Privacy Policy
Last updated: 11 May 2026
1. Introduction
Autonary AI Ltd (“Autonary AI”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data transparently and lawfully.
This Privacy Policy explains what personal data we collect through our website autonaryai.com (the “Website”) and through related sales and marketing activity, how we use it, who we share it with, and what rights you have.
This policy is issued in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). For the purposes of UK GDPR, the data controller is Autonary AI Ltd, company number 16292254, registered office 13 Camwood Crescent, Lincoln, United Kingdom.
Note: This policy covers data collected via the Website and our outbound business-to-business marketing. When we deliver AI receptionist or chatbot services to a client, the client is the data controller for any guest, customer, or end-user data processed through their AI agent, and we act as a data processor under a separate Data Processing Agreement.
2. Information We Collect
2.1 Information you provide directly
When you contact us, book a demo, fill in a form, or subscribe to anything on the Website, we may collect:
Full name
Business email address
Business phone number
Company name and your role
Website URL
Information about your business, current systems, and your enquiry
Any other information you choose to share in correspondence with us
2.2 Information we collect about prospective business clients (B2B outreach)
As part of our business-to-business sales activity, we collect limited professional contact details about decision-makers at companies that match our target profile (hospitality businesses such as boutique hotels, country house hotels, wedding venues, event venues, and fine dining venues). This may include:
Name and job role
Business email address and business phone number
Employer name, location, and publicly available business information
This information is obtained from publicly accessible sources such as company websites, business directories, Companies House, and professional networks. We process this data on the lawful basis of legitimate interests (see section 4).
2.3 Information collected automatically
When you visit the Website, we may automatically collect:
IP address and approximate location
Browser type, device type, and operating system
Pages visited, time spent on pages, and referring URL
Cookies and similar tracking technologies (see section 8)
2.4 Information from third-party services
We may receive information about you from third-party services we use to operate our business, such as scheduling tools (Calendly), payment providers (Stripe), email and productivity tools (Google Workspace), and customer communication platforms. These third parties only share information with us in line with their own privacy policies and your settings with them.
3. How We Use Your Information
We use your personal data for the following purposes:
Responding to enquiries and bookings — to answer your questions, book and run discovery calls or demos, and follow up.
Providing information about our services — to send you proposals, quotes, case studies, and related information you have requested or that is relevant to your enquiry.
Business-to-business outreach — to contact decision-makers at businesses in our target market with relevant information about our AI receptionist and chatbot services.
Improving the Website and our services — to understand how visitors use the Website, measure marketing performance, and improve our offering.
Compliance and protection — to comply with legal obligations, enforce our Terms, detect and prevent fraud or abuse, and protect our rights and the rights of others.
4. Lawful Bases for Processing
Under UK GDPR, we rely on the following lawful bases:
Consent — where you have actively opted in (for example, by ticking a marketing box). You can withdraw consent at any time.
Contract — where processing is necessary to take steps at your request before entering into a contract with us, or to perform a contract with you.
Legitimate interests — where processing is necessary for our legitimate business interests (such as growing our business through B2B outreach, improving our services, and securing the Website), provided those interests are not overridden by your rights and freedoms. We carry out and document Legitimate Interests Assessments for these activities.
Legal obligation — where processing is necessary to comply with a legal obligation we are subject to.
5. B2B Marketing and Outreach
We carry out business-to-business outreach by contacting decision-makers at businesses that match our target profile, using publicly available business contact details. This activity is conducted in line with UK GDPR and PECR rules for corporate subscribers.
Specifically:
We contact named individuals in their professional capacity at corporate subscribers (limited companies, LLPs, public bodies, and similar).
Our messages clearly identify Autonary AI as the sender and explain why we are contacting you.
Every message provides a simple way to opt out of further contact (for example, by replying “unsubscribe” or contacting info@autonaryai.com).
We maintain a suppression list of anyone who has opted out and we do not contact them again.
We do not send unsolicited direct marketing by electronic means to individual subscribers (such as sole traders or unincorporated partnerships) without their prior consent.
If you would prefer not to hear from us, please email info@autonaryai.com and we will remove your details from our outreach lists.
6. Sharing Your Information
We do not sell your personal data. We share it only with the following categories of recipients, where necessary and under appropriate safeguards:
Service providers and processors we use to operate our business, including:
Google Workspace (email, document storage, productivity)
Cal.com (meeting scheduling)
Stripe (payment processing, where applicable)
Notion (internal documentation and CRM)
Email and outreach platforms used for B2B communication
Voiceflow, ElevenLabs, Twilio, and similar AI and telephony providers (where relevant to demos or services)
Website hosting and analytics providers
Professional advisers such as accountants, lawyers, and insurers, where necessary.
Authorities and regulators where we are legally required to disclose information or where disclosure is necessary to protect our rights or the rights of others.
Acquirers in the event of a sale, merger, or restructuring of our business, in which case we will take reasonable steps to ensure your data continues to be protected.
All processors handling personal data on our behalf are bound by written contracts that require them to process data only on our instructions and to implement appropriate security measures.
7. International Data Transfers
Some of our service providers (such as Google, Stripe, Twilio, and various AI providers) are based outside the UK, including in the United States and the European Economic Area. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, such as:
Transfers to countries covered by a UK adequacy decision.
Use of the International Data Transfer Agreement or UK Addendum to the EU Standard Contractual Clauses.
Reliance on other lawful transfer mechanisms approved under UK GDPR.
8. Cookies and Tracking Technologies
Cookies are small text files that are placed on your device when you visit a website. We use cookies and similar technologies on autonaryai.com as described below.
8.1 First-party cookies
Our Website is built on Framer. Framer's built-in analytics are cookieless and privacy-first. However, Framer may set a small number of essential cookies for security, session management, and the technical operation of the Website. These cookies do not require your consent under PECR.
8.2 Third-party cookies
We embed a booking widget from Cal.com (cal.com) on our Website to allow visitors to schedule discovery calls and demos. When you interact with the booking widget, Cal.com may set cookies on your device for the following purposes:
Functional cookies that enable the booking widget to operate correctly.
Analytics cookies that help Cal.com measure performance of its service.
These cookies are set by cal.com as a third party. We do not control the cookies that Cal.com sets. For full details, see Cal.com's privacy policy at cal.com/privacy.
8.3 Your choices
Where we use non-essential cookies (including third-party cookies set by the Cal.com booking embed), we will request your consent through a cookie banner on the Website before they are set. You can accept or reject non-essential cookies at any time using the cookie banner, and you can change your preferences later by clearing your cookies and revisiting the Website.
You can also manage cookies through your browser settings. Most browsers allow you to block or delete cookies. If you block essential cookies, parts of the Website may not function correctly.
For more information about cookies generally, visit aboutcookies.org or ico.org.uk/your-data-matters/online/cookies.
8.4 Updates
We review the cookies in use on our Website periodically. If we add new tools that set cookies (such as analytics, advertising pixels, or chat widgets), we will update this section and our cookie banner before those cookies are activated.
9. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, or reporting requirements. Indicative retention periods:
Enquiry and contact form data: up to 24 months from last contact, unless a commercial relationship begins.
B2B outreach data: retained while the contact remains a relevant decision-maker at a target business, and reviewed periodically. Opt-out records are kept indefinitely as a suppression list.
Client account data: for the duration of the engagement and for up to 7 years after the end of the engagement, in line with UK accounting and tax requirements.
Website analytics data: typically up to 26 months, depending on the analytics provider's settings.
When personal data is no longer needed, we securely delete or anonymise it.
10. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
Right of access — to obtain a copy of the personal data we hold about you.
Right to rectification — to have inaccurate or incomplete data corrected.
Right to erasure — to request deletion of your data in certain circumstances.
Right to restrict processing — to limit how we use your data in certain circumstances.
Right to data portability — to receive your data in a structured, machine-readable format.
Right to object — to object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent — where we rely on consent, at any time.
Right to lodge a complaint — with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
To exercise any of these rights, contact us at info@autonaryai.com. We will respond within one month. We may ask you to verify your identity before acting on your request.
11. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure, including:
Encrypted data transmission (HTTPS / TLS).
Access controls and strong authentication on business tools and accounts.
Limiting access to personal data on a need-to-know basis.
Regular review of our systems, processors, and security practices.
No system can be guaranteed 100% secure. If we become aware of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO and affected individuals as required by UK GDPR.
12. Children
The Website and our services are intended for businesses and adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us at info@autonaryai.com so we can take appropriate action.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when changes were last made. For material changes, we will take reasonable steps to notify you. Your continued use of the Website after changes are posted constitutes your acceptance of the updated policy.
14. Contact
If you have any questions about this Privacy Policy or how we handle your personal data, contact us at:
Email: info@autonaryai.com
Post: Autonary AI Ltd, 13 Camwood Crescent, Lincoln, United Kingdom
ICO registration number: ZB995462
If you are not satisfied with how we have handled your data, you can also complain to the Information Commissioner's Office at ico.org.uk.
