Privacy policy.

Last updated: 24 October 2025

This Privacy Policy explains how Promptly Done ("we", "us") collects, uses and shares personal information. We comply with the UK GDPR and Data Protection Act 2018. If you have questions, contact chris@promptlydone.uk.

1. Who We Are

Data Controller: Promptly Done a trading name of The Lead Ingredient Ltd
Contact: chris@promptlydone.uk
Registered address: 5 Augusta Park Way, Dinnington, Newcastle Upon Tyne, NE13 7FH

2. What We Collect

  • Website & Forms: name, email, company, phone, website URL, project details, and any content you submit (e.g., FAQs).

  • Checkout & Billing: billing details, VAT number (if provided), transaction identifiers (processed by Stripe).

  • Usage Data: site analytics, pages viewed, buttons clicked, browser/device, IP address (via our analytics/cookie tools).

  • Support & Communication: emails, call notes, chat transcripts.

3. How We Use Data (Purposes & Legal Bases)

  • Provide our services (build, deploy and manage your AI Agent) — Contract necessity.

  • Payments, invoicing and accountingContract / Legal obligation.

  • Security, abuse prevention and troubleshootingLegitimate interests.

  • Service improvement and analyticsLegitimate interests (we minimise data and use aggregated reports where possible).

  • Marketing (opt‑in)Consent. You can unsubscribe anytime.

4. Who We Share With (Processors/Sub‑processors)

We use trusted providers to run our service. These may include:

  • CustomGPT.ai (AI agent platform/hosting).

  • Stripe (payments), Squarespace (website host).

  • Email & Productivity (e.g., Google Workspace or Microsoft 365).

  • CRM & Marketing (e.g., HubSpot or Beacon), calendar/booking (e.g., Calendly/HubSpot Meetings).

  • Automation (e.g., Zapier/Make) and analytics (e.g., Google Analytics).
    We require these providers to protect personal data and act only on our instructions. Links to their privacy information are available on their websites.

5. International Transfers

Some providers store data outside the UK/EEA. Where they do, we rely on appropriate safeguards (e.g., UK Addendum to EU SCCs or other recognised mechanisms).

6. Cookies & Similar Technologies

We use cookies for essential site functions, analytics, and to improve your experience. On your first visit, a banner will ask for consent for non‑essential cookies. You can change preferences any time via our cookie settings link.

7. Data Retention

We keep personal data only as long as necessary:

  • Account and billing records: 7 years (accounting rules).

  • Project files and logs: usually up to 24 months after contract end, unless you ask for earlier deletion or we must retain for legal reasons.

  • Marketing contact data: until you unsubscribe or ask us to delete it.

8. Your Rights (UK GDPR)

You may have the right to access, rectify, erase, restrict, object, port your data, and withdraw consent for marketing/cookies. To exercise, email privacy@promptlydone.uk.
If we cannot resolve your concern, you can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

9. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and staff training. No method of transmission is 100% secure.

10. Children

Our services are for business users and not intended for children under 16. We do not knowingly collect children’s data.

11. Changes

We may update this Policy from time to time. We’ll post the new version here and update the “Last updated” date. Material changes may also be notified by email.

12. Contact

Questions about this Policy? Email chris@promptlydone.uk.