AgentAudit

Legal

Privacy Notice

How we collect, process, store and protect personal data under UK GDPR, the EU GDPR and the Data Protection Act 2018.

Privacy and trust

Last updated: 27 June 2026

1. Who we are

AgentAudit Limited ("AgentAudit", "we", "us") is the data controller for personal data processed via agentauditcentral.co.uk and the AgentAudit customer portal. Registered office: London, United Kingdom. Contact: privacy@agentauditcentral.co.uk.

2. What we collect

  • Identity and contact data — name, work email, organisation, role.
  • Enquiry data — sector, evaluation stage and any free-text message you submit.
  • Authentication data — email, hashed password, OAuth identifiers (Google).
  • Portal usage — logs, audit entries, IP, user-agent, timestamps.
  • Consent records — what you consented to, when, and from where.

3. Lawful bases (UK GDPR Art. 6)

  • Consent — marketing emails and demo/contact submissions.
  • Contract — providing the portal to authenticated customer users.
  • Legitimate interests — responding to business enquiries, securing the service, preventing fraud.
  • Legal obligation — tax, accounting, regulatory record-keeping.

4. How long we keep it

  • Unconverted demo / contact enquiries: 24 months from last contact, then deleted.
  • Marketing consent records: for as long as consent is active, plus 6 years as proof of consent.
  • Customer portal data: for the duration of the contract plus 7 years for regulated audit-trail integrity.
  • Authentication logs: 13 months.

5. Sharing and sub-processors

We use a small number of vetted sub-processors (hosting, database, email delivery, error monitoring). The current list is published on our Security & Trust page. We do not sell personal data and do not share it with third parties for their own marketing.

6. International transfers

Where data leaves the UK or EEA, transfers rely on the UK International Data Transfer Addendum or the EU Standard Contractual Clauses, plus supplementary measures where required.

7. Your rights

You have the right to access, rectify, erase, restrict or port your data, and to object to processing based on legitimate interests or direct marketing. You can withdraw consent at any time without affecting prior lawful processing. To exercise any right, email privacy@agentauditcentral.co.uk. You can also complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

Encryption in transit (TLS 1.2+) and at rest, role-based access control, principle of least privilege, tenant isolation enforced via row-level security, audit logging of privileged actions, and regular third-party penetration testing.

9. Cookies

We use strictly necessary cookies for authentication and session management. We do not use third-party advertising trackers. If we add analytics that require consent, we will surface a cookie banner before the cookie is set.

10. Changes

We will post material changes here with an updated revision date and, where appropriate, notify customer portal administrators by email.