Privacy Policy

1. Data Controller

2. Data We Collect

Contact Form

When you submit a contact or audit request form, we collect: first name, last name, professional email address, company name, industry sector, and a description of your narrative challenge.

Usage Data

We may collect anonymised technical data about how visitors use our website (pages visited, time spent, browser type). This data cannot be used to identify you individually.

Cookies

We use cookies as described in our Cookie Policy.

3. Legal Basis for Processing

• Legitimate interests (Art. 6(1)(f) GDPR) — to respond to business enquiries and manage prospective client relationships.
• Consent (Art. 6(1)(a) GDPR) — for marketing communications and non-essential cookies, where you have given explicit consent.
• Contract performance (Art. 6(1)(b) GDPR) — to deliver services agreed with clients.
• Legal obligation (Art. 6(1)(c) GDPR) — where required by Irish or EU law.

4. How We Use Your Data

• Responding to your enquiry or audit request
• Sending you the content or information you requested
• Managing our business relationship with you
• Sending commercial communications about SetRecord.ai (where consent has been given)
• Improving our website and services
• Complying with legal obligations

We will never sell, rent, or trade your personal data to third parties for their marketing purposes.

5. Retention

Contact form data is retained for 18 months from the date of submission, after which it is permanently deleted unless a contractual relationship has been established.

Client data is retained for the duration of the contract and for a further period as required by Irish law (typically 7 years for accounting records).

6. Data Sharing

We do not sell or share your data with third parties for commercial purposes. We may share data with:

• Service providers acting as data processors on our behalf (email delivery, hosting), bound by data processing agreements
• Brevo SAS — transactional email delivery, GDPR-compliant
• OVH SAS — EU-based hosting provider
• Legal or regulatory authorities where required by applicable law

7. International Transfers

Your data is stored and processed within the European Economic Area (EEA). Where any sub-processor is located outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Your Rights

Under the GDPR and Irish Data Protection Act 2018, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your data (“right to be forgotten”)
• Restriction — request that we limit processing of your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, email privacy@setrecord.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission (DPC) at dataprotection.ie.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, or destruction, including TLS encryption for data in transit and strict access controls.

In the event of a personal data breach affecting your rights, we will notify you and the DPC as required by Art. 33–34 GDPR.

10. Contact & DPO

We may update this Privacy Policy from time to time. Material changes will be notified via a notice on our website.