Privacy Policy

Graft AI ("we", "us", "our") is an AI automation agency based in the United Kingdom, operated by [Joseph McGinnity] trading as Graft AI. We are the data controller for personal data we collect about visitors and clients. You can contact us at info@graftai.net.

We may collect:

• Information you give us — your name, email, company and message when you contact us, book a call, or sign up to work with us.
• Usage data — basic analytics about how you use our website (pages visited, device/browser), via cookies or similar technologies.
• Client data — where we deliver services, we may process data within your systems and accounts on your behalf (see section 5).

We use personal data to: respond to enquiries and provide our services; communicate with you about projects; send information you've asked for; improve our website and services; and meet legal and accounting obligations.

We rely on: consent (e.g. where you contact us or opt in); contract (to deliver services you've engaged us for); and legitimate interests (e.g. running and improving our business), balanced against your rights.

When we build, host or manage systems for a client, we may act as a data processor, handling personal data within the client's systems on their instructions and under our Services Agreement. We process such data only to deliver the services, we do not sell it, and we do not use it to train public AI models.

Our website may use cookies and analytics to understand usage and improve the site. You can control cookies through your browser settings. Where required, we will ask for your consent to non-essential cookies.

We may share data with trusted service providers who help us operate — for example hosting, scheduling, email, analytics and AI providers — under appropriate agreements. We do not sell your personal data. We may disclose data where required by law.

Some providers we use may process data outside the UK/EEA (for example certain AI or cloud providers). Where this happens, we take steps to ensure an adequate level of protection, such as appropriate safeguards or adequacy decisions.

We keep personal data only as long as necessary for the purposes above, or as required for legal, tax and accounting reasons, after which it is securely deleted.

We apply reasonable technical and organisational measures to protect personal data and credentials, including secure storage of access details and least-privilege access.

Under UK GDPR you have rights to access, correct, delete, restrict or object to the processing of your personal data, and to data portability. To exercise these, email info@graftai.net. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

We may update this policy from time to time. The latest version will always be on this page with its "last updated" date.