Data controller
We are the data controller for personal data we collect about you through this site, when you contact us, or when we provide consulting services to your organisation.
Legal
Privacy.
How we collect, use, and protect your personal data. UK GDPR and Data Protection Act 2018. Last updated 25 April 2026.
Working context
Who we are
Prosper AI Consulting is a UK consultancy. Our company registration, registered office, and ICO registration number are listed in the footer of every page on this site. For data protection enquiries email austin.anderson@prosperconsulting.ai with "privacy" in the subject line.
Contact for privacy
Email austin.anderson@prosperconsulting.ai with "privacy" in the subject line. We respond within one working day under normal conditions and within UK GDPR statutory windows for formal requests.
Supervisory authority
If we cannot resolve your concern you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
What we collect
We collect the minimum personal data needed to do what you have asked us to do, plus standard technical data needed to run a secure web service.
From you directly
Name, work email, organisation, role, and the message or notes you choose to include when you submit a contact form, request a publication, or book a discovery call.
From your browser automatically
IP address, user-agent string, referrer, pages visited, and approximate geolocation derived from IP. Held as part of standard request logs and aggregated analytics.
From our delivery systems
When we send you a publication or response by email, our email provider (currently Resend) records delivery, open, and click events. We use these to confirm successful delivery and to investigate failures.
Why we collect it (lawful basis)
Different data is held under different lawful bases. We are explicit about which applies so you can exercise the rights that match.
Legitimate interests
Operating and securing the site, responding to enquiries you initiate, and maintaining records of consulting work we have done for you. Balanced against your privacy rights.
Consent
Marketing emails (you tick the opt-in box at the point of submission). You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or emailing us.
Contract
Where we hold personal data necessary to perform a consulting engagement under a contract with your organisation.
Your rights
Under UK GDPR you have a defined set of rights over your personal data. We respect all of them and will respond to a valid request within the statutory window (one calendar month, extendable in limited circumstances).
Access and portability
You can ask us for a copy of the personal data we hold about you (a Subject Access Request, or SAR). We provide it in a structured, commonly used, machine-readable format where reasonable.
Correction and erasure
You can ask us to correct inaccurate data or to erase data we no longer have a lawful basis to hold. Erasure is not absolute (for example we may need to retain records of a consulting engagement for tax or audit reasons) but we will explain any limit.
Objection and restriction
You can object to processing under legitimate interests, restrict processing while a dispute is resolved, or withdraw consent for processing that relies on it. You can also opt out of marketing at any time.
Common privacy questions
How long do you keep my data?
Enquiry and contact-form submissions: 24 months from last contact. Publication-request records: 24 months from delivery. Consulting engagement records: 7 years from end of engagement (HMRC and audit). Email delivery logs from our provider: rolling 30 days. We delete data sooner on a valid erasure request unless we are required to keep it.
Do you share data with third parties?
Only the processors strictly needed to run the service. Currently Cloudflare (hosting and CDN), Resend (transactional and marketing email delivery), and Google Analytics (aggregated analytics with IP anonymisation). Each processor has a written data processing agreement with us. We do not sell personal data and we do not pass it to advertising networks.
Where is my data processed?
Primarily in the UK and EEA. Some processors operate in the United States under approved transfer mechanisms (UK International Data Transfer Addendum and EU Standard Contractual Clauses). Email delivery via Resend may route through US infrastructure. Cloudflare's edge network may serve cached static assets from the geographically nearest region.
Do you use cookies?
We use a small number of essential cookies for security and form integrity. We use Google Analytics with IP anonymisation enabled and Google Signals disabled. We do not use advertising cookies, third-party trackers, or cross-site profiling. A cookie banner offering an analytics opt-out will land before public launch.
How do I make a Subject Access Request?
Email austin.anderson@prosperconsulting.ai with "SAR" in the subject line. Tell us your name, the email address you used to contact us, and (if relevant) the engagement or publication you are asking about. We will acknowledge within 5 working days and respond in full within one calendar month.
What about AI agents reading this site?
We publish a public agent-readable surface (llms.txt and a public MCP server) so AI agents can discover what we do without needing to scrape. Agent traffic is logged the same way as human traffic. If an agent submits a contact request on behalf of a user we treat the request as the user's, and the same retention and rights rules apply.
Questions or a formal request
Email austin.anderson@prosperconsulting.ai with "privacy" in the subject line. We respond within one working day under normal conditions.
Working context