1. Who We Are
Generative Solutions UK ("we", "us", "our") is the data controller for personal data processed through this website and our services (GenAxiom, CrystalClear, Gen-Receptionist). For data protection enquiries, contact us at privacy@generativesolutions.uk.
2. Information We Collect
We collect information you provide directly when you:
- Create an account: Name, email address, company name, phone number
- Make a purchase: Billing information (processed by Stripe/GoCardless - we do not store card numbers)
- Contact support: Support ticket content, chat messages
- Use our services: Usage data, provisioned service credentials
We also automatically collect:
- Log data: IP address, browser type/version, pages visited
- Security data: Login attempts, audit trail of account actions
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Providing and managing your account and services | Contract performance |
| Processing payments and issuing invoices | Contract performance |
| Responding to support requests (including AI-assisted triage) | Contract performance / Legitimate interest |
| Security monitoring, fraud prevention, audit logging | Legitimate interest |
| Retaining financial records for tax compliance | Legal obligation (UK tax law) |
| Sending marketing communications (with consent) | Consent |
4. AI-Powered Support
We use AI technology (provided by Anthropic, Inc.) to help triage and respond to support tickets and live chat queries. When you submit a support request or chat message, the content may be processed by Anthropic's AI models to classify, prioritise, and draft responses. AI-generated responses are clearly labelled. You can request human-only support at any time by asking in your ticket.
5. Data Sharing & Third Parties
We share personal data with the following categories of third parties, solely for the purposes described:
- Stripe, Inc. (US) - Payment processing. Protected by UK-US Data Bridge and Standard Contractual Clauses.
- GoCardless Ltd (UK) - Direct Debit payment processing.
- Anthropic, PBC (US) - AI support processing. Protected by UK-US Data Bridge and Standard Contractual Clauses. Zero data retention policy.
- Google LLC (US) - Font delivery via Google Fonts (IP address only).
See our full Sub-processor List for details.
6. International Data Transfers
Some of our sub-processors are based in the United States. For these transfers, we rely on the UK-US Data Bridge and/or Standard Contractual Clauses (SCCs) approved by the ICO to ensure an adequate level of protection for your data.
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected:
- Account data: Duration of account + 30 days
- Financial records: 6 years (UK tax law)
- Support tickets: 2 years from resolution
- Chat sessions: 6 months
- Audit logs: 2 years (IPs anonymised after 90 days)
- Login attempts: 90 days
See our full Data Retention Policy for details.
8. Your Rights (UK GDPR)
Under UK data protection law, you have the following rights:
- Right of access - Download a copy of all your personal data from your Account page
- Right to rectification - Update your personal details from your Account page
- Right to erasure - Delete your account and associated personal data
- Right to data portability - Export your data in machine-readable JSON format
- Right to restrict processing - Contact us to restrict how we use your data
- Right to object - Object to processing based on legitimate interest
- Right to withdraw consent - Manage your email preferences at any time
To exercise any of these rights, use the self-service tools in your account or email privacy@generativesolutions.uk. We will respond within one month.
9. Cookies
We use strictly necessary cookies for session management, security, and storing your cookie preferences. We do not use analytics or marketing cookies. See our Cookie Policy for full details.
10. Data Security
We implement appropriate technical and organisational measures including:
- Encryption in transit (TLS 1.2+) and at rest for sensitive data
- Password hashing with bcrypt
- Rate limiting and account lockout protection
- CSRF protection on all forms
- Comprehensive audit logging
- Regular security reviews
11. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email to your registered address. The "Last updated" date at the top indicates when this policy was last revised.
13. Contact
For all privacy-related queries:
- Email: privacy@generativesolutions.uk
- Post: Generative Solutions UK, Data Protection Team