Legal

Privacy Policy

How we collect, use, store and protect personal data — across our website, services and client work.

Last updated: 15 June 2026

1. Introduction

This Privacy Policy explains how NEXFORMAI LTD trading as Nexform AI collects, uses, stores and protects personal data.

It applies to personal data processed through our website, enquiries, consultation bookings, client relationships, AI automation services, support, marketing activities and related business operations.

We are committed to handling personal data responsibly, transparently and securely.

2. Who We Are

Legal entity: NEXFORMAI LTD trading as Nexform AI

Registered office: 3rd Floor, 86–90 Paul Street, London, England, United Kingdom, EC2A 4NE

Email: info@nexformai.co.uk

Telephone: +44 204 620 2285

3. Our Role as Controller and Processor

Nexform AI may act as a data controller when we process personal data for our own purposes, such as managing enquiries, website activity, marketing, billing, administration and client relationships.

Nexform AI may act as a data processor when we process personal data on behalf of a client, for example when configuring or supporting AI voice agents, workflow automation, document processing automation, CRM integrations, API workflows, call transcripts, uploaded documents, logs or client operational data.

Where we act as a processor, the client remains responsible for determining the lawful basis, purpose and scope of processing, and Nexform AI processes the data in accordance with the client’s instructions and applicable agreement.

4. Personal Data We Collect

Depending on how you interact with us, we may collect and process:

  • names;
  • email addresses;
  • phone numbers;
  • company names;
  • job titles;
  • website form messages;
  • consultation booking details;
  • billing and payment information;
  • call recordings;
  • call transcripts;
  • chat messages;
  • uploaded documents;
  • CRM data;
  • customer or client data from client systems;
  • API logs;
  • workflow logs;
  • IP addresses;
  • device and browser information;
  • website analytics data;
  • support emails and correspondence;
  • business requirements, workflow details and operational information.

We do not intentionally collect special category data, such as health information, ethnicity, political opinions, religious beliefs or biometric data, unless it is necessary for a specific client workflow and appropriate safeguards are agreed.

Client-uploaded documents or system data may accidentally contain sensitive or confidential information. Where this happens, such data is handled confidentially and with appropriate safeguards.

5. How We Collect Personal Data

We may collect personal data when:

  • you submit a website form;
  • you contact us by email, telephone, live chat or social channels;
  • you book a consultation;
  • you become a client;
  • you use an AI voice agent, chatbot, automation workflow or document processing workflow we provide or support;
  • a client provides data to us for configuration, integration, testing, support or delivery;
  • you interact with our website, cookies, analytics or marketing communications;
  • you attend meetings, demos or training sessions.

6. How We Use Personal Data

We may use personal data to:

  • respond to enquiries;
  • arrange consultations and meetings;
  • provide proposals and quotations;
  • deliver AI automation services;
  • configure, test and support AI Systems;
  • process documents, calls, chats, workflows and integrations;
  • manage client accounts;
  • provide support and maintenance;
  • issue invoices and manage payments;
  • monitor service performance and identify issues;
  • improve website functionality and security;
  • send marketing communications where permitted;
  • comply with legal, accounting, tax and regulatory obligations;
  • protect our business, systems, clients and users.

Client data is used only to provide, configure, support, maintain and improve the service for that client, unless otherwise agreed or required by law.

We do not use client data to train public or general AI models.

7. AI Calls, Recordings, Transcripts and Automation Data

Where AI voice agents or call-related workflows are used, calls may be recorded, transcribed, summarised, analysed or routed to support the agreed service.

Clients are responsible for ensuring callers, customers, staff and users are informed where calls are handled by AI, recorded, transcribed or processed through automation, and for obtaining any required notices, consents or lawful basis.

Unless otherwise agreed:

  • AI call recordings are retained for up to 30 days;
  • AI call transcripts are retained for up to 14 days.

Retention periods may vary where required for legal, contractual, operational, security or client-specific reasons.

8. Uploaded Documents and Client System Data

Where clients provide uploaded documents, CRM data, workflow data, API records or other operational data, this data may be processed to provide document extraction, classification, validation, routing, workflow automation, integrations, reporting or support.

Uploaded documents and client system data may contain confidential or sensitive information. Nexform AI will treat such information confidentially and use reasonable security measures, including appropriate access controls and encryption where suitable.

Clients remain responsible for ensuring they have the right to provide such data to Nexform AI and that the use of the data complies with applicable law.

9. Marketing Communications

We may send marketing communications to business contacts, prospects or existing clients where permitted by law. This may include updates about services, AI automation, events, offers, insights or relevant business information.

We may use B2B outreach and soft opt-in marketing where lawful and appropriate.

Marketing tools may include Google Workspace, Mailchimp, Brevo, HubSpot, Instantly, Smartlead or other platforms used from time to time.

You can opt out of marketing communications at any time by using the unsubscribe option where provided or by contacting info@nexformai.co.uk.

10. Cookies and Website Analytics

Our website may use cookies and similar technologies. Some cookies are essential for the website to function. Others, such as analytics or marketing cookies, are used only where permitted and, where required, with consent.

Further information is provided in our Cookie Policy.

11. Lawful Bases for Processing

We rely on one or more lawful bases depending on the context, including:

  • Contractual necessity: to provide services, proposals, support, billing and client account management;
  • Legitimate interests: to operate our business, respond to enquiries, improve services, conduct B2B marketing, protect systems and manage client relationships;
  • Consent: where required for marketing, cookies, call recording or other activities requiring consent;
  • Legal obligation: to comply with accounting, tax, regulatory, legal or compliance requirements;
  • Client instructions: where Nexform AI acts as a processor on behalf of a client.

12. How Long We Keep Personal Data

We keep personal data only for as long as reasonably necessary for the purpose for which it was collected, including legal, accounting, contractual, operational and security purposes.

Unless otherwise required or agreed, our standard retention periods are:

  • Contact form enquiries: up to 24 months;
  • Consultation booking records: up to 24 months;
  • Client account records: for the duration of the contract plus 6 years;
  • Invoices and payment records: 6 years;
  • Support emails: for the duration of the contract plus 24 months;
  • Chat transcripts: up to 24 months unless shorter retention is agreed;
  • AI call recordings: up to 30 days;
  • AI call transcripts: up to 14 days;
  • CRM/API logs: up to 24 months unless required for support, audit or security;
  • Website analytics data: up to 26 months;
  • Marketing mailing list data: until you unsubscribe or after 24 months of inactivity.

We may retain data for longer where necessary to establish, exercise or defend legal claims, comply with legal obligations, resolve disputes, maintain security or meet contractual requirements.

13. Sharing Personal Data

We may share personal data with:

  • service providers and technology platforms;
  • payment processors;
  • hosting providers;
  • email, calendar and communication providers;
  • AI model and automation providers;
  • CRM and integration platforms;
  • analytics and website service providers;
  • subcontractors and specialist consultants;
  • professional advisers;
  • insurers;
  • public authorities, regulators or law enforcement where required by law.

We do not sell personal data.

14. Subcontractors and Service Providers

We may use vetted subcontractors, consultants and service providers to help deliver services. These parties are managed by Nexform AI and required to protect confidential information and personal data appropriately.

Subcontractors may be based in the United Kingdom or overseas. Where personal data is processed, we take reasonable steps to ensure suitable safeguards are in place.

We may add or change service providers and subprocessors from time to time as our business and services evolve.

15. International Data Transfers

Nexform AI’s primary intention is to use UK-based or appropriately safeguarded processing wherever practicable.

However, some third-party platforms, cloud providers, AI providers, communication providers and business tools may process or access data outside the United Kingdom. Where this occurs, we will take reasonable steps to ensure appropriate safeguards are in place, such as contractual safeguards, adequacy arrangements, standard contractual clauses, UK international data transfer mechanisms or other lawful transfer safeguards.

16. Security

We use reasonable technical and organisational measures to protect personal data, which may include access controls, encryption where appropriate, secure systems, confidentiality obligations, user permissions, monitoring and supplier due diligence.

However, no method of transmission or storage is completely secure. Clients and users should also take steps to protect their own accounts, credentials, devices and systems.

17. Your Data Protection Rights

Depending on the circumstances, you may have the right to:

  • access your personal data;
  • correct inaccurate personal data;
  • request deletion of personal data;
  • restrict processing;
  • object to processing;
  • request data portability;
  • withdraw consent where processing is based on consent;
  • complain to the UK Information Commissioner’s Office.

To exercise your rights, contact info@nexformai.co.uk.

We may need to verify your identity before responding. Some rights may be limited where data is processed on behalf of a client, where legal obligations apply, or where exemptions are available under data protection law.

18. Children

Our services are intended for business and organisational use and are not directed at individuals under 18.

Our website may contain links to third-party websites, booking pages, platforms or services. We are not responsible for the privacy practices or content of those third-party services.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be published on our website.

21. Contact

For privacy questions or requests, contact:

Nexform AI

Email: info@nexformai.co.uk

Telephone: +44 204 620 2285

Address: 3rd Floor, 86–90 Paul Street, London, England, United Kingdom, EC2A 4NE