances.
- Right to data portability: you have the right to receive your personal data in a structured, commonly used format and transfer it to another provider.
- Right to object: you can object to processing your data in certain circumstances, such as direct marketing.
- CCPA: California residents can also request details about the categories of personal information we collect, how we use it, and the specific pieces of data collected. You may also request the deletion of your data and opt out of the sale of personal information (if applicable).
5. Data sharing
We only share your data with third parties when necessary to provide our services or comply with legal obligations. This includes:
- Service providers: third-party companies that assist us in delivering our services (e.g., hosting, cloud AI providers, payment processors, email, CRM).
- AI model providers: where an automation we build for you relies on a foundation model (for example Anthropic, OpenAI, or Google), content you or your users submit may be sent to those providers under their zero-retention or standard processing terms. We will tell you which providers are used for your engagement.
- Legal requirements: we may disclose your data if required by law or legal process.
- Business transfers: in the event of a merger, acquisition, or sale, your data may be transferred to new ownership.
6. Data security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. This includes encryption in transit, access controls, principle-of-least-privilege for client system credentials, and secret rotation after an engagement ends. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
7. International data transfers
If we transfer your personal data outside of the United Kingdom or the European Economic Area, we will ensure that the transfer is subject to appropriate safeguards, such as the UK International Data Transfer Agreement, Standard Contractual Clauses, or a similar data protection mechanism.
8. Data retention
We retain personal data only as long as necessary to fulfil the purposes for which it was collected or to comply with legal obligations. Client project data is retained for the duration of the engagement plus a reasonable handover window, after which it is deleted or returned on request.
9. Cookies and tracking technologies
We use cookies and similar tracking technologies to improve the functionality of our website and collect analytics data. You can control cookie preferences through your browser settings.
10. Updates to this Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website with a revised “Effective Date”.
Contact us
For any questions or concerns regarding your data or this Privacy Policy, please contact us at:
- Email: nilesh@circadian.co.uk
- Company: Circadian Ai is a trading name of Circadian Digital Limited, registered in England and Wales (company no. 13920774).
- Registered office: 40 Fencepiece Road, Ilford, England, IG6 2JX