Privacy Cookies

Privacy Policy.

Effective date: 12 April 2026.

1. Privacy Policy introduction.

At Scail, we are committed to protecting your privacy and handling personal data in a transparent, lawful, and responsible way.

This Privacy Policy explains how we collect, use, store, share, and protect personal information when you visit our website, contact us, sign up for updates, download content, attend an event, or otherwise interact with us. It also explains your rights and how to exercise them.

We are committed to respecting your privacy rights and safeguarding your personal data in line with applicable UK data protection law.

Contact information

Scail
scailwithai.com
hello@scailwithai.com

Registered office
161 Grove Road, London E17 9BZ

The ICO says privacy information should tell people who you are, how to contact you, what personal data you collect, why you use it, who you share it with, how long you keep it, and what rights they have. (ICO)

2. Information we collect.

We may collect and process the following categories of personal data.

2.1 Information you provide directly.

This may include your name, work email address, telephone number, company name, job title, and any other information you choose to include when you contact us, submit a form, request a meeting, sign up to a newsletter, download content, or enquire about our services.

It may also include information you provide in relation to your organisation’s goals, challenges, priorities, systems, AI adoption, project requirements, and areas of interest.

2.2 Information we collect through website use.

When you use the website, we may collect technical and usage information such as IP address, browser type, device type, operating system, pages viewed, referral source, time spent on pages, and interactions with content or forms.

Because the Scail website is hosted on Squarespace, some website data may be collected through Squarespace platform functionality, site analytics, cookie preference tools, and any third party services enabled on the live build. Squarespace states that privacy and cookie implications depend not only on Squarespace itself, but also on the third party services connected to the site. (Squarespace Help)

2.3 Information from marketing and business development activity.

If you interact with Scail through events, webinars, downloadable resources, newsletters, or direct business development activity, we may collect information relevant to that interaction, such as registration details, attendance details, content interests, and communication preferences.

Where we collect personal data directly for direct marketing purposes, the ICO says we must be clear about what we want to do with that information and provide the required privacy information at the time of collection. (ICO)

2.4 Information we generally do not seek to collect.

Scail does not intentionally seek to collect special category personal data through its website or ordinary marketing activity, and does not knowingly collect personal data from children through the website.

3. How we use your information.

We may use your personal data for the following purposes.

3.1 Service delivery.

We use personal data to respond to enquiries, arrange calls or meetings, assess potential requirements, prepare proposals, deliver consultancy and related services, manage projects, and maintain client relationships.

3.2 Website operation and improvement.

We use website and usage information to keep the website functioning properly, understand how it is used, improve performance, improve user experience, and maintain security.

3.3 Content, events, and communications.

We may use personal data to send newsletters, insights, invitations, white papers, event information, and other communications that are relevant to Scail’s audience and services, subject to applicable marketing rules.

3.4 Business administration and protection.

We may use personal data to run our business, maintain records, manage suppliers and partners, prevent misuse of our systems, protect our rights, investigate complaints, and meet legal, regulatory, contractual, and compliance obligations.

The ICO says organisations must decide and explain their purposes for processing before they start using people’s data, and must clearly set out those purposes in their privacy information. (ICO)

4. Lawful bases for processing.

Under UK GDPR, we rely on one or more of the following lawful bases depending on the context.

4.1 Legitimate interests.

We may process personal data where it is necessary for our legitimate interests, including running and improving the business, responding to enquiries, developing our services, maintaining B2B relationships, improving the website, and sending certain business communications where lawful.

The ICO states that direct marketing may be a legitimate interest in some circumstances, but it is not automatic and depends on the facts and compliance with other legal rules, including PECR where relevant. (ICO)

4.2 Contract.

We may process personal data where it is necessary to take steps at your request before entering into a contract, or to perform a contract with you or your organisation.

4.3 Consent.

We may rely on consent where appropriate, including for certain newsletter subscriptions, cookie-based analytics or marketing activity, and other situations where consent is required.

4.4 Legal obligation.

We may process personal data where necessary to comply with legal, regulatory, tax, accounting, or reporting obligations.

The ICO’s privacy notice guidance says you should identify the lawful basis you rely on and explain it to individuals. (ICO)

5. Marketing communications.

Scail may send marketing or insight-led communications relating to its services, events, resources, or relevant business topics.

Where marketing is sent to individual subscribers, we will do so in accordance with applicable data protection and electronic marketing rules. The ICO says you must not send marketing emails or texts to individual subscribers without specific consent, subject to limited exceptions, while B2B marketing to corporate subscribers is treated differently under PECR. (ICO)

You can opt out of marketing communications at any time by using the unsubscribe link in an email or by contacting us directly.

6. Cookies and similar technologies.

Scail uses cookies and similar technologies on its website. Some are strictly necessary for site operation, while others may support analytics, performance, or marketing activity.

Because the website is hosted on Squarespace, some cookies and related technologies are set by Squarespace platform functionality and others may arise from features or third party services enabled on the live site. Squarespace states that website owners should consider both Squarespace and connected third party services when assessing GDPR and privacy compliance. (Squarespace Help)

More information is available in our Cookie Policy.

7. Data sharing and third parties.

We may share personal data with trusted service providers and professional advisers where necessary for the purposes set out in this policy. This may include website hosting and infrastructure providers, analytics providers, email and communications platforms, CRM or contact management tools, cloud storage providers, event or scheduling tools, and legal, accounting, or other professional advisers.

We may also share personal data where required by law, regulation, court order, or to establish, exercise, or defend legal claims.

If Scail uses built-in Squarespace integrations or other connected services, personal data may also be processed by those providers depending on the live site configuration. Squarespace specifically notes that third party services connected to a Squarespace site may have their own data protection implications. (Squarespace Help)

8. International transfers.

Some of our service providers or partners may process personal data outside the UK. Where personal data is transferred internationally, we will take steps to ensure that appropriate safeguards are in place, in line with applicable law.

The ICO says restricted international transfers must be covered by UK adequacy regulations, appropriate safeguards such as Article 46 mechanisms, or a valid exception, and notes that where safeguards are used they may include tools such as the UK International Data Transfer Agreement and a transfer risk assessment. (ICO)

9. Data retention.

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, contractual, and reporting requirements.

Retention periods may vary depending on the nature of the relationship and the type of data involved. For example, we may retain enquiry and business development records for a reasonable period to manage follow-up and business records, client and project records for longer where needed for contractual or legal reasons, and analytics data in line with the settings of the relevant platform or tool.

The ICO says that if you do not have a fixed retention period, you should explain the criteria used to decide how long personal data will be kept. (ICO)

10. Data security.

We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

These measures may include access controls, password protection, secure cloud-based systems, role-based access, software updates, and internal processes designed to reduce risk and support appropriate handling of personal data.

11. Your rights.

Under UK data protection law, you may have the right to request access to your personal data, ask for incorrect data to be corrected, request deletion in certain circumstances, ask us to restrict processing in certain circumstances, object to certain processing, request portability where applicable, and withdraw consent where consent is the basis relied on.

The ICO says privacy notices should tell people which rights they have and how to exercise them. (ICO)

To exercise your rights, please contact us using the contact details set out above.

12. Complaints.

If you have a concern about how we handle your personal data, we would appreciate the opportunity to address it first.

You also have the right to complain to the Information Commissioner’s Office in the UK. The ICO is the UK supervisory authority for data protection matters. (ICO)

13. AI and client data.

As an AI consultancy, Scail may work with organisations that are exploring or implementing AI-related tools, workflows, or services. Where Scail processes client data as part of a live engagement, the scope and terms of that processing should normally be governed by the relevant contract and, where appropriate, a separate data processing agreement.

Scail does not use client confidential information or client personal data to train its own commercial AI systems except where this is expressly agreed in writing.

14. Updates to this policy.

We may update this Privacy Policy from time to time to reflect changes to our website, services, legal requirements, or data practices. Where appropriate, we will update the effective date and take reasonable steps to bring material changes to attention.

The ICO says privacy information should be kept under regular review, and that organisations should consider when and how updated information is provided to individuals. (ICO)

15. Contact us.

If you have any questions about this Privacy Policy or Scail’s handling of personal data, please contact:

Scail
scailwithai.com
hello@scailwithai.com
161 Grove Road, London E17 9BZ