Privacy Policy

Effective Date: April 16, 2025
Last Updated: April 16, 2025

1. Introduction

This Privacy Policy outlines how AI-Dionic LTD ("AI-Dionic", "we", "us", or "our") collects, uses, shares, and protects the personal data of individuals ("you") who visit or interact with our website located at allen.dionic.ai (the "Website").

AI-Dionic is committed to protecting your privacy and handling your personal data in an open and transparent manner. This policy is designed to comply with the requirements of applicable UK data protection legislation, specifically the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We aim to provide clear information about our data processing activities, enabling you to understand how your personal data is used when you engage with our Website, particularly when expressing interest in our services.

This policy details the types of personal data we collect, the purposes for which we process it, the legal basis for doing so, who we share it with, how we protect it, how long we keep it, and the rights you have concerning your personal data.

2. Who We Are (Data Controller)

For the purposes of UK data protection law, the data controller responsible for the personal data collected through the Website (allen.dionic.ai) is:

AI-Dionic LTD
Registered Office: 7 Bell Yard, London, England, WC2A 2JR
Company Number: 15549888 (Registered in England and Wales)

As the data controller, AI-Dionic LTD determines the purposes for which and the means by which your personal data is processed. While we utilise third-party service providers (known as data processors) for specific functions as detailed later in this policy, AI-Dionic LTD remains ultimately responsible for ensuring your personal data is handled in accordance with applicable data protection laws.

If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise any of your data protection rights, please contact us at:
Email: info@ai-dionic.com

3. The Information We Collect About You

We collect personal data through different methods when you interact with our Website. This includes information you provide directly to us and information collected automatically through website analytics tools.

3.1 Information You Provide Directly

When you express interest in our services, specifically Allen's early access, by submitting the form available on our Website, we collect the following personal data directly from you:

First Name
Last Name
Business Email Address
Mobile/Phone Number
Job Title/Role

This information is provided voluntarily by you when you choose to complete and submit the form.

3.2 Information Collected Automatically (Website Analytics)

To understand how our Website is used, monitor its performance, and improve the user experience, we utilise website analytics services provided by Vercel, Inc., specifically Vercel Web Analytics and Vercel Speed Insights. These tools automatically collect certain information when you visit our Website.

Vercel's analytics are designed with privacy as a priority. They do not use cookies for tracking purposes and do not collect persistent personal identifiers that could track you across different websites or applications. Visitors are identified using a hash generated from the incoming request, which is valid only for a single day and automatically reset, preventing tracking between different days or websites. The data collected is intended for aggregated statistical analysis and is designed to be anonymous, meaning it is not tied to or associated with any specific individual or IP address.

The types of information automatically collected by Vercel Analytics may include:

Event Timestamp: The date and time of the visit or event.
URL Visited: The specific page visited on our Website.
Dynamic Path: The template path of the page visited (e.g., /blog/[slug]).
Referring URL: The website address from which you arrived at our Website.
Query Parameters: Parameters included in the URL (filtered by Vercel to potentially remove sensitive data, though configuration is important - see below).
Geolocation: General location data derived from the request (e.g., Country, Region, City).
Device Operating System (OS) & Version: The operating system used by your device.
Browser & Version: The web browser used to access the Website.
Device Type: Whether you are accessing the site via Mobile, Desktop, or Tablet.
Web Vitals & Performance Metrics: Data related to website loading speed and performance (e.g., Core Web Vitals, page load times).
Web Analytics Script Version: The version of the Vercel analytics script running.

It is important to note that while Vercel aims to filter sensitive information from URLs and query parameters, URLs can sometimes contain personal data (e.g., user IDs, tokens). AI-Dionic takes steps to configure Vercel Analytics appropriately to minimise the collection of such data through URLs or custom events, but users should be aware of the data they include in URLs they share or access.

4. How We Use Your Personal Information (Purposes of Processing)

We process the personal data we collect for specific, explicit, and legitimate purposes, in accordance with the data protection principle of 'Purpose Limitation'. We use your information for the following purposes:

Responding to Your Interest: To process and respond to your request for information about Allen's early access, submitted via the website form. This includes contacting you using the details provided (name, email, phone number) to discuss the service and your potential interest as a business customer.
Customer Relationship Management (CRM): To manage our relationship with you as a prospective customer. Data submitted through the form (First Name, Last Name, Business Email, Phone Number, Job Title/Role) is transferred via our workflow automation tool (Zapier) and stored in our CRM system (Monday.com) to facilitate ongoing communication and relationship management.
Website Improvement and Security: To analyse how visitors use our Website using the automatically collected data from Vercel Analytics. This helps us understand traffic patterns, identify popular content, diagnose technical issues, improve website functionality and user experience, and ensure the security and integrity of our Website.

5. Our Lawful Basis for Processing Your Data

Under UK GDPR, we must have a valid lawful basis for processing your personal data. The UK GDPR provides six potential lawful bases: Consent, Contract, Legal Obligation, Vital Interests, Public Task, and Legitimate Interests. We rely on the following lawful bases for our processing activities:

For Responding to Your Interest and CRM Management (Purposes 1 & 2): We process the personal data you provide via the form (name, email, phone, job title) based on our Legitimate Interests (Article 6(1)(f) UK GDPR). Our legitimate interest is to engage with potential business customers who have proactively expressed interest in our specific services (Allen) by submitting an enquiry form on our Website. It is reasonable for individuals representing businesses who submit such a form to expect follow-up communication regarding the service they enquired about. Managing these prospective relationships within our CRM system is also a necessary part of pursuing this interest.
We have undertaken a Legitimate Interests Assessment (LIA) to balance our interests against your interests, rights, and freedoms. We have concluded that, given the business-to-business (B2B) nature of our service, the type of data collected (standard business contact information), your explicit action in submitting the form indicating interest, and the limited purpose of the follow-up contact, our legitimate interests are not overridden by your rights and interests. Relying on Legitimate Interests allows us to efficiently respond to your specific request for information about Allen.
For Website Improvement and Security (Purpose 3): We process the automatically collected website analytics data based on our Legitimate Interests (Article 6(1)(f) UK GDPR). Our legitimate interest is to operate our Website effectively, understand usage patterns to improve our services, ensure technical performance, and maintain security.
We consider the processing of this data necessary to achieve these aims. Given that Vercel Analytics is designed to collect aggregated and anonymised data, does not use tracking cookies, and does not store IP addresses, we have concluded that the impact on individual privacy is minimal and proportionate to our legitimate interests in maintaining and improving our online presence.

6. Who We Share Your Information With (Third Parties & Processors)

We do not sell your personal data. However, we engage third-party service providers (data processors) to perform certain functions necessary to provide our services and operate our Website. These processors act on our behalf and under our instructions. We ensure that we have appropriate Data Processing Agreements (DPAs) in place with these processors where required by law, obligating them to protect your personal data, maintain confidentiality, implement appropriate security measures, and only process the data for the purposes we specify.

The specific data flow for information submitted via the early access form is as follows: Your submitted data (First Name, Last Name, Business Email, Phone Number, Job Title/Role) is captured on our Website (hosted by Vercel), then passed via Zapier for workflow automation, and finally stored in our CRM system, Monday.com.

Our key third-party processors include:

Processor	Service Provided	Personal Data Processed/Shared	Primary Processing Location(s)	Link to Privacy Policy / DPA Information
Vercel, Inc.	Website Hosting, Web Analytics, Speed Insights	Automatically collected analytics data (as detailed in Section 3.2). Potentially form submission data during transit if not directly sent elsewhere.	United States (primarily), potentially global edge locations	Privacy Policy DPA
Zapier, Inc.	Workflow Automation	Form submission data: First Name, Last Name, Business Email, Phone Number, Job Title/Role	United States	Privacy Policy DPA
Monday.com Ltd.	Customer Relationship Management (CRM)	Form submission data: First Name, Last Name, Business Email, Phone Number, Job Title/Role	EU (Germany - default for UK users signing up post Jan 2023), Israel, United States (for some processing/sub-processors)	Privacy Policy DPA

We may also share information if required by law, such as in response to a subpoena, court order, or other legal process, or to establish or exercise our legal rights or defend against legal claims.

7. International Data Transfers

Personal data collected via the Website may be transferred to, stored, and processed in countries outside the United Kingdom (UK) and the European Economic Area (EEA), primarily the United States and Israel, where our third-party processors operate.

Such transfers only occur where appropriate safeguards are in place to ensure your personal data receives a level of protection equivalent to that provided under UK data protection law. We rely on the following mechanisms for transferring personal data outside the UK/EEA:

Adequacy Decisions: Some countries are recognised by the UK government as providing an adequate level of data protection. Transfers to these countries do not require additional safeguards. This currently applies to transfers to Israel, where Monday.com conducts some processing activities.
UK Extension to the EU-US Data Privacy Framework (DPF): For transfers to the United States, Vercel, Zapier, and Monday.com's US subsidiary are certified under the UK Extension to the EU-US Data Privacy Framework. This framework is recognised by the UK government as providing adequate protection for personal data transferred from the UK to certified US organisations.
Standard Contractual Clauses (SCCs) with UK Addendum: As a supplementary safeguard, or where the DPF may not apply (e.g., to certain sub-processors or if the framework's status changes), our Data Processing Agreements with Vercel, Zapier, and Monday.com incorporate the relevant EU Standard Contractual Clauses as adapted for UK data transfers by the UK International Data Transfer Addendum (UK Addendum). These clauses impose contractual obligations on the data importer to protect the transferred personal data.

We ensure our contracts (DPAs) with these processors include provisions requiring them to protect your data according to UK GDPR standards, regardless of where it is processed. Monday.com has also appointed a UK Representative as required under Article 27 of the UK GDPR.

8. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures are designed to ensure a level of security appropriate to the risk associated with the processing activities.

Our processors (Vercel, Zapier, Monday.com) are also contractually obligated through our DPAs to implement and maintain robust security measures to protect the data they process on our behalf. Vercel, for example, maintains SOC 2 Type 2 and ISO 27001 certifications and encrypts data at rest and in transit. Zapier and Monday.com also detail their security practices in their respective documentation.

However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

9. Data Retention

We adhere to the principle of 'Storage Limitation' under UK GDPR, meaning we will retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, as outlined in Section 4 of this policy.

Specifically:

Form Submission Data (Name, Email, Phone, Job Title): We retain this data stored in our CRM (Monday.com) for the duration necessary to manage our relationship with you as a prospective customer regarding Allen's early access and potential future use. This period will depend on the nature of our interactions and your continued interest. We will periodically review our records and delete data where it is no longer required for these purposes, or earlier if you request deletion (subject to any legal obligations to retain the data).
Website Analytics Data (Vercel): The visitor identifier hash used by Vercel is automatically discarded after 24 hours. Aggregated and anonymised analytics data may be retained by Vercel according to their own retention policies for statistical analysis and reporting purposes.

We may retain certain information for longer periods if required by law or for legitimate business needs, such as record-keeping, resolving disputes, or enforcing our agreements. When data is no longer needed, we will securely delete or anonymise it.

10. Your Data Protection Rights

Under UK data protection law, you have several rights concerning your personal data. These rights allow you to maintain control over your information. Your rights include:

The right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your personal data and your rights. This is why we are providing you with this Privacy Policy.
The right of access: You have the right to obtain access to your personal data (if we are processing it) and certain other information (similar to that provided in this Privacy Policy).
The right to rectification: You are entitled to have your personal data corrected if it is inaccurate or incomplete.
The right to erasure: Also known as the 'right to be forgotten', this enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not an absolute right and only applies in certain circumstances.
The right to restrict processing: You have the right to 'block' or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.
The right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services. This applies to data you have provided to us where we are processing it based on your consent or for the performance of a contract, and the processing is carried out by automated means.
The right to object to processing: You have the right to object to certain types of processing, including processing based on our legitimate interests (as described in Section 5). You also have an absolute right to object to your personal data being used for direct marketing purposes.
Rights relating to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you (we do not currently engage in such activities based on the data collected via the Website).

Exercising Your Rights:

To exercise any of these rights, please contact us using the details provided in Section 2:
Email: info@ai-dionic.com

Please provide sufficient information to identify yourself and specify the right you wish to exercise. We may need to request further information to verify your identity before responding to your request. We will respond to your request within one month of receipt, although this period may be extended by two further months where necessary, taking into account the complexity and number of requests.

Right to Lodge a Complaint:

If you are unhappy with how we have handled your personal data or believe that we have not complied with your rights, you have the right to lodge a complaint with the UK's data protection regulator, the Information Commissioner's Office (ICO).

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/concerns/

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

11. Children's Data

Our Website and services are aimed at businesses (B2B) and are not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete such information promptly.

12. Cookies

We utilise necessary cookies solely to ensure the proper functioning and basic features of our website. These cookies do not track personal information and are essential for site operation. Our primary analytics provider, Vercel Analytics, as detailed elsewhere in this policy, operates without the use of traditional tracking cookies.

Vercel Analytics, the primary analytics tool used on this Website, is designed not to use cookies for tracking visitors. Therefore, traditional cookie consent banners related to analytics tracking are not required for this specific tool.

If we introduce other services or functionalities in the future that use cookies (particularly non-essential cookies for tracking or advertising), we will update this policy and implement appropriate cookie consent mechanisms as required by law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, service offerings, legal requirements, or regulatory guidance. We encourage you to review this policy periodically.

When we make significant changes, we will notify you by updating the "Last Updated" date at the top of this policy and may provide additional notice, such as a statement on our Website homepage. Your continued use of the Website after such changes constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data protection practices, please do not hesitate to contact us:

AI-Dionic LTD
7 Bell Yard, London, England, WC2A 2JR
Company Number: 15549888
Email: info@ai-dionic.com