Privacy Policy

Effective Date: January 1, 2025
Last Updated: June 2025
Your privacy is not just important to us — it's foundational to how we run our business.
Who we Are
Decode & Grow Ltd is a UK-based consultancy helping business owners automate systems and scale without admin chaos. We provide business process automation, systems architecture, and operational consulting services to SMEs across the UK and internationally.

Data Controller: Decode & Grow Ltd
Company Number: 16814320 (Registered in England and Wales)
ICO Registration Number: ZC120811
Privacy contact: info@decodengrow — for any data protection query, please put "Privacy" in the subject line so it reaches the right person promptly.

We have not appointed a formal Data Protection Officer (DPO), as this is not currently required for a business of our size and processing activities. Our founder, Daria Gavrilova, is the designated privacy contact.
YOU:
Information You Provide Directly
- Name and email address
- Phone number
- Company name, size, and industry
- Website URL
- Payment details (collected and processed by Stripe — we do not store full card details ourselves)
- Information submitted through our contact/enquiry forms
- Any information you send us by email or during consultations
WE:
Information We Collect Automatically
- Website usage data (pages visited, time on site, navigation paths)
- Device and browser type
- IP address
- Referring URLs
- Cookies for performance, functionality, and analytics (see our [Cookie Policy] for full detail)
AI:
Information Processed Through AI Tools
As part of delivering our services, some of the information above may be processed using third-party AI tools (see Section 6, "AI Use Disclosure," below).
WE:
We do not knowingly collect personal data from children under 16.
Our services are directed at businesses and business decision-makers, not consumers or minors. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.
Why We Collect It — and Our Legal Basis UK GDPR requires us to state the legal basis for each way we use your data. Here's the breakdown:
PURPOSE
WHAT THIS COVERS
LEGAL BASIS
Delivering services
Building automations, systems, reports, and deliverables you've engaged us for
Contract
Necessary to perform our agreement with you
Responding to enquiries
Replying to forms, emails, consultation bookings
Legitimate interest
Core to running the business
Processing payments
Invoicing and payment via Stripe
Contract, Legal obligation
Accounting and tax records
Website improvement
Analytics, usage patterns
Consent, Legitimate interest
Consent for non-essential cookies; legitimate interest for essential analytics
Sending updates
Newsletters, marketing emails
Consent
Only if you've opted in — withdraw at any time
Legal compliance
Tax records, responding to lawful requests from authorities
Legal obligation
We do not sell or share your data with third parties for marketing purposes. Ever.
How Long We Keep Your Data
DATA TYPE
RETENTION PERIOD
WHY
Client / contract data
3 years
after contract ends
Post-engagement queries, disputes, or follow-on work — in line with standard UK limitation periods for contract claims
Financial / invoicing records
6 years
UK statutory requirement under HMRC record-keeping rules
Lead / enquiry datano contract signed
12 months
from last contact, unless opted in to marketing
If we haven't heard from you in a year, we assume you're no longer interested and delete the record
Marketing / newsletter subscribers
Until unsubscribe
or 24 months of inactivity, whichever is sooner
Keeps our list current and avoids holding stale data
Website analytics data
14 months
Google Analytics default
Platform default setting; aggregated where possible
After these periods, your data is securely deleted or anonymised. To request earlier deletion, see Section 8 — Your Rights.
Encryption
All sensitive data is encrypted in transit and at rest.
Access Controls
Strict permissions limit who can view your data. Currently, access is limited to our founder, business partner, and vetted staff/contractors, each bound by signed confidentiality agreements.
Secure Storage
We use enterprise-grade cloud services with robust security standards.
AI Use Disclosure
We use AI tools as part of delivering our consulting and automation services. Here's exactly what that means in practice:
  • What we use
    Tools such as OpenAI's API/ChatGPT and similar AI systems, integrated into automations we build (often via Make.com) or used directly in our own workflow.
  • What data may pass through them
    Depending on the project, this can include business information, lead/contact details, and content you or your business has provided to us, where AI assistance is part of the agreed service (e.g. drafting, summarising, classifying, or matching information).
  • Human oversight
    AI tools assist and draft — they do not make final decisions about you or your data on our behalf. A human always reviews and approves outputs before they're acted on or delivered. We do not use AI to make automated decisions that produce legal effects or similarly significantly affect individuals without meaningful human review.
  • Data handling by AI providers
    Our AI providers process data under their own enterprise/API terms, which typically exclude using submitted data to train their general models. We do not control these providers' infrastructure directly, but we select providers with appropriate data protection commitments and do not submit special category data (e.g. health, biometric data) to AI tools without a specific, separate lawful basis and safeguard in place.
  • Your right to object
    If you do not want your data processed via AI tools as part of a specific engagement, let us know and we will discuss alternative, fully human-led handling where feasible.
If our use of AI tools changes materially, we will update this section and, where appropriate, notify clients directly.
Third-Party Services
We work with the following providers to deliver our services. All are required to handle data securely and in line with data protection law.
  • Make.com
    Workflow automation
    Operations
  • Google Analytics (GA4)
    Website analytics
    Analytics
  • Notion
    CRM & content management
    Operations
  • OpenAI
    AI-assisted service delivery
    AI tools
  • Stripe
    Payment processing
    Payments
  • Perplexity
    AI-assisted service delivery
    AI tools
  • Anthropic (Claude)
    AI-assisted service delivery
    AI tools
International data transfers
Some of our third-party providers (including those listed above) may store or process data outside the UK and EEA, including in the United States. Where this happens, we rely on appropriate safeguards required under UK GDPR, such as the UK International Data Transfer Addendum (IDTA) or the provider's participation in a recognised adequacy framework (e.g. the UK-US Data Bridge, where applicable). You can request details of the specific safeguard used for any provider by contacting us.
If you are a client or lead based outside the UK, your data may be transferred to and processed in the UK and other countries as set out above.
Your Rights
Under UK GDPR, you have the right to:
  • Access your data
    request a copy of all information we hold about you
    1
  • Correct your data
    fix anything inaccurate or incomplete
    2
  • Delete your data
    request erasure, where applicable
    3
  • Restrict or object to processing
    limit how we use your data, or object to certain uses (e.g. marketing)
    4
  • Data portability
    receive your data in a portable format, where technically feasible
    5
  • Withdraw consent
    opt out of consent-based processing (e.g. marketing emails) at any time
    6
Changes to This Policy

We may update this policy from time to time. When we do, we will:
- Revise the Effective Date at the top
- Post the updated version on this page
- Notify you by email if changes are material

We recommend reviewing this page periodically.
Contact Us
LEGAL
© 2025 Decode&Grow
Registered in England and Wales. Company Number 16814320
Registered with the Information Commissioner’s Office – Registration No. ZC120811

© Decode&Grow. All rights reserved
Made on
Tilda