Privacy Policy

Last updated: 28 February 2026

This Privacy Policy explains how slightlychilled.AI (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you visit slightlychilled.ai (the “Website”), contact us, or use our services.

We take privacy seriously and aim to keep this clear, practical, and respectful.

1. Who we are (the data controller)

Data controller: Simon Hunt

Email: simon@slightlychilled.com

Website: slightlychilled.ai

2. The data we collect

We may collect and process the following categories of personal data:

A. Information you provide to us

  • Identity and contact data: name, email address, phone number, business name.
  • Enquiry and message data: information you include in messages, enquiry forms, consultation requests, or emails.
  • Project and service data (clients): information needed to deliver services (which may include business contact details, system notes, credentials you choose to share, and communications).

B. Information collected automatically when you use the Website

  • Technical data: IP address, browser type/version, device information, operating system, time zone and location (approximate), referral source, and basic diagnostic data.
  • Usage data: pages viewed, interactions, approximate time on pages, and navigation paths.

This data is typically collected via server logs and, where enabled, cookies or similar technologies.

3. How we use your data

We use your personal data for the following purposes:

  • To respond to enquiries and provide information you request.
  • To book and manage calls/consultations and communicate with you.
  • To deliver our services (including designing, implementing, and supporting automation, websites, AI systems, and infrastructure).
  • To maintain website security and prevent abuse, fraud, and unauthorised access.
  • To improve our Website and how we present information (for example, understanding which pages are most useful).
  • To manage our business operations (record keeping, billing, administration, contractual matters).

We do not sell your personal data.

4. Lawful bases for processing (UK GDPR and EU GDPR)

We process personal data only when we have a lawful basis to do so, including:

  • Legitimate interests: running and improving our business, responding to enquiries, maintaining security, and communicating professionally (balanced against your rights).
  • Contract: when processing is necessary to deliver services you’ve requested or to perform a contract with you.
  • Pre-contract steps: when you ask us to take steps before entering into a contract (for example, discussing requirements or preparing a proposal).
  • Consent: where you explicitly opt in (for example, if we ever introduce optional marketing emails).

You can withdraw consent at any time where consent is the lawful basis.

5. Cookies and similar technologies

We may use cookies and similar technologies to help the Website function properly and to understand how it is used.

Types of cookies we may use

  • Strictly necessary cookies: required for the Website to function (security, load balancing, form protection).
  • Preference cookies: remember choices you make (where enabled).
  • Analytics cookies: help us understand traffic and improve the site (only where enabled and, where required, subject to consent).

You can control cookies through your browser settings and, where implemented, our cookie banner/settings.

6. Forms, messages, and consultations

When you submit a form or message on the Website, we collect the information you provide so we can respond and handle your request. We may also use basic anti-spam measures to protect the site from misuse.

If you contact us by email, phone, or other channels, we will process that communication and any data you share as part of responding and, if relevant, working with you.

7. AI, automation, and client work

Because we build AI and automation systems, some projects may involve processing personal data as part of delivering the service.

Our role depends on the project

  • In many cases, you (the client) are the data controller and we act as a data processor when handling personal data on your behalf.
  • In other cases, we may act as a data controller (for example, managing our own enquiry pipeline and client relationship records).

Where we act as a processor, we process personal data under your documented instructions and appropriate contractual terms.

Privacy-respecting approach

We design systems to minimise data exposure, reduce unnecessary retention, and apply practical security controls. The exact approach depends on the scope you choose and the systems involved.

8. Who we share data with (processors and service providers)

We may share personal data with trusted third parties only where necessary to operate our Website and deliver services, such as:

  • Website hosting, infrastructure, and security providers
  • Email and communications providers
  • Scheduling/meeting tools (if used)
  • Professional advisers (legal, accounting) where necessary
  • Contractors or specialist partners engaged to deliver part of a project (only where required and appropriately controlled)

Where third parties process personal data on our behalf, we use appropriate agreements and take reasonable steps to ensure they apply suitable security measures.

9. International transfers

Some service providers may store or process data outside the UK/EEA. Where international transfers occur, we take steps designed to ensure appropriate safeguards are in place (for example, adequacy decisions, standard contractual clauses, and vendor security controls).

10. Security

We apply reasonable technical and organisational measures designed to protect personal data, including access controls, least-privilege practices, and appropriate hosting and infrastructure security.

No method of transmission or storage is completely risk-free, but we aim to keep security proportionate, modern, and practical.

11. Your rights

Depending on your location (UK/EEA), you may have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Restrict processing of your data
  • Object to processing (particularly where we rely on legitimate interests)
  • Data portability (in certain situations)
  • Withdraw consent (where consent is the lawful basis)

To exercise your rights, contact us at simon@slightlychilled.com. We may ask for verification of identity where appropriate.

12. Complaints

If you are in the UK, you can complain to the Information Commissioner’s Office (ICO).

If you are in the EU/EEA, you can complain to your local data protection authority.

We’d appreciate the chance to handle concerns directly first, if you’re comfortable doing so.

13. Links to other websites

Our Website may contain links to third-party websites (for example, LinkedIn). We are not responsible for the privacy practices of other websites. Please review their privacy policies separately.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page, with the “Last updated” date shown at the top.

15. Contact

If you have questions about this Privacy Policy or how we handle data, contact:

Email: simon@slightlychilled.com