Plain English summary: We collect only what we need to respond to your enquiry and deliver our services. We never sell your data. You can ask us to delete everything at any time by emailing hello@langfordailabs.com.
1. Who We Are
Langford AI Labs Ltd ("we", "us", "our") is the data controller responsible for your personal data. We are a UK-based artificial intelligence agency that designs and deploys AI chatbots, voice agents, lead generation systems, and business automation solutions.
Registered name: Langford AI Labs Ltd
Website: langfordailabs.com
Contact email: hello@langfordailabs.com
This Privacy Policy applies to all personal data we collect through our website, contact form, email communications, and in the course of delivering our services to clients.
2. Data We Collect
We collect only the minimum data necessary to operate our business. Here is what we collect and why:
Data you give us directly
- Contact form submissions: First name, last name, email address, company name, service of interest, and the message you write to us.
- Email correspondence: Any information you include in emails you send to us.
- Booking data: If you book a call via Google Calendar, Google collects your name and email address. Please see Google's privacy policy for details.
- Client project data: If you become a client, we may collect business information, login credentials to agreed platforms, and project-related content you share with us.
Data collected automatically
- Analytics: If we use analytics tools, we may collect pages visited, time on site, device type, and approximate location (country/city level). No personally identifiable information is collected automatically.
- Cookies: We use essential cookies only. See Section 9 for full details.
Data we do NOT collect
- We do not collect payment card data directly (any payments are handled by third-party processors).
- We do not collect sensitive personal data such as health information, ethnicity, or political views.
- We do not collect data from children under 16 years of age.
3. How We Use Your Data
We use your personal data for the following purposes only:
- To respond to your enquiry submitted via our contact form or email
- To schedule and conduct discovery calls you have requested
- To prepare and send proposals or quotes
- To deliver the AI services you have contracted us to build
- To send project updates and communicate during active engagements
- To improve our website and services based on usage patterns (anonymised data only)
- To comply with our legal obligations
We do not use your data for unsolicited marketing, profiling, or automated decision-making that produces legal or similarly significant effects on you.
4. Legal Basis for Processing (GDPR)
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we must have a valid legal basis for processing your personal data. We rely on the following bases:
- Legitimate interests — to respond to enquiries you have initiated and to improve our services. We have balanced this against your rights and are confident it does not override your privacy interests.
- Contractual necessity — to fulfil our obligations when you become a client and we have a contract in place.
- Legal obligation — where we are required by law to process your data (e.g., financial records for tax purposes).
- Consent — where we explicitly ask for your consent (e.g., subscribing to updates). You can withdraw consent at any time.
5. AI Systems & Third-Party AI Tools
As an AI agency, we use artificial intelligence tools in the course of building and delivering our services. We are committed to full transparency about this.
AI tools we may use in our work
- Large Language Models (LLMs) such as those provided by Anthropic (Claude) or OpenAI (GPT-4) may be used to build AI systems for clients or to assist in internal tasks like drafting communications.
- Voice AI platforms may be used when building inbound or outbound call agents for clients.
- Automation platforms such as Make.com or Zapier may be used to connect systems and route data.
How this affects your data
If your personal data (such as your name or enquiry details) is processed by a third-party AI tool as part of delivering our services to you, we will:
- Only share the minimum data necessary for that tool to function
- Ensure the tool provider has appropriate data processing agreements in place
- Inform you in advance if your data will be used to train any AI model — this will never happen without your explicit consent
We never sell your data to AI companies or any other third parties. Your information is used solely to serve you and fulfil our contractual obligations.
6. Third-Party Sharing
We do not sell, rent, or trade your personal data. We may share data with the following trusted third parties only where necessary:
- Google (Google Calendar, Google Workspace): Used for scheduling calls and email communication. Governed by Google's Privacy Policy.
- Netlify: Our website hosting provider. Form submissions are processed through Netlify's servers. Netlify is GDPR-compliant.
- Make.com / Zapier: Automation platforms used to route form data to internal tools such as Google Sheets. These platforms are GDPR-compliant.
- Payment processors: If applicable, payment data is handled directly by secure third-party processors. We never see or store your card details.
- Legal or regulatory authorities: We may disclose data if required by law, court order, or to protect the rights and safety of Langford AI Labs and its clients.
All third-party providers we work with are required to handle your data securely and in compliance with applicable data protection law.
7. Data Retention
We keep your personal data only for as long as is necessary for the purposes described in this policy:
- Enquiries & contact form data: Retained for 12 months from last contact. If you do not become a client, we delete your data after this period.
- Client project data: Retained for the duration of the contract plus 3 years, to comply with legal and financial obligations.
- Financial records: Retained for 7 years as required by HMRC regulations.
- Email correspondence: Retained for 2 years from the end of our business relationship.
You can request early deletion of your data at any time — see Section 8 for how to exercise this right.
8. Your Rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data. These rights are free to exercise and we will respond within 30 days.
Right to Access
Request a copy of all personal data we hold about you.
Right to Rectification
Ask us to correct any inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Object
Object to processing based on legitimate interests.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Restrict
Ask us to pause processing of your data in certain circumstances.
To exercise any of these rights, email us at hello@langfordailabs.com with your request. We will verify your identity and respond within 30 days.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.
9. Cookies
Cookies are small text files stored on your device when you visit our website. We keep our cookie use to an absolute minimum.
Cookies we use
- Essential cookies only: Our website uses only the cookies strictly necessary for basic website functionality (such as remembering your session if you interact with forms). These cannot be disabled as the site would not function without them.
Cookies we do NOT use
- We do not use tracking or advertising cookies
- We do not use third-party retargeting cookies
- We do not currently use analytics cookies (if this changes, we will update this policy and request consent)
You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.
10. Data Security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it, including:
- HTTPS encryption on all pages of our website (SSL certificate)
- Secure, access-controlled systems for storing client data
- Limiting access to personal data to team members who need it to perform their role
- Using trusted, GDPR-compliant third-party platforms for data storage and communication
- Regular review of our data handling practices
While we take every reasonable precaution, no method of transmission over the internet is 100% secure. If you believe your data has been compromised, please contact us immediately at hello@langfordailabs.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make significant changes, we will:
- Update the "Last updated" date at the top of this page
- Notify active clients by email if the changes materially affect how we handle their data
We encourage you to review this page periodically. Continued use of our website after changes are posted constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions about this Privacy Policy, want to exercise your rights, or have a concern about how we handle your data, please get in touch:
Langford AI Labs Ltd
Data Controller
Email: hello@langfordailabs.com
Website: langfordailabs.com
We aim to respond to all data-related requests within 30 days as required by UK GDPR.