Privacy Policy

How we use your data, in plain English.

The short version

Before the detail below, here is what matters in nine points.

  1. We are Axiom AI Insights Ltd, a UK company. We are registered with the Information Commissioner's Office under reference ZC139464.
  2. If you fill in the AXI Quick Scan form, we use your name, email, business name and answers to run the scan and send you your report.
  3. We use AI (Anthropic's Claude API) to help produce your AXI Quick Scan report from the form data you provide and the public business information we add. Adam McEnaney reviews every report before it is sent to you.
  4. If you give us your email to hear when the rest of the AXI ladder launches, we use it only for that purpose. You can unsubscribe any time and nothing else happens until you ask.
  5. We never sell your data, rent it or pass it to third-party marketers.
  6. We use third-party service providers to run our business - for example email, form infrastructure and AI generation. All providers are bound to handle your data under UK data protection law. If the categories or the types of processing change, we will update this policy.
  7. We use patterns across AXI Quick Scan submissions to improve our reports and the AXI product line. Before any of your data is used for this we strip anything that identifies you or your business and aggregate it with other submissions. You can opt out at any time.
  8. We keep your data only for as long as it is useful to you and to us. You can ask us to delete it at any time by emailing axi@axiomaiinsights.co.uk.
  9. You have the full set of rights under UK GDPR: access, correction, deletion, restriction, objection and portability. The full policy below sets out how to use each one.

Any question on how we use your data, email axi@axiomaiinsights.co.uk and we will get back to you.

Who we are

This website is operated by Axiom AI Insights Ltd ("Axiom AI Insights", "we", "us", "our"), a UK-incorporated consultancy. Axiom AI Insights Ltd is the data controller for personal data collected through this website. We are registered with the Information Commissioner's Office under reference ZC139464. The website is accessible at axiomaiinsights.co.uk.

Our contact address for any privacy query is axi@axiomaiinsights.co.uk.

What this policy covers

This policy covers personal data we collect through:

  1. The AXI Quick Scan form - used to generate a free personalised report about where AI can help your business.
  2. The AXI Business Diagnostic intake flow - used to produce your paid Business Diagnostic following payment and your completed Intake Form.
  3. The notify-me form on our Products page - used to email you when the rest of the AXI product line launches.

It also covers the downstream processing of that data - how we generate the reports, how we deliver them and who handles your data along the way.

This policy will be updated as further paid AXI products (Strategy Diagnostic, Strategy Report, Advisory) and any future cookies or analytics on the site go live.

What we collect

Through the AXI Quick Scan form

If you submit the AXI Quick Scan form we collect:

  • Your name
  • Your email address
  • Your business name
  • Your website address (optional)
  • The sector your business operates in
  • A description of your business, in your own words
  • Your role and day-to-day responsibilities
  • The approximate size of your business
  • Your top priorities for the year
  • Where you are with AI today and where you are hoping to go
  • Your self-assessed AI maturity level
  • Any other information you choose to share in the free-text fields

Through the AXI Business Diagnostic intake flow

The Business Diagnostic involves two stages of data collection: payment at our Stripe checkout, and the Intake Form that opens after payment.

At the point of payment, payment is taken via Stripe. Stripe collects and processes your card details directly; we never see them. Stripe shares with us your name, business name, email address, phone number, billing address and a transaction reference confirming successful payment. Stripe acts as a data processor on our behalf for payment processing, and also as a data controller in its own right for fraud prevention and regulatory compliance purposes.

Through the Intake Form, after payment, we collect information across the following categories:

  • Legal acceptance and AI disclosure consents
  • Your prior AXI Quick Scan reference, if you have completed one
  • Business identification - company number, registered address, sector, your role, team size, years trading
  • Strategic context - business priorities, current challenges, market position, growth objectives
  • Operational detail - technology stack, current AI tools, team capability, key processes
  • Free-text business context, where you choose to share more

The exact fields are as set out in the live Intake Form. We may refine the form as the product develops; material changes to the categories of data we collect will be reflected in this policy before the change takes effect.

Through the AI Governance Register

When you buy the AI Governance Register we keep a fulfilment record: your order reference, your name and email, the edition you bought, the payment date, and download events (the date and time of each download and a download count). We do not record your IP address in the download log. Your individually stamped copy of the Register is held in private storage so we can re-issue your Download Link on request. Payment is taken via Stripe as set out above.

Through the notify-me form

If you submit the notify-me form on our Products page we collect:

  • Your email address
  • The date and time you submitted the form

Enrichment data we add

To produce a useful report we supplement the information you submit with publicly available business information:

  • Publicly listed information from Companies House, where your business is registered there (legal form, directors, registered address, incorporation date, SIC codes)
  • Publicly accessible content from the website you provide (homepage, about page, services page)

We do not source any personal data from third-party lists, marketing databases or data brokers.

Technical data our providers log

Our service providers may log your IP address for security and anti-abuse purposes, retained in line with their own retention policies.

Why we collect it

AXI Quick Scan

We use the information you submit through the Quick Scan form to:

  • Generate a personalised report about where AI can help your business
  • Send that report to you by email, typically within 24 hours
  • Follow up with you about the report, including in connection with our paid AXI products, if you have consented to such follow-up
  • Improve our reporting methodology and the AXI product line over time (see "How we use your data to improve our service" below)

We do not use Quick Scan data for any purpose beyond these.

AXI Business Diagnostic

We use the information you provide at payment and the Intake Form to:

  • Produce your Business Diagnostic
  • Deliver it by email within 24 hours of your Intake Form submission
  • Schedule and run your optional Consultation Call, if you have purchased one
  • Respond to follow-up questions about your report
  • Improve our reporting methodology and the AXI product line over time, on an anonymised aggregated basis (see "How we use your data to improve our service" below)

Our legal basis under UK GDPR for the Business Diagnostic processing is performance of contract (Article 6(1)(b)) for the data needed to deliver your Business Diagnostic, legal obligation (Article 6(1)(c)) for transaction records we are required to retain under UK tax law, and legitimate interest (Article 6(1)(f)) for anonymised service-improvement processing.

Notify-me list

We use your email address to contact you when the rest of the AXI product line launches and to share occasional updates about Axiom AI Insights. Your email is used for this purpose only.

Legal basis

We rely on the following lawful bases under UK GDPR:

  • Consent (Article 6(1)(a)) - for all email contact, including the notify-me list, the Quick Scan report delivery and any follow-up from Axiom AI Insights. You can withdraw consent at any time (see "How to leave" below).
  • Legitimate interest (Article 6(1)(f)) - for the enrichment research we carry out to produce the Quick Scan (Companies House lookup, publicly accessible website scraping) and for the aggregated service-improvement processing described below. The legitimate interest is producing a useful, specific report for you and improving the AXI product line over time. We have considered your rights and interests in this balancing exercise and believe this processing is what you would reasonably expect.

We do not rely on any other lawful basis at this stage.

How long we keep it

  • Email address (notify-me list): for as long as you want to remain on the list. If you do not engage with our emails for 24 months we will remove you. We will also remove you promptly on request.
  • Quick Scan form submissions: for 24 months from the date of submission, to enable follow-up and product iteration. At the end of 24 months we delete your form submission. You can request earlier deletion at any time.
  • Quick Scan report we generate: held on our systems for 24 months alongside your form submission, after which it is deleted.
  • Business Diagnostic Intake Form submissions and the Business Diagnostic we generate: for 24 months from delivery, to enable follow-up and product iteration. At the end of 24 months we delete both. You can request earlier deletion at any time.
  • Stripe transaction records: retained for 7 years to meet UK tax and accounting record-keeping requirements (Companies Act 2006 §388 and HMRC retention requirements). The same 7-year period applies to the order record for an AI Governance Register purchase.
  • Register download-event log: 24 months from the event, then deleted. Kept as dispute and licensing evidence. We do not hold your IP address in this log.
  • Register stamped copy in storage: 12 months, then deleted. Kept so we can re-issue your Download Link on request.
  • Aggregated and anonymised insights derived from Quick Scan and Business Diagnostic submissions (sector-level patterns, methodology refinements) may be retained indefinitely. Once anonymisation has been applied, it is no longer possible to connect those insights back to you.

Who handles your data

Your data is held and processed by us and by third-party service providers acting on our instructions. For each service we use, we select providers that operate to standards that meet UK data protection law and we bind them to handle your data only for the purposes we set, via signed Data Processing Agreements.

The categories of providers we use are:

  • Email infrastructure - providers that host our corporate email and send transactional emails, including our AXI Quick Scan report delivery.
  • Form and data storage infrastructure - providers that host the AXI Quick Scan form and store your submission.
  • Website hosting - the provider that hosts the axiomaiinsights.co.uk domain.
  • AI generation - Anthropic Claude API. We use Anthropic's Claude API to help produce your AXI Quick Scan and AXI Business Diagnostic reports from the data you provide and the public business information we add. A member of our team reviews every generated report before it is sent to you. Anthropic does not train its models on your data. Anthropic retains API logs for 7 days only and deletes inputs and outputs after 7 days. Your data is transferred to Anthropic under the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (UK Addendum to SCCs), providing UK-GDPR-compliant transfer protection. Anthropic's commercial terms and Data Processing Addendum apply.
  • Payment processing - Stripe Inc. We use Stripe to process payments for the AXI Business Diagnostic and any paid bolt-ons. Stripe receives your card details, billing address, name and email directly at checkout. We receive a transaction reference and the contact details set out above. Stripe is PCI-DSS compliant and processes payments under its own privacy notice and data processing terms. Card data is never stored on our systems. Stripe operates as a data processor on our behalf and as a data controller in its own right for fraud prevention and regulatory compliance.
  • Public business information lookup - we access publicly listed information from Companies House to supplement your submission. This is a public registry lookup and is not a data processor relationship in the usual sense.
  • Transactional email - Resend (current provider). For the AI Governance Register, we use Resend to send your order confirmation and Download Link. Resend processes your name and email on our instructions under a data processing agreement.
  • Hosting, storage and fulfilment compute - Cloudflare (current provider). Our website, the private storage holding the master and your stamped copy, the fulfilment database and the stamping process all run on Cloudflare, as a processor on our instructions under a data processing agreement.

We may change providers within these categories over time. We will update this policy if the categories of processing themselves change.

If you want to know which specific providers are involved in processing your data at any point, email axi@axiomaiinsights.co.uk and we will tell you.

Data transfers outside the UK. Some of our providers operate outside the United Kingdom, typically in the European Economic Area and the United States. Where your data is transferred outside the UK, we rely on the UK Extension to the EU-US Data Privacy Framework or the UK International Data Transfer Agreement, depending on the provider.

We do not sell your data. We do not share your data with third parties for their own marketing purposes. We do not add you to lists you did not sign up to.

How we use your data to improve our service

Over time we use patterns across AXI Quick Scan submissions to improve our reporting methodology and to develop the rest of the AXI product line. This is how we do it.

  • We review outputs to identify sector-level patterns, common priorities and common AI-readiness gaps across groups of businesses, not individuals.
  • Before any submission data is used for product or model development, it is stripped of information that identifies you or your business (name, email, business name, website) and of specific references inside your free-text fields that could identify your business. It is then aggregated to sector, region or cohort level.
  • We rely on legitimate interest (Article 6(1)(f) UK GDPR) for this processing. The legitimate interest is improving the quality of our reports and developing the AXI product line for small and medium businesses.
  • You can opt out. If you do not want your submission used for this purpose, email axi@axiomaiinsights.co.uk and we will exclude it. This is separate from the Quick Scan report we generate for you, which is unaffected.

We do not disclose your identity, the fact that you have used the Quick Scan or the specific content of your submission to any third party at any time without your explicit prior written consent.

Your rights

Under UK data protection law you have the right to:

  • Access the personal data we hold about you
  • Correct data that is inaccurate
  • Delete your data ("right to be forgotten")
  • Object to our processing or ask us to restrict it
  • Withdraw your consent at any time
  • Data portability - receive a copy of your data in a structured, commonly used and machine-readable format
  • Complain to the ICO at ico.org.uk if you are unhappy with how we handle your data

To exercise any of these rights, email axi@axiomaiinsights.co.uk. We will respond within one calendar month (as required by UK GDPR Article 12(3)).

How to leave

To stop receiving emails from us, email axi@axiomaiinsights.co.uk at any time and we will remove you straight away.

If you want all of the data associated with your Quick Scan submission deleted, including the report we generated, just tell us in your email. We will delete it within 30 days and confirm once done.

Cookies and analytics

Our website (axiomaiinsights.co.uk) itself sets no cookies.

  • When you submit the AXI Quick Scan form or the notify-me form, the underlying form infrastructure may set cookies on its own domain in line with its own privacy policy.
  • When you visit our site, our hosting provider may log standard server access information (including IP address).

If we add analytics or site-set cookies in future, we will update this policy and, where required under UK PECR, request your consent before any non-essential cookies are set.

Updates to this policy

We will update this policy as our products go live and as our processors change. Material changes, anything that affects what we collect, how we use it or who sees it, will be notified to you by email before the change takes effect. The current version and effective date are shown at the top of this page.

Policy version: v4.2 (9 June 2026)
Supersedes: v4.1 (18 May 2026)
Effective from: 9 June 2026
Last updated: 9 June 2026