Legal

Privacy Policy

Last updated: 10 April 2026  ·  Effective: 10 April 2026

U4RIA AI LTD takes your privacy seriously. This policy explains what we collect, why we collect it, and what rights you have over your data. If you have questions at any point, email ben@u4ria.dev.

1. Who we are

U4RIA AI LTD (“U4RIA”, “we”, “us”, “our”) is registered in England and Wales (company number 16512170), headquartered in London with operations in Barcelona. We design and build bespoke AI systems for businesses in manufacturing, logistics, retail, real estate, and related industries.

For the purposes of UK GDPR and EU GDPR, U4RIA AI LTD is the data controller of personal data collected through www.u4riaai.com and our commercial engagements, and a data processor when handling client operational data under a signed services agreement.

Data Protection contact: ben@u4ria.dev

General enquiries: info@u4ria.dev

2. Scope

This policy applies to personal data we collect through:

  • ·our website and marketing pages
  • ·discovery calls, proposals, and commercial communications
  • ·pilots, proofs-of-concept, and deployed AI systems
  • ·recruitment and supplier onboarding

It does not cover third-party websites we link to. By using our services or website, you confirm you have read this policy.

3. Personal data we collect

We collect only what we need to deliver our services:

Identity & contact dataName, job title, company, work email, phone number.
Commercial dataProposals issued, meetings booked, contract details, billing information.
Technical dataIP address, browser type, device information, access logs.
Engagement dataPages viewed, resources downloaded, messages exchanged.
Client operational dataWorkflow data, process documentation, system outputs, and other information you share with us to scope, build, or run an AI system.
Recruitment dataCVs, work history, and interview notes where you apply for a role.

We do not seek to collect special category data (health, biometrics, political opinions, etc.) and will only process it if it is strictly required for a specific engagement and you have explicitly consented.

4. How we collect it

Directly from you, from your devices when you use our site, from business partners who refer you, and from public sources (LinkedIn, Companies House, corporate websites) for B2B prospecting.

5. Lawful bases (UK GDPR Art. 6)

We only process personal data where we have a lawful basis:

ContractTo deliver the services you have engaged us for.
Legitimate interestsTo run and grow our business, including B2B outreach, security, and service improvement. We balance these against your rights and stop on request.
ConsentFor marketing emails and any optional cookies.
Legal obligationTo meet tax, accounting, and regulatory duties.

6. How we use personal data

  • ·Delivering and improving bespoke AI systems, pilots and quick-win builds.
  • ·Scoping, proposing, contracting, invoicing and supporting client projects.
  • ·Securing our infrastructure and detecting misuse.
  • ·Measuring AI performance and ROI against agreed success metrics.
  • ·Responding to enquiries, complaints, and legal requests.
  • ·Marketing with your consent, which you can withdraw at any time.
  • ·Recruitment and supplier management.

7. Automated decisions and AI

Some of the systems we build for clients use machine learning or automated decision-making (demand forecasting, route optimisation, lead scoring, valuation models). Where a decision produces legal or similarly significant effects for an individual:

  • ·we design the system with human-in-the-loop review;
  • ·we document the logic, inputs, and expected impact;
  • ·you have the right to obtain human review, express your view, and contest the decision, unless an exception under Article 22 UK GDPR applies.

We do not use client operational data to train foundation models, and we do not sell personal data. Any model training is contractually limited to the client's own data for the client's own purposes, unless otherwise agreed in writing.

8. Sharing personal data

We share personal data only with:

  • ·Sub-processors under written contract — cloud hosting, email, productivity, analytics, and model-serving providers. A current list is available on request from ben@u4ria.dev.
  • ·Professional advisers — accountants, lawyers, auditors, insurers.
  • ·Authorities and regulators where legally required.
  • ·A buyer or successor in the event of a merger, acquisition, or sale.

We do not share client operational data with any third party without your written instruction, except where required by law.

9. International transfers

Where personal data leaves the UK or EEA, we rely on:

  • ·UK and EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum;
  • ·adequacy decisions where one is in force; and
  • ·supplementary technical measures such as encryption in transit and at rest.

10. Retention

We keep personal data only for as long as needed:

Data typeRetention period
Prospect dataUp to 24 months from last interaction, unless you object
Client contract & billing data7 years from project close (UK tax law)
Client operational dataDuration of engagement plus 90 days, then returned or securely deleted per the services agreement
Recruitment data12 months from application, longer with consent
Server logs and security telemetryUp to 12 months

Data is securely deleted or anonymised at the end of its retention period.

11. Security

We operate on a security-by-design basis, aligned with SOC 2 Trust Services Criteria and UK GDPR Article 32:

  • ·Encryption in transit (TLS 1.2+) and at rest
  • ·Role-based access controls and least-privilege principles
  • ·Immutable audit logging of access to client operational data
  • ·Continuous monitoring, anomaly detection, and incident response playbooks
  • ·Vendor due diligence on every sub-processor

No system is ever 100% secure, but we take our obligations seriously and act immediately on credible risks.

12. Data breaches

If a personal data breach presents a risk to individuals, we will notify the ICO within 72 hours of becoming aware, and notify affected individuals and clients without undue delay, as required by UK GDPR.

13. Your rights

Under UK and EU GDPR you have the right to:

Access your personal data
Have inaccurate data corrected
Request deletion (right to be forgotten)
Restrict or object to processing
Data portability
Withdraw consent at any time
Not be subject to solely automated decisions with significant effect
Lodge a complaint with the ICO (ico.org.uk) or your local supervisory authority

For US residents, CCPA/CPRA equivalents apply — the right to know, delete, correct, opt-out of sale/sharing, and non-discrimination. We do not sell personal information.

To exercise any right, email ben@u4ria.dev. We will verify your identity and respond within one month.

14. Cookies and tracking

Our website does not use tracking or advertising cookies. We use only strictly-necessary cookies required for the site to function. No consent banner is required as no non-essential cookies are set.

15. Children

Our services are directed at businesses. We do not knowingly collect personal data from anyone under 18. If you believe a child has given us personal data, contact ben@u4ria.dev and we will delete it promptly.

16. Independent contractors

Some of the people who deliver our services are independent contractors, not employees. We process their data only for project delivery, payment, and compliance purposes.

17. Changes

We will update this policy when our services, sub-processors, or the law change. Material changes will be highlighted at the top of this page, and we will notify active clients by email.

18. Governing law

This policy is governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction.

19. Contact

U4RIA AI LTD

Registered in England and Wales — Company No. 16512170

London, United Kingdom

Data Protection contact: ben@u4ria.dev

You also have the right to complain to the UK Information Commissioner's Office at ico.org.uk.