QuickAIHQ Privacy Policy (UK GDPR Compliant)
Effective Date: April 6, 2026
1. Introduction and Scope
This Privacy Policy explains how QuickAIHQ (referred to as "we," "us," or "our Agency") collects, uses, stores, and protects Personal Data.
This policy applies to data processed in two main contexts:
- Agency Data: Personal Data relating to our direct clients (you, the business owner) when you sign up for our services, manage your account, or visit our website.
- Client Campaign Data: Personal Data processed during lifecycle marketing campaigns on behalf of our clients (the Data Controllers), including customer names, email addresses, and campaign interaction data.
Our processing activities are governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
2. Definitions of Legal Roles
In the context of the services we provide, the following roles are defined under UK GDPR:
| Role | Definition | Our Relationship |
|---|---|---|
| Data Controller (Our Client) | The business that determines the purposes and means of processing Personal Data. | Our client is the Controller of their customer data used in lifecycle marketing campaigns. |
| Data Processor (QuickAIHQ) | The entity that processes Personal Data on behalf of the Controller. | We act as the Data Processor, sending emails and managing campaigns strictly according to our client's instructions. |
For all Agency Data (data about you, our direct client), QuickAIHQ acts as the Data Controller.
3. Personal Data We Collect
We collect and process the following categories of Personal Data:
3.1. Agency Data (Data about QuickAIHQ Clients)
- Identity & Contact Data: Name, business name, address, email, phone number.
- Financial & Billing Data: Payment details (via secure payment processor), invoice history, subscription plan.
- Technical Data: Login credentials, IP address, browser type, and platform usage data.
3.2. Client Campaign Data
This data is processed by us on behalf of our clients (the Data Controllers) for lifecycle marketing campaigns:
- Customer Contact Information: Names and email addresses provided by the client.
- Campaign Interaction Data: Email opens, clicks, and engagement actions.
- Opt-out Records: Unsubscribe requests and preferences.
- Data Deletion: Customer contact information provided by our clients is permanently deleted within 14 days of the final campaign report being delivered.
4. How We Use Personal Data
We use Personal Data only as necessary to provide, maintain, and improve our services. We do not sell any Personal Data.
4.1. Processing Client Campaign Data
- Campaign Delivery: Sending lifecycle marketing emails on behalf of our clients.
- Performance Tracking: Monitoring campaign metrics (opens, clicks, conversions) to report results.
- Opt-out Management: Processing and honouring unsubscribe requests immediately.
4.2. Third-Party Service Providers
We engage trusted third-party providers to deliver our services:
- Email Service Providers: For sending and tracking campaign emails.
- Payment Processors: Secure payment handling (e.g., Stripe).
- Cloud Hosting: Secure data storage within UK/EEA.
5. Legal Basis for Processing
We process Personal Data under the following legal bases:
- Contractual Necessity: To provide services you have purchased.
- Legitimate Interests: For existing customer communications on behalf of our clients, where customers have a reasonable expectation of hearing from the business. This applies to B2B communications and to customer reactivation and retention campaigns where a prior commercial relationship exists.
- Legal Obligation: To comply with applicable laws and regulations.
6. Data Retention and Security
Retention: We retain Agency Data (data about you, our direct client) for as long as necessary to fulfil the purposes for which it was collected, for the duration of our service agreement, plus any legally required period. Client Campaign Data (customer data provided by our clients for lifecycle marketing campaigns) is permanently deleted within 14 days of the final campaign report being delivered to the client. Campaign performance data (opens, clicks, conversions) is retained in anonymised, aggregated form and cannot be linked back to individual customers.
Security: We implement appropriate security measures including encryption, access controls, and secure infrastructure to protect Personal Data.
7. Your Data Protection Rights
Under UK GDPR, you have the following rights:
- Right to Access: Request copies of your Personal Data.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your data in certain circumstances.
- Right to Restrict Processing: Request limitation of processing.
- Right to Data Portability: Request transfer of your data.
- Right to Object: Object to processing based on legitimate interests.
For customers receiving lifecycle marketing emails: You can unsubscribe at any time using the link in any email, or contact the sending business directly.
8. Contact Us
For any questions about this Privacy Policy or to exercise your data protection rights, please contact us:
Email: contact@quickaihq.com
Address: QuickAIHQ, 4 Craven Hill Gardens, W2 3ES, London, United Kingdom
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.