Plain English. No fine print.

Reittech is a Cambridge, UK–based AI automation business run by Anna Reit and Nick Reit. We’re the “controller” under UK GDPR — that means we decide what data is collected and what happens to it. If you have any question or request that touches your personal data, just email hello@reittech.co.uk. There’s no privacy team to escalate to. It’s us.

When you submit the contact form on this site, we collect:

• Required: your name, email address, and your message.
• Optional: your company name and phone number.
• Automatic submission metadata: the date and time, the IP address you submitted from, your browser’s user-agent string, and which page on our site you submitted from. We use these only for spam control and audit — never for tracking.

If you become a client, we’ll handle additional data as part of delivering the project — but only ever after you’ve signed an NDA with us, and only what’s strictly needed to do the work.

We do not collect: your location beyond IP, browsing history, social media handles, or anything via cookies or third-party trackers (because we don’t use those).

• To reply to you. Lawful basis: legitimate interests — you sent us a message; we read it and write back. We can’t do that without your email.
• To deliver a project if you become a client. Lawful basis: contract — we need basic details to run the work and invoice for it.
• To meet legal obligations like UK tax/accounting record-keeping. Lawful basis: legal obligation — HMRC requires us to keep some financial records for seven years.

That’s the whole list. We don’t use your data for marketing, profiling, advertising, training models, or any other purpose. If we ever wanted to, we’d ask first.

Your contact-form data flows through these tools, all under written data-processing terms with us. None of them get access to it for their own purposes.

Some data may transit US infrastructure briefly during routing (Google’s global network). This is covered under Google’s UK adequacy mechanisms and Standard Contractual Clauses. We don’t use any other US-based processor without telling you.

• Contact-form submissions: 24 months from your last contact with us, then automatically purged from the Google Sheet. Or sooner if you ask us to delete.
• Project data (clients): deleted within 30 days of project close, except anything we’re legally required to keep.
• Accounting records: 7 years (HMRC requirement — we can’t shorten this one).
• Email correspondence: kept while we’re actively in touch, then archived for the same 24-month window.

You can ask us to delete sooner. If we have a legal reason we can’t (HMRC, ongoing contract), we’ll tell you exactly what and why.

This site sets no analytics cookies, no marketing cookies, and no fingerprinting scripts. We don’t use Google Analytics, Hotjar, Meta Pixel, or anything similar. We genuinely don’t know how many people visit any given page, and we’re fine with that.

The only cookies you might encounter are Cloudflare’s anti-DDoS / bot-mitigation cookies, which are essential for site security and don’t track behaviour. You can read Cloudflare’s policy at cloudflare.com/privacypolicy.

If we ever add analytics, we’ll add a cookie banner and ask consent. Right now we don’t need one, because there’s nothing to consent to.

• Access: ask for a copy of everything we hold about you.
• Rectification: tell us if anything we have is wrong, and we’ll fix it.
• Erasure: ask us to delete it. We’ll do so unless we’re legally required to keep it.
• Restriction: ask us to stop processing it for a while.
• Portability: get your data in a structured, machine-readable format you can take elsewhere.
• Objection: object to any of our processing, on grounds related to your particular situation.

To exercise any of these, email hello@reittech.co.uk. We aim to respond within 5 working days; the regulatory maximum is 30 days. There’s no charge for normal requests.

If you’re unhappy with how we’ve handled your data, you have the right to complain to the UK’s data protection regulator, the Information Commissioner’s Office (ICO), at ico.org.uk. We’d hope you’d come to us first — but it’s your right.

For prospective clients, we sign a mutual NDA before the Discovery call. That covers more than your personal data — it covers your business processes, pricing, internal documents, anything you share while we’re scoping a project. GDPR is the floor; the NDA is the ceiling.

The NDA template lives at our end (we’ll send it to you). It’s a standard mutual two-page agreement, no clever clauses. You can have your solicitor review it; most clients don’t bother.

We don’t knowingly collect or process personal data from anyone under 18. The contact form is intended for business owners and decision-makers. If we discover we’ve received data from a minor, we’ll delete it.

If we materially change anything on this page — new sub-processor, longer retention, anything that affects your rights — we’ll update the “last updated” date at the top, and we’ll email anyone we already have data for. Cosmetic edits and corrections won’t trigger a notification.

For anything in this policy — questions, requests, complaints, suggestions for clearer wording — email hello@reittech.co.uk. Anna or Nick will read it. We genuinely prefer to fix things ourselves before you escalate to the ICO.

Reittech · Cambridge, UK · hello@reittech.co.uk