Privacy Policy

1. Information We Collect and Process

We collect personal and technical information when you interact with our digital consultancy, use our custom-engineered platforms, or implement our automation systems. Depending on the specific services you engage, we process:

• Bespoke Digital Platforms & Custom Web Development: Name, billing details, business correspondence, domain credentials, temporary staging API tokens, database connection strings, and client-side user interaction analytics for custom-built Next.js and React web applications.
• Strategic Content Orchestration: Content briefs, voice recordings, raw cinematic video footage, branding assets, custom thumbnail graphics, audience retention metrics, and API tokens for social media channel management (including YouTube, TikTok, and Meta platforms).
• Intelligent Automation & AI Architectures: Workflow inputs, dataset files, temporary CRM access tokens, and automated chatbot or agent prompts containing user/client queries. This also includes workflow parameters configured on platforms such as n8n, Make, and Zapier.
• Enterprise-Grade Infrastructure: Server access logs, IP addresses of connecting clients, network bandwidth usage statistics, Managed Database server metrics, and domain diagnostic payloads from our high-performance Windows and Linux VPS instances.

2. How We Utilise Your Data ("Lawful Basis for Processing")

Under the UK GDPR, our lawful bases for processing your data include contract execution, legitimate interests (to secure and optimise our client systems), and compliance with our legal duties. We utilise your information to:

• Deliver and Maintain Bespoke Digital Platforms: Deploying lightning-fast progressive web applications, performing SEO performance engineering, and executing analytics-driven optimisation.
• Execute AI Automations Safely: Configuring intelligent AI agents to execute document processing and user query resolutions. All API integrations with third-party Large Language Model providers (e.g. OpenAI, Anthropic, Google) are structured under professional enterprise terms. Your production workflow data is never used to train third-party public AI models.
• Distribute Strategic Content: Refining video thumbnail layouts, analysing viewer analytics, and publishing cinematic video cuts across multi-platform channels to organically multiply your brand reach.
• Provide 24/7 Security and Server Monitoring: Analysing VPS traffic metrics, database load rates, and firewall events to defend your core enterprise infrastructure against DDoS threats and data breaches.

3. Data Sovereignty, Security and International Transfers

GREEN LOGIC STUDIO LTD operates primarily within the United Kingdom. We enforce strict data storage protocols:

- Storage Location: All customer data is hosted in high-availability, secure database architectures based within the UK or European Economic Area (EEA), unless otherwise requested by client data sovereignty policies.

- Security Infrastructure: We encrypt database connections, enforce zero-trust access tokens, and securely encrypt API credentials at rest.

- International Data Transfers: Where third-party APIs (e.g. US-based LLM APIs or global content distribution services) require processing, we ensure strict Standard Contractual Clauses (SCCs) and UK International Data Transfer Agreements (IDTAs) are in place to guarantee equal safeguards.

4. Data Retention and Your Legal Rights

We retain personal data only for as long as necessary to satisfy the contract, comply with accounting and regulatory rules, or provide ongoing priority maintenance and database security. Staging repositories, testing databases, and temporary access codes are systematically deleted upon project sign-off and final payment.

Under the UK GDPR, you have the following rights which you can exercise at any time:

• The right to access and receive copies of your personal data on our active systems.
• The right to request immediate rectification or erasure of obsolete personal data.
• The right to restrict processing of automated AI databases or request immediate data portability.
• The right to object to legitimate interest processing or automated decision-making.