Skip to main content
WorkCrew

Privacy Policy

Last updated: 20 April 2026

Who We Are

WorkCrew Ltd is a UK-registered company providing AI automation services, website development, and AI training for small businesses. Our website is workcrew.io. This notice is governed by UK GDPR, the Data Protection Act 2018 and the Data (Use and Access) Act 2025.

  • Company: WorkCrew Ltd, England & Wales
  • Data Controller: WorkCrew Ltd
  • ICO Registration: Pending (application in progress — reference to be added once issued)
  • Contact: hello@workcrew.io

What Data We Collect

When you use our website or engage us as a client, we may collect:

  • Contact form submissions: name, email address, phone number (optional), and your message.
  • Audit / Blueprint request submissions: business name, industry, website URL, email address, and details about your business challenges.
  • Chat conversations: messages exchanged with our AI assistant, processed in real-time and stored only in your browser session unless you submit them to us via a form.
  • Client data (as processor): when you engage WorkCrew under a service agreement, we may process personal data on your behalf (e.g. your customers' names, phone numbers, emails). This is governed by a separate Data Processing Agreement and you remain the controller of that data.
  • Usage data: pages visited, interactions, and device info stored in your browser (localStorage / sessionStorage). Analytics data is collected only after you consent via our cookie banner.

Legal Basis for Processing

Under UK GDPR we rely on the following lawful bases:

  • Consent — for marketing emails, analytics cookies, and non-essential tracking.
  • Contract — to deliver services you have engaged us to provide.
  • Legitimate interests — to respond to enquiries, improve our services, and operate our business (balanced against your rights).
  • Legal obligation — to meet accounting, tax, and regulatory requirements.

How We Use Your Data

  • To respond to enquiries and deliver the services you request.
  • To generate AI Blueprint / Audit reports tailored to your business.
  • To send you follow-up communications about our services (you can unsubscribe at any time).
  • To process payments for services via our payment providers.
  • To improve our website, tools, and services.

Third-Party Services & Sub-Processors

We use the following service providers to operate our website and deliver services. Each is bound by their own data protection obligations.

  • Vercel (USA) — website hosting. EU data regions where available.
  • Anthropic (USA) — Claude AI for responses, Blueprint generation, and agent tooling. Covered by Standard Contractual Clauses (SCCs).
  • OpenAI (USA) — supporting AI models for specific features. Covered by SCCs.
  • Resend (USA) — transactional email delivery. Covered by SCCs.
  • Cloudflare (USA/Global) — DNS, CDN, and email routing.
  • Supabase (EU region — Frankfurt/London) — database and authentication for client portals.
  • Stripe (USA/UK) — payment processing.
  • Vercel Analytics & Speed Insights — aggregate, anonymised usage analytics (consent required).

International Data Transfers

Some of our service providers are based outside the UK (primarily the USA). Where your data is transferred outside the UK, we rely on UK IDTA / Standard Contractual Clauses and appropriate technical safeguards to protect your rights.

Data Retention

  • Contact / Blueprint submissions: 24 months, then deleted unless you become a client.
  • Client records: retained for the duration of the engagement plus 7 years (statutory accounting period).
  • Marketing email lists: retained until you unsubscribe; reviewed every 24 months.
  • Website analytics: 14 months (if consent given).
  • Chat sessions: session-only — not retained unless submitted via a form.

Cookies

We use essential cookies to make the site work and, with your consent, analytics and marketing cookies to understand usage and improve our services. You can accept or decline non-essential cookies via our cookie banner at any time, or change your preference through your browser settings.

Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data (subject to legal retention obligations).
  • Restriction — ask us to limit how we use your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or direct marketing.
  • Withdraw consent — at any time, where consent is the legal basis.
  • Not be subject to automated decisions — including profiling with significant effects.

To exercise any of these rights, email hello@workcrew.io. We will respond within one month.

Complaints

If you are unhappy with how we have handled your data, please contact us first at hello@workcrew.io. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk.

Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top indicates the most recent change. Significant changes will be flagged on our website or via email if you are an active client.

Contact

Questions about this policy? Email hello@workcrew.io.