Privacy Policy

Last updated: March 2026

1. Who We Are

IFTIN is a UK AI automation agency operating in England. We design, build, and deploy custom automation systems for businesses. We are the data controller for all personal data collected through this website and in the course of delivering our services.

For any questions about how we handle your data, contact us at info@iftin.co.uk. We aim to respond to all privacy enquiries within 5 working days.

2. Data We Collect

We collect only what is necessary to respond to your enquiry or deliver the service you have engaged us for. This includes:

  • Contact and enquiry data: Your name, email address, company name (if provided), and the content of your message when you submit a contact form or email us directly.
  • Project and engagement data: Business information, process details, tool access credentials (where required), and any data you share with us in the course of an active project. This data is used solely to deliver the agreed work.
  • Payment data: Billing details associated with invoices and payments. Card and payment instrument data is handled directly by our payment processor — we never see or store your full card details.
  • Communication data: Emails, messages, and records of correspondence exchanged during the course of our working relationship.

We do not purchase data from third parties, run advertising campaigns, or use tracking pixels and behavioural profiling tools.

3. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

  • Legitimate interests — responding to enquiries, managing business relationships, and protecting our systems and services from misuse.
  • Contract performance — processing data that is necessary to deliver the services set out in your project agreement or retainer.
  • Legal obligation — retaining financial records as required by HMRC and applicable UK tax law.
  • Consent — where you have explicitly agreed to a specific use of your data, such as receiving updates or communications beyond the scope of your project.

4. How We Use Your Data

Your data is used only for the following purposes:

  • To respond to your enquiry and assess whether we can help
  • To scope, build, test, and deliver your agreed automation project
  • To communicate about project progress, milestones, and handover
  • To issue invoices and manage payment for our services
  • To comply with our legal and regulatory obligations

We do not send unsolicited marketing communications. We do not sell, rent, or share your personal data with third parties for any commercial purpose.

5. How We Handle Client Data During Project Delivery

When building automation systems, we may require temporary access to your business tools — for example, your CRM, email platform, or internal systems — in order to configure, connect, and test workflows. We treat all access and data encountered during this process with strict confidentiality.

  • Access is limited to what is strictly necessary to complete the agreed work.
  • Client business data is never used for any purpose outside the scope of the project.
  • Credentials and sensitive access details are not stored beyond the active engagement period.
  • On project completion, any temporary access we hold is revoked or handed back to you.

Where a project involves handling significant volumes of personal data belonging to your customers or staff, we are willing to enter into a Data Processing Agreement (DPA) on request. Contact us to discuss this before your project begins.

6. Third-Party Processors

To operate our website and deliver our services, we use a small number of trusted third-party services. These include providers for website hosting, email delivery, payment processing, and AI-assisted tooling. Each provider is contractually required to handle data securely and in line with applicable data protection law.

We do not share your personal data with any third party beyond what is operationally necessary to deliver the service you have requested.

If you would like a full list of the specific third-party processors we currently use, please contact us at info@iftin.co.uk and we will provide this on request.

7. Data Retention

We retain personal data only for as long as is necessary for the purpose it was collected or as required by law:

  • Enquiries and contact submissions: Retained for up to 2 years from the date of submission, or until you request deletion — whichever comes first.
  • Active project data: Retained for the duration of the engagement plus 12 months following completion.
  • Financial and payment records: Retained for 7 years as required by HMRC regulations.
  • Communication records: Retained for up to 3 years from the date of last contact, for reference in the event of disputes or queries.

Once data is no longer required and retention periods have elapsed, it is securely deleted.

8. Cookies

This website uses only essential functional cookies — the minimum required for the site to operate correctly. No advertising, tracking, or analytics cookies are set.

  • Session cookies: Maintain your session state while you browse. These expire when you close your browser.
  • Security tokens: Protect form submissions from cross-site request forgery. No personal data is stored in these tokens.

Because we do not use non-essential cookies, we do not require a cookie consent banner. If this changes, this policy will be updated and a consent mechanism introduced.

9. Automated Decision-Making

We use AI tools to assist with internal operations such as drafting communications and processing enquiries. However, no decision that has a legal or similarly significant effect on any individual is made solely by automated means. All consequential decisions involving your data are reviewed by a human before any action is taken.

10. International Transfers

Some of the third-party services we use may process data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) or transfers to countries with an adequacy decision under UK data protection law — before any data is transferred.

11. Security

We take the security of your data seriously and apply both technical and organisational measures proportionate to the risk:

  • All data in transit is encrypted using HTTPS/TLS.
  • Access to systems containing personal data is restricted to authorised personnel only.
  • Passwords and credentials are stored using strong, industry-standard hashing.
  • Public-facing systems are protected by rate limiting and abuse controls.
  • Access credentials shared during project delivery are handled under strict confidentiality.

No system is completely immune to breach, but we take every reasonable step to prevent unauthorised access. In the event of a data breach that poses a risk to individuals, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected parties without undue delay.

12. Children's Data

Our services are directed exclusively at businesses and business professionals. We do not knowingly collect personal data from individuals under the age of 13. If you believe we have inadvertently received data from a minor, please contact us immediately and we will delete it.

13. Your Rights (UK GDPR)

Under UK GDPR, you have the following rights in relation to your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of any inaccurate or incomplete data.
  • Erasure — request deletion of your data where there is no longer a lawful reason to retain it.
  • Restriction — request that we limit how we process your data in certain circumstances.
  • Portability — request your data in a structured, machine-readable format where technically feasible.
  • Objection — object to processing carried out on the basis of legitimate interests.
  • Withdraw consent — where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email info@iftin.co.uk. We will respond within 30 days. We may ask you to verify your identity before acting on a request.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

14. Changes to This Policy

We may update this policy from time to time to reflect changes in our operations, legal obligations, or the tools we use. The current version will always be published on this page with the date it was last updated. For active clients, we will notify you of any significant changes by email before they take effect.

15. Contact

For any privacy-related queries, requests, or concerns, contact us at info@iftin.co.uk. We take data protection seriously and will treat all enquiries with care and urgency.