Privacy policy

How we handle your data.

Effective date: 3 June 2026

We keep this short and honest. Here is what data we collect, why, and what you can do about it.

01 Who we are

CompanyAdastral AI Ltd - SC886849
AddressTechnology House Office 1, 9 Newton Place, Glasgow, G3 7PR
Emailhello@adastral.ai
Websiteadastral.ai
ICO registrationRegistered with the ICO as a data controller. Where we process personal data on behalf of clients, we act as a data processor - covered by the data processing provisions in our Master Services Agreement. Reference: ZC146568.

02 What we collect and why

Almost everyone we deal with is a business contact. We collect what we need and use it only for the reasons set out below.

We collect information you give us directly - such as your name, email address, company, and role when you contact us or engage our services. We also collect technical and usage data automatically when you visit our website, and may receive your details from a partner who introduces you to us.

We use this information to respond to you, manage our working relationship, deliver agreed services, improve our website, and where we have a lawful basis to do so, let you know about our services. Where we deliver work that involves processing your data on behalf of a client, that is covered by the data processing provisions in our Master Services Agreement.

We rely on the following lawful bases under UK GDPR:

We do not collect sensitive personal data, make automated decisions about individuals, or sell your data to anyone.

We use Sentry, an error monitoring service, to identify and fix problems with the website. When an error occurs, Sentry receives limited technical data including your IP address, browser, device, and a short recording of the page. We have configured Sentry to mask all form input values and any on-screen elements that display personal information, so what is captured is diagnostic data rather than identifying content. Data is stored in Sentry's EU servers (Germany). Our lawful basis is legitimate interest in keeping the website secure and working correctly.

03 Marketing

We may contact business contacts by email about our services where we have a legitimate reason - for example if you have been in touch, attended something we ran, or been introduced by a partner. UK law permits this for B2B contacts without prior consent, provided we make it easy to opt out.

Every marketing communication includes an unsubscribe option. If you opt out, we stop. We do not cold-email individuals at personal addresses without consent.

04 AI tools

AI is central to what Adastral does - both in how we deliver services and in how we run our own operations. We want to be clear about how we use it and what that means for your data.

In our internal operations, we use AI tools to support tasks such as drafting, research, analysis, and communication. Where these tools process personal data, we apply appropriate controls to ensure data is handled securely and that any AI-generated output is reviewed by a human before it is used or shared externally.

In client engagements, AI tools and agents may be used to deliver the agreed scope of work. We are transparent with clients about which AI tools and approaches are involved - this is covered in the relevant Statement of Work and Master Services Agreement. Client data processed through AI tools in the course of delivery is handled in line with the data processing provisions of our MSA.

We do not use AI to make automated decisions about individuals that have legal or similarly significant personal consequences. We keep our AI practices under regular review in line with ICO guidance on AI and data protection, and we update our approach as that guidance develops.

05 Cookies

We use cookies and similar technologies on our website. Some are essential for the site to function. Others help us understand how the site is used or support our marketing activity. We will ask for your consent before placing any non-essential cookies, and you can update your preferences at any time via the cookie banner.

Full details of the cookies we use are in our Cookie Policy.

06 Who we share data with

We share personal data only where necessary - with service providers who help us run our business (including Resend for transactional email and Sentry for error monitoring), professional advisers where required, and regulatory authorities where the law requires it. Where a legal disclosure would itself be unlawful to notify you about in advance - for example under the Proceeds of Crime Act 2002 - we are not required to tell you first.

We do not sell data or share it for third-party advertising purposes.

07 International clients

This policy is written under UK GDPR. The UK holds an adequacy decision from the EU, so data flows freely between the UK and EU without additional measures required. Where we process personal data relating to EU residents, EU GDPR also applies and EU residents can contact their local supervisory authority at edpb.europa.eu.

Where we work with US-based companies, we handle any personal data involved in line with applicable requirements for that engagement.

08 How long we keep it

09 Your rights

Under UK data protection law you can ask us to show you, correct, delete, or restrict how we use your personal data, give you a copy in a usable format, or stop sending you marketing. To do any of these, email hello@adastral.ai. We will respond within one month.

You can raise a complaint to the ICO at ico.org.uk if required. EU residents can contact their local supervisory authority at edpb.europa.eu. We would always rather hear from you directly first.

10 Security

We take reasonable steps to keep personal data safe. If we discover a breach likely to affect your rights, we will notify the ICO within 72 hours and inform you as soon as we can.

11 Updates to this policy

We will update this policy when our practices change or the law requires it. The effective date at the top shows when it was last changed.

Adastral AI Ltd · SC886849 · adastral.ai · Effective 3 June 2026