Legal

Privacy Policy

Last updated: May 2025

1. Who we are

Usage Register ("we", "us", "our") provides an AI governance platform and managed review service for UK businesses. For the purposes of UK GDPR, we act as a data controller in relation to data collected through our website and marketing activities, and as a data processor in relation to personal data processed on behalf of our clients as part of service delivery.

Contact: hello@usageregister.co.uk

2. Data we collect and why

We collect and process personal data in the following contexts:

Website enquiries and leads

When you submit an enquiry via our contact form, we collect your name, email, company name, and team size. We use this to respond to your enquiry and, where relevant, to contact you about our services.

Legal basis: Legitimate interest (responding to enquiries); consent (marketing follow-up, where separately obtained).

Client platform accounts

For client organisations using the platform, we hold account data including names, email addresses, job titles, departments, and roles. This is used to manage platform access, deliver services, and communicate about the engagement.

Legal basis: Contract performance; legitimate interest.

Staff survey responses

Where we conduct an AI discovery survey, staff provide information about their AI tool use, department, job role, and related details. These responses are confidential. Individual responses are never shown to management by name. Results are reported in aggregate, with small-group suppression applied where group sizes could identify individuals.

Legal basis: Legitimate interest of the client organisation; processing under instructions from the data controller (client). Governed by our Data Processing Agreement.

3. How long we keep data

  • Website enquiry data: up to 2 years from date of last contact
  • Client account data: for the duration of the engagement and up to 2 years thereafter
  • Survey response data: for the duration of the engagement; anonymised or deleted within 90 days of engagement end, subject to the agreed Data Processing Agreement
  • Audit logs and activity records: up to 3 years from creation

You can request deletion of your data at any time — see Section 6.

4. Who we share data with

We do not sell personal data. We share data only with:

  • Neon — cloud database hosting (PostgreSQL), used to store platform data. Data is held within the EU/EEA.
  • Resend — transactional email delivery, used to send survey invites, account invitations, and notifications.
  • Replit — application hosting platform. Processing within the EU/EEA.

Where required by law or a court order, we may disclose data to public authorities.

Full details of sub-processors are in our Data Processing Agreement, available on request or at /dpa.

5. International transfers

We aim to keep data processing within the UK and EU/EEA. Where any sub-processor operates outside the UK, we ensure appropriate safeguards are in place (such as UK International Data Transfer Agreements or EU Standard Contractual Clauses).

6. Your rights

Under UK GDPR, you have the right to:

  • Access — request a copy of personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — request deletion where there is no legitimate reason to retain
  • Restriction — ask us to pause processing in certain circumstances
  • Portability — receive data in a structured, machine-readable format where applicable
  • Object — object to processing based on legitimate interest

To exercise any right, email hello@usageregister.co.uk. We will respond within 30 days.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

7. Cookies

We use cookies to maintain your session when logged in to the platform (essential cookies). With your consent, we may also use analytics cookies to understand how the site is used.

You can manage your cookie preferences using the banner shown on your first visit, or by clearing your browser's local storage at any time.

CookiePurposeType
authjs.session-tokenKeeps you logged inEssential
ur_cookie_consentRemembers your cookie preferenceEssential

8. Changes to this policy

We may update this policy periodically. We will post the updated version here with a revised date. For material changes affecting clients, we will provide direct notice.

9. Contact us

Data protection queries: hello@usageregister.co.uk