Privacy Policy | Seahorse Integrations

1 Who We Are

Seahorse Integrations Ltd ("we," "our," or "us") is a software development and AI consultancy registered in England and Wales.

We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what personal data we collect, why we collect it, how we use and store it, and what rights you have in relation to it.

This policy applies to all personal data we collect through our website (seahorseltd.co.uk), through our client engagements, and through any other interactions with us.

Data Controller: Seahorse Integrations Ltd is the data controller for the personal data described in this policy. This means we decide how and why your personal data is processed.

Contact: If you have any questions about this policy or how we handle your data, you can contact us at:

Email: samuel@seahorseintegrations.co.uk

ICO Registration Number: [To be added upon registration with the ICO]

2 What Personal Data We Collect

We collect different types of personal data depending on how you interact with us. The tables below set out exactly what we collect and why.

2.1 Website Visitors

Data Collected	Purpose	Legal Basis
Name, email, phone number, message	To respond to your enquiry via our contact form	Legitimate interest / Consent
Email address	To send you newsletters or updates you have opted in to receive	Consent
IP address, browser type, pages visited, time on site	Website analytics to understand how our site is used and to improve it	Legitimate interest / Consent (via cookies)
Cookie preferences	To remember your cookie consent choices	Legal obligation (PECR)

2.2 Clients and Prospective Clients

Data Collected	Purpose	Legal Basis
Contact names, email addresses, phone numbers	To communicate with you about your project and provide our services	Contract performance
Business name, address, company number	To identify you as a client, issue invoices, and fulfil legal/tax obligations	Contract performance / Legal obligation
Project files and documents	To deliver the services you have engaged us to provide	Contract performance
Login credentials (for client portals we build)	To provide you with secure access to systems we build for you	Contract performance
Financial information (invoices, payment records)	To process payments, manage accounts, and comply with HMRC requirements	Contract performance / Legal obligation
Meeting notes and correspondence	To maintain an accurate record of project discussions and decisions	Legitimate interest

2.3 Data We Do Not Collect

We do not knowingly collect any special category data (such as data about your health, race, religion, sexual orientation, or political opinions). We do not collect data from children under 16. We do not purchase personal data from third parties.

3 How We Use Your Data

We only use your personal data for the purposes set out in this policy. We will never sell your personal data to third parties. We will never use your data for automated decision-making or profiling.

Specifically, we use your data to:

Respond to enquiries submitted through our website contact form;
Provide, manage, and deliver the services you have engaged us for;
Issue invoices and process payments;
Send you newsletters or marketing updates (only where you have opted in);
Analyse website usage to improve our site and services;
Comply with legal and regulatory obligations (such as tax reporting to HMRC);
Protect our legitimate business interests (such as maintaining records of client relationships for potential future work).

3.1 Use of Artificial Intelligence in Service Delivery

As an AI consultancy, we may use artificial intelligence tools and large language models (such as those provided by OpenAI, Anthropic, Google, or similar providers) as part of our service delivery. This section explains how we handle your data in relation to these tools.

Where AI tools are used in the delivery of a client project, this will be considered part of our standard working practices unless the client expressly requests otherwise. Clients will be informed during onboarding that AI tools may be used in project delivery and may opt out at any time by notifying us in writing.
We select AI providers that offer appropriate data handling commitments, including providers that do not use client-submitted data to train their models (where such options are available).
We do not use AI tools to make any automated decisions about individuals. All outputs generated by AI tools are reviewed and verified by our team before being used or delivered.
Where personal data is processed by an AI tool, such processing is carried out in accordance with the data protection obligations set out in this policy and any applicable Data Processing Agreement.
If a client does not wish for their data to be processed using AI tools, they may opt out at any time by notifying us in writing. We will respect that preference and deliver the project without the use of such tools from that point forward.

4 Our Legal Bases for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Legal Basis	When We Use It
Consent	When you opt in to our newsletter, accept analytics cookies, or submit a contact form. You can withdraw consent at any time.
Contract Performance	When processing is necessary to fulfil a contract with you (e.g. delivering a project, issuing invoices).
Legitimate Interest	When we have a genuine business reason to process your data and this does not override your rights (e.g. maintaining client records, analysing website traffic, improving our services).
Legal Obligation	When we are required by law to process your data (e.g. keeping financial records for HMRC, responding to lawful requests from authorities).

5 Cookies

Our website uses cookies. A cookie is a small text file placed on your device when you visit a website. We use the following types of cookies:

Cookie Type	Purpose	Consent Required?
Strictly Necessary	Essential for the website to function (e.g. cookie consent preferences, security)	No
Analytics	Help us understand how visitors use our site (e.g. Google Analytics, Microsoft Clarity). Data is anonymised where possible.	Yes

When you first visit our website, you will be shown a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your cookie preferences at any time through the cookie settings link in our website footer.

5.1 Specific Cookies We Use

Cookie	Provider	Purpose	Duration	Type
_ga	Google Analytics	Distinguishes unique visitors by assigning a randomly generated number	2 years	Analytics
_ga_G-KKLBWGFLW7	Google Analytics	Maintains session state and tracks how visitors use the site	2 years	Analytics
_clid	Microsoft Clarity	Identifies the first-time Clarity saw this user on any site	12 months	Analytics
_clck	Microsoft Clarity	Persists the Clarity user ID and preferences	12 months	Analytics
_clsk	Microsoft Clarity	Connects multiple pageviews by a user into a single session recording	1 day	Analytics
MUID	Microsoft Clarity	Identifies unique web browsers visiting Microsoft sites, used for analytics	13 months	Analytics
ANONCHK	Microsoft Clarity	Indicates whether MUID is transferred to ANID - Clarity does not use ANID	Session	Analytics
SM	Microsoft Clarity	Used in synchronising the MUID across Microsoft domains	Session	Analytics

Google Analytics: We use Google Analytics 4 (GA4) to understand how visitors use our website. GA4 uses cookies to collect anonymous data including pages visited, time on site, and referring websites. GA4 does not store IP addresses; IP anonymisation is applied by default and IP data is not logged or accessible to us. Google's privacy policy is available at https://policies.google.com/privacy.

Microsoft Clarity: We use Microsoft Clarity to understand how visitors interact with our website through heatmaps and session recordings. Clarity captures anonymised interaction data and does not collect personal information. Microsoft's privacy statement is available at https://privacy.microsoft.com/privacystatement.

6 How We Store and Protect Your Data

We take the security of your data seriously. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration.

6.1 Storage Locations
Your data may be stored using the following services and platforms:

Cloud storage services (such as Google Workspace) for project files, documents, and correspondence;
Accounting software for invoices and financial records;
Secure hosting providers for any client portals or web applications we build and maintain;
Email services for client correspondence;
CRM or project management tools for tracking client relationships and project progress.

We select providers that maintain appropriate security standards and, where possible, store data within the United Kingdom or the European Economic Area. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions).

6.2 Security Measures
Our security measures include:

Encryption of data in transit (HTTPS/TLS) and at rest where supported by our storage providers;
Strong, unique passwords and two-factor authentication on all business accounts;
Access restricted to authorised personnel only (the Company's directors and any approved subcontractors bound by confidentiality obligations);
Regular software updates and security patches on all devices and systems;
Regular review of data access permissions and security practices.

7 How Long We Keep Your Data

We keep your personal data only for as long as we have a legitimate reason to do so. The retention periods below reflect both our business needs and our legal obligations.

Data Type	Retention Period	Reason
Contact form submissions	Retained for ongoing business development and relationship management, unless you request deletion	Legitimate interest
Newsletter subscribers	Until you unsubscribe	Consent
Analytics data	26 months (Google Analytics default)	Legitimate interest
Client contact details	Duration of relationship + retained indefinitely for system continuity, regulatory compliance, and legislative change preparedness, unless you request deletion	Legitimate interest / Contract
Project files and documents	Duration of relationship + retained indefinitely for system continuity, regulatory compliance, and legislative change preparedness, unless you request deletion	Legitimate interest / Contract
Financial records (invoices, payment records)	Minimum 6 years from end of the financial year in which the transaction occurred	Legal obligation (HMRC)
Login credentials (client portals)	Duration of the service. Deleted or transferred to client upon project completion or termination	Contract performance
Meeting notes and correspondence	Duration of relationship + retained indefinitely for system continuity and legislative change preparedness, unless you request deletion	Legitimate interest

Important: Where we retain personal data beyond the immediate purpose for which it was collected, we do so on the basis of legitimate interest. As a software development and AI consultancy, the systems we build for clients may remain in use for many years. We retain project records, technical documentation, and correspondence to ensure we can provide ongoing support in the event of system failures, security incidents, or technical issues; respond to new or changing legislation and regulatory requirements that may affect systems we have previously delivered; maintain continuity of service should a client return for further work; and fulfil any legal or contractual obligations that may arise after project completion. We retain enquiry and contact form data to support ongoing business development and to maintain a complete record of our communications history. You have the right to request deletion of your data at any time (see section 8), and we will comply unless we are legally required to retain it (for example, financial records for HMRC) or unless deletion would compromise our ability to support a system that remains in active use.

8 Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data. These rights apply regardless of whether you are a website visitor, a prospective client, or an existing client.

Your Right	What This Means
Right of Access	You can request a copy of all personal data we hold about you. We will respond within one calendar month.
Right to Rectification	If any data we hold about you is inaccurate or incomplete, you can ask us to correct it.
Right to Erasure ("Right to be Forgotten")	You can ask us to delete your personal data. We will comply unless we have a legal obligation to retain it (e.g. financial records for HMRC).
Right to Restrict Processing	You can ask us to temporarily stop processing your data while a concern is being resolved.
Right to Data Portability	You can request your data in a commonly used, machine-readable format so you can transfer it to another provider.
Right to Object	You can object to processing based on legitimate interest. We will stop unless we can demonstrate compelling legitimate grounds.
Right to Withdraw Consent	Where we process your data based on consent (e.g. newsletters, analytics cookies), you can withdraw that consent at any time.
Right to Lodge a Complaint	If you are not satisfied with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO).

To exercise any of these rights, contact us at: samuel@seahorseintegrations.co.uk

We will respond to all legitimate requests within one calendar month. If your request is particularly complex, we may extend this by a further two months, but we will let you know within the first month if this is the case.

Information Commissioner's Office (ICO): If you believe we have not handled your data correctly, you can contact the ICO at ico.org.uk or by calling 0303 123 1113.

9 Who We Share Your Data With

We do not sell your personal data. We only share your data with third parties where it is necessary to provide our services or comply with the law.

We may share your data with:

Cloud service providers (for storage and email) - acting as data processors under our instruction;
Accounting and invoicing software providers - for financial record-keeping;
Hosting providers - for websites and applications we build and maintain on your behalf;
Google - via Google Analytics, for anonymised website usage data (subject to your cookie consent);
Microsoft - via Microsoft Clarity, for anonymised website interaction data (subject to your cookie consent);
Our accountant - for tax compliance and financial reporting;
Subcontractors, freelancers, or specialist consultants engaged to assist with project delivery - bound by confidentiality obligations and, where applicable, data processing agreements;
Law enforcement or regulatory bodies - only where required by law.

Where we engage third-party service providers who process personal data on our behalf, we ensure they are bound by appropriate data processing agreements and maintain adequate security standards.

10 International Data Transfers

We aim to store your data within the United Kingdom or the European Economic Area wherever possible. However, some of our service providers (such as Google and Microsoft) may process data in countries outside the UK/EEA.

Where your data is transferred outside the UK/EEA, we ensure that appropriate safeguards are in place, including:

Transfers to countries that have received an adequacy decision from the UK Government;
Standard Contractual Clauses (SCCs) approved by the ICO;
Other appropriate safeguards as required by UK data protection law.

11 Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by the UK GDPR;
Notify you directly without undue delay if the breach is likely to result in a high risk to your rights and freedoms;
Document the breach, its effects, and the remedial actions taken, in accordance with our legal obligations.

12 Children's Data

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will delete it promptly.

13 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or the law. When we make significant changes, we will:

Update the "Last updated" date at the top of this policy;
Post the updated policy on our website;
Where the changes significantly affect how we process your data, notify affected individuals directly (by email where possible).

We encourage you to review this policy periodically.

14 Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or have any concerns about how we handle your personal data, please contact us:

Email: samuel@seahorseintegrations.co.uk

Website: seahorseltd.co.uk

You also have the right to contact the Information Commissioner's Office (ICO) if you have concerns about how we handle your data:

ICO Website: ico.org.uk

ICO Helpline: 0303 123 1113