QuickAIHQ Privacy Policy (UK GDPR Compliant)
Effective date: 31 May 2026
1. Introduction and Scope
This Privacy Policy explains how QuickAIHQ (referred to as "we", "us", or "our Agency") collects, uses, stores, and protects Personal Data.
This policy applies to data processed in two main contexts:
- Agency Data: Personal Data relating to our direct clients (you, the business owner) when you purchase our AI Audit service, submit our intake form, or visit our website.
- Newsletter and Directory Data: Email addresses and professional details collected when individuals subscribe to The AI Edge newsletter or are listed in the UK Founder's AI Toolkit directory at directory.quickaihq.com.
Our processing activities are governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
QuickAIHQ is a trading name of Holistic IIUniverse Ltd (Company No 11302315), a company registered in England and Wales.
2. Definitions of Legal Roles
In the context of the services we provide, the following roles are defined under UK GDPR:
| Role | Definition | Our Relationship |
|---|---|---|
| Data Controller (Our Client) | The business that determines the purposes and means of processing Personal Data. | Our client is the Controller of the business information they provide in the intake form. |
| Data Processor (QuickAIHQ) | The entity that processes Personal Data on behalf of the Controller. | We act as the Data Processor when analysing intake form data to produce the AI Opportunity Report and UK AI Compliance Pack, processing data strictly according to the client's instructions. |
| Data Controller (QuickAIHQ — for Agency Data) | For data about our direct clients (name, email, payment records) and website visitors, QuickAIHQ acts as the Data Controller. | QuickAIHQ acts as the Data Controller. |
3. Personal Data We Collect
We collect and process the following categories of Personal Data:
3.1 Audit Client Data (Data about QuickAIHQ clients)
- Identity and Contact Data: Name, business name, email address.
- Payment Data: Payment confirmation via Stripe (we do not store card details).
- Technical Data: IP address, browser type, and website usage data collected via Google Analytics.
- Intake Form Data: Business operational information, current tool stack, and workflow details provided voluntarily by the client to enable delivery of the AI Audit service.
3.2 Newsletter Subscriber Data
When individuals subscribe to The AI Edge newsletter via Beehiiv, we collect their email address and, if provided voluntarily, their first name. This data is used solely to send the newsletter and is processed on the basis of consent. Subscribers may unsubscribe at any time via the link in every email.
3.3 Directory Data
The UK Founder's AI Toolkit at directory.quickaihq.com lists publicly available business information. No personal data beyond business name and website is collected or stored in the directory.
4. How We Use Personal Data
We use Personal Data only as necessary to provide, maintain, and improve our services. We do not sell any Personal Data.
4.1 Delivering the AI Audit Service
- Intake form processing: Analysing the information you provide to produce your AI Opportunity Report and UK AI Compliance Pack.
- Service communication: Sending your completed report and compliance pack, and responding to follow-up questions by email.
- Payment administration: Confirming payment and issuing invoices on request.
4.2 Website and Analytics
We use Google Analytics to understand how visitors use quickaihq.com. Google Analytics uses cookies to collect anonymised data including pages visited, time on site, and browser type. This data is used to improve the website and is not linked to individual identities. See Section 8 for cookie details.
4.3 Newsletter
Sending The AI Edge newsletter to subscribers who have given explicit consent via Beehiiv. Each email includes an unsubscribe link.
5. Third-Party Service Providers
We engage the following trusted third-party processors to deliver our services. Each operates under a Data Processing Agreement and stores data within the UK or European Economic Area unless otherwise stated:
| Provider | Purpose | Data Location |
|---|---|---|
| Tally | Intake form collection and submission | EU hosted — GDPR compliant |
| Anthropic (Claude — paid plan) | AI-assisted analysis of intake form data to produce audit reports | EU/UK processing available via AWS Bedrock — DPA in place |
| Google Workspace (Docs and Sheets) | Report drafting and document storage | EU/UK data residency available — DPA in place |
| Fastmail | Client email communications | Austria (EU) hosted — GDPR compliant |
| Stripe | Payment processing | EU data residency — DPA in place |
| Beehiiv | Newsletter distribution and subscriber management | US hosted — Standard Contractual Clauses in place |
| Google Analytics | Website analytics | US hosted — Standard Contractual Clauses in place. Anonymised data only. |
| Vercel | Website hosting for quickaihq.com | EU region available — processes standard web server logs |
| GitHub | Website code hosting | US hosted — processes no personal client data directly |
| Canva | Image and design creation | Does not process client personal data |
| Directify | Directory hosting for directory.quickaihq.com | Processes publicly listed business information only |
Important note: QuickAIHQ uses only paid, DPA-covered AI tools when processing client personal data. Free versions of AI tools, which do not provide Data Processing Agreements, are not used for any client data.
6. Legal Basis for Processing
We process Personal Data under the following legal bases:
- Contractual Necessity: To deliver the AI Audit service you have purchased. This is our primary basis for processing intake form data and payment records. Where services are requested via the intake form, consent is also collected explicitly via a checkbox at the point of submission.
- Consent: For newsletter subscriptions and the use of non-essential cookies. You may withdraw consent at any time without affecting prior processing.
- Legitimate Interests: For website analytics using anonymised Google Analytics data, where our interest in improving the website is balanced against minimal impact on visitor privacy.
- Legal Obligation: To comply with applicable laws and regulations, including financial record-keeping obligations.
7. Data Retention and Security
Retention: Audit client data (intake form responses and report documents) is retained for 24 months after delivery of the service, then permanently deleted. Payment records are retained for 7 years to comply with UK financial record-keeping obligations. Newsletter subscriber data is retained for as long as the subscriber remains active. Unsubscribed contacts are deleted within 30 days. Website analytics data is retained for 26 months in Google Analytics, in anonymised and aggregated form.
Security: We implement appropriate technical and organisational measures to protect Personal Data, including encrypted storage, access controls, and use of only GDPR-compliant, DPA-covered tools for processing client data.
8. Cookies and Tracking
quickaihq.com uses the following cookies:
- Essential cookies: Required for the website to function. These cannot be disabled.
- Analytics cookies: We use Google Analytics to collect anonymised data about website usage. These cookies are only set with your consent. You can accept or decline analytics cookies via the cookie consent banner when you first visit the site.
We do not use advertising cookies or share cookie data with third parties for marketing purposes.
To manage your cookie preferences after your initial choice, clear your browser cookies and revisit the site, or adjust your browser settings.
9. Your Data Protection Rights
Under UK GDPR, you have the following rights:
- Right to Access: Request copies of your Personal Data.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your data in certain circumstances.
- Right to Restrict Processing: Request limitation of processing.
- Right to Data Portability: Request transfer of your data.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, email contact@quickaihq.com. We will respond within one calendar month.
For newsletter unsubscribes, use the unsubscribe link in any email or contact us directly.
10. International Data Transfers
Some of our third-party providers store data outside the UK or EEA (notably Beehiiv, Stripe, and Google Analytics). Where this occurs, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), to ensure your data receives an equivalent level of protection.
11. Contact Us and Complaints
For any questions about this Privacy Policy or to exercise your data protection rights, please contact:
Email: contact@quickaihq.com
Address: QuickAIHQ, 4 Craven Hill Gardens, W2 3ES, London, United Kingdom
Data Controller: Iulia Ilas, trading as QuickAIHQ (Holistic IIUniverse Ltd, Company No 11302315)
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk | 0303 123 1113
12. Changes to This Policy
We will update this policy when our data practices change. The effective date at the top of this page reflects the most recent update. Where changes are material, we will notify active clients by email.