Privacy Policy.

We collect the minimum personal data needed to do our work, we do not sell it, and you can ask us to delete it. This page explains the details under the UK GDPR and the Data Protection Act 2018.

1. Who we are

This policy is issued by Sweet Intelligence UK Limited (Company No. 17194435), a private company limited by shares incorporated in England and Wales on 1 May 2026, with its registered office at 173 Manor Grove, Richmond, TW9 4QJ. In this policy, "SweetIntel", "we", "us", or "our" refers to this entity.

We are the data controller for personal data collected through this website and through our direct engagements. You can reach our data protection contact at dpo@sweetintel.ai.

2. What we collect

We collect only what we need. In practice that means:

• Contact data you give us. Name, company, role, email, phone, or any message you send us through email, LinkedIn, or a future contact form.
• Engagement data. Documents, data, and materials you share with us during a project. We treat these as your confidential information, not as our data to mine.
• Technical data. When you visit this website, your browser automatically sends an IP address, user-agent, referrer, and requested URL. Our server may log these for a short period to keep the site running.

We do not currently use analytics cookies, advertising pixels, or third-party tracking. If that changes, this policy will be updated before the change takes effect.

3. Why we collect it

• To respond to you when you contact us.
• To perform the services you have engaged us for.
• To comply with legal, tax, and audit obligations.
• To protect the security and integrity of this website.

4. How we use it

Personal data is used only for the purpose for which it was given, and only by people on our team who need it to do their work. We do not sell personal data. We do not share it with third parties for marketing.

5. Who we share it with

We may share personal data with:

• Professional service providers who help us run the business (accounting, legal, IT infrastructure). These parties are contractually bound to protect the data.
• Authorities, where required by law or a valid legal process.

Where a provider is located outside the United Kingdom, we rely on the safeguards described in section 10 (International transfers).

6. How long we keep it

We keep personal data for as long as needed for the purpose it was collected, and for a reasonable tail afterwards to meet legal, tax, and audit requirements. When it is no longer needed, we delete or anonymise it.

7. Your rights

Under the UK GDPR you have the right to:

• Be informed about how we use your personal data (this page).
• Access the personal data we hold about you.
• Rectify personal data that is inaccurate or incomplete.
• Erase your personal data in certain circumstances (the right to be forgotten).
• Restrict processing of your personal data in certain circumstances.
• Data portability: receive a copy of your data in a structured, machine-readable format.
• Object to processing based on legitimate interests, and to direct marketing at any time.
• Withdraw consent at any time where we rely on consent, without affecting prior lawful processing.
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have mishandled your data. We would appreciate the chance to address your concerns first.

To exercise any of these, write to dpo@sweetintel.ai. We will respond within one calendar month, in line with Article 12(3) of the UK GDPR.

8. Security

We take reasonable technical and organisational measures to protect personal data, including access controls, encryption in transit, and confidentiality obligations on our team and vendors. No system is perfectly secure, but we work to make the radius of any incident as small as possible.

9. Children

This website is not directed to children under 13. We do not knowingly collect personal data from children.

10. International transfers

Some of our providers may process personal data outside the United Kingdom. Where they do, we rely on one of the lawful transfer mechanisms permitted under the UK GDPR: an adequacy decision recognised by the UK Government, the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or another approved safeguard, together with appropriate technical and organisational measures.

11. Changes to this policy

We may update this policy from time to time. The effective date at the top will reflect the most recent change. Material changes will be flagged at the top of this page.