This Privacy Policy explains how Supram Consultancy Services Ltd ("Supram", "we", "us", "our"), trading as Trident AI, collects, uses, and protects personal data when you visit trident-ai.dev, contact us, or use any of our services.
We are the data controller for the personal data described in this policy. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Legal entity: Supram Consultancy Services Ltd, a company registered in England & Wales.
Trading name: Trident AI
Contact for data matters: info@supram.co.uk
2. What personal data we collect
2.1 Information you give us directly
- Contact form submissions: name, email address, company (optional), and the content of your message.
- Email correspondence: any information you choose to share when you email us.
- Discovery calls: notes we take during scoping conversations, including business context you share with us.
2.2 Information collected automatically
- Server logs: our hosting provider records standard request information (IP address, user-agent, timestamp, requested path) for security and operational purposes.
- Cookies: trident-ai.dev does not currently set tracking cookies. Third-party assets (fonts, Tailwind CSS) are loaded from their respective CDNs and may set technical cookies governed by their own privacy policies.
2.3 Information collected when you use our automation services
If you engage Trident AI to deliver an automation that connects to your business systems (for example, social media accounts, CRM, calendar, or email), you will be asked to authorise access via the platform's official OAuth flow. In that case we may store:
- OAuth access and refresh tokens for each connected platform, encrypted at rest.
- Account identifiers (page IDs, user IDs, profile handles) returned by the platform.
- Content and metadata we process on your behalf — for example, posts we draft, schedule, or publish, and the responses returned by the platform.
We only collect what is required to deliver the automation you have asked for, and we do not use this data for any other purpose.
3. Why we use your personal data (lawful basis)
- To respond to your enquiry — lawful basis: legitimate interest in conducting business correspondence.
- To deliver services you have engaged us for — lawful basis: contract.
- To send service-related communications (e.g. project updates) — lawful basis: contract or legitimate interest.
- To operate and secure the website — lawful basis: legitimate interest in protecting our systems.
- To comply with legal obligations (e.g. tax, accounting, regulatory) — lawful basis: legal obligation.
We do not currently use your personal data for marketing without your prior consent.
4. Who we share your personal data with
We share personal data only with service providers who help us run our business, and only to the extent they need it. Current providers include:
- Netlify, Inc. — website hosting and global content delivery.
- Web3Forms — contact form submission relay.
- Email and productivity providers — for storing correspondence and project documents.
- Social media and business platforms — where you have authorised an integration (e.g. Meta, LinkedIn, Google Workspace), data flows to and from those platforms strictly to deliver the service.
We do not sell personal data to third parties under any circumstances.
5. International transfers
Some of our service providers are based outside the UK and the European Economic Area, including in the United States. Where personal data is transferred internationally, we rely on adequacy decisions (where available) or standard contractual clauses approved by the UK Information Commissioner's Office to ensure equivalent protection.
6. How long we keep your personal data
- Contact enquiries that do not lead to engagement: up to 24 months, then deleted.
- Client records and correspondence: retained for the duration of the engagement plus 6 years (to meet UK accounting and tax record requirements).
- OAuth tokens for active integrations: retained while the integration is active; deleted within 30 days of disconnection or contract end, whichever is sooner.
- Server logs: retained for up to 90 days for security purposes.
7. Your rights
Under UK GDPR you have the right to:
- Request a copy of the personal data we hold about you (access);
- Ask us to correct inaccurate data (rectification);
- Ask us to delete your data where we no longer have a lawful basis to keep it (erasure);
- Ask us to restrict how we process your data in certain circumstances (restriction);
- Receive your data in a portable format (portability);
- Object to processing based on legitimate interest (objection);
- Withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, email info@supram.co.uk. We will respond within one calendar month.
If you believe we have not handled your personal data properly, you have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.
8. Security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. These include encryption of data in transit (TLS), encryption of sensitive data at rest, access controls, and regular review of our processing practices. No system is perfectly secure; we will notify affected individuals and the ICO of any breach as required by law.
9. Children
Our services are not directed to individuals under 18, and we do not knowingly collect personal data from children.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be highlighted on this page with a revised "last updated" date. Where changes affect how we use data we already hold about you, we will contact you directly.
11. Contact
For any questions about this Privacy Policy or how we handle your personal data:
Supram Consultancy Services Ltd (trading as Trident AI)
Email: info@supram.co.uk
Website: trident-ai.dev