Privacy Policy
Decode & Grow Ltd — Effective date: May 2025 • ICO Registration: ZB915483
At Decode & Grow, your privacy is not just important — it's foundational to how we run our business. This Privacy Policy explains who we are, what personal data we collect, why we collect it, which tools process it (including AI tools), how long we keep it, and what rights you have.
Section 1
Who We Are
Decode & Grow Ltd is a UK-based consultancy helping business owners automate systems and scale without admin chaos. We are registered with the Information Commissioner's Office (ICO) under registration number ZB915483.
As a data controller, we are responsible for deciding how and why your personal data is processed.
Get in Touch
For any privacy-related queries, contact us directly:
📧 info@decodengrow.com
ICO Reg: ZB915483
Section 2
What Data We Collect
Information You Provide Directly
- Name and email address
- Phone number
- Company information (name, website, size, industry)
- Payment details (processed via Stripe or Tide Bank — we do not store card details)
- Information submitted via enquiry forms, email or offline events
- Content of client calls (transcripts only — see Section 6)
Information Collected Automatically
Our website is hosted on Gamma. We do not install analytics, advertising, or tracking tools:
- No Google Analytics
- No Facebook Pixel
- No tag managers
Basic server-level logs (such as IP address and page requests) may be collected by Gamma as part of standard hosting operations.
Section 3
Why We Collect It & Our Lawful Basis
We only process personal data where we have a lawful basis to do so under UK GDPR Article 6. The table below sets out our purposes and corresponding legal grounds.
We do not use your data for automated decision-making that produces legal or significant effects on you. All AI-assisted outputs are reviewed by a human.
Section 4
AI Tools We Use
We use artificial intelligence tools to support our work. In line with our transparency obligations under UK GDPR and the EU AI Act (Article 50), we disclose the following:
AI-generated or AI-assisted content (such as drafted emails) is always reviewed by a human at Decode & Grow before being sent to you. We do not rely solely on AI for decisions that affect you. Each provider is bound by their own privacy policy and data processing agreements. We only work with providers who offer appropriate data protection safeguards.
Section 5
How We Store & Protect Your Data
Your data is stored in Notion, a cloud-based platform with enterprise-grade security. We apply the following measures:
Encryption
Encryption in transit (HTTPS/TLS) and at rest to protect your data at every stage.
Access Controls
Only authorised individuals at Decode & Grow can view your personal data.
No Card Storage
We do not store payment card details — all payment processing is handled by Stripe or Tide Bank.
Quarterly Reviews
We review which tools have access to personal data to minimise exposure on a quarterly basis.
Section 6
Call Recording & Transcription
We use Notion AI to generate written transcripts of client calls. The following applies:
This process ensures your call content is handled transparently and with your explicit consent at every stage.
If you do not wish your call to be transcribed, please let us know before or at the start of the call and we will not enable transcription. You may request deletion of your transcript at any time by contacting info@decodengrow.com.
Section 7
International Data Transfers
Some of the AI tools we use — including OpenAI, Google Gemini, Perplexity, and Make.com — process data on servers outside the United Kingdom, including in the United States.
We only use providers that offer appropriate safeguards for international transfers, such as:
- UK-approved standard contractual clauses (SCCs)
- Adequacy decisions recognised under UK GDPR
- Binding corporate rules or equivalent mechanisms
You can request details of the specific safeguards in place for any tool by contacting info@decodengrow.com.
Our Commitment
We never transfer your data internationally without ensuring appropriate legal safeguards are in place. Your rights under UK GDPR are protected regardless of where data is processed.
Section 8
How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes for which it was collected. After the relevant period, data is securely deleted or anonymised.
Section 9
Cookies
Our website uses only technically necessary cookies required for the site to function. We do not use analytics, advertising, preference, or tracking cookies of any kind.
No Google Analytics
We do not track your browsing behaviour or collect analytics data.
No Facebook Pixel or Advertising Tags
We do not run retargeting or advertising campaigns using your data.
No Third-Party Tracking Scripts
No external scripts are loaded that could track your activity across the web.
Because we only use strictly necessary cookies, no cookie consent banner is legally required. If this changes in future, we will update this policy and add a consent mechanism.
Section 10
Third-Party Services
We use the following trusted platforms to operate our services. Each has its own privacy policy. We do not sell or share your personal data with third parties for marketing. Ever.
Section 11
Your Rights
Under UK GDPR, you have the following rights regarding your personal data. To exercise any of these rights, email info@decodengrow.com. We will respond within 30 days. There is no charge for making a request.
Right of Access
Request a copy of all information we hold about you.
Right to Rectification
Correct inaccurate or incomplete information we hold.
Right to Erasure
Request deletion of your data where there is no overriding reason to retain it.
Right to Withdraw Consent
At any time, without affecting the lawfulness of prior processing.
Right to Object
Object to processing based on legitimate interest.
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Restrict Processing
Ask us to pause processing in certain circumstances.
Section 12
Changes to This Policy
We may update this policy from time to time to reflect changes in our practices, tools, or legal requirements. When we do:
01
Effective Date Updated
We will update the effective date at the top of this document.
02
Client Notification
If the changes are material, we will notify active clients by email.
03
Always Available Online
The latest version will always be available at decodengrow.com/privacy-policy.
Decode & Grow Ltd
Registered in the UK
ICO Registration: ZB915483
📧 info@decodengrow.com
🌐 decodengrow.com/privacy-policy
Section 13
AI Readiness Assessment & Consent
Our AI Readiness Assessment helps you evaluate your business operations, processes, and current technology use through a questionnaire of approximately 70 questions. Based on your responses, a personalised AI Readiness Report is automatically generated and delivered to you.
We collect two separate consents within the questionnaire, in line with UK GDPR requirements for specific and granular consent:
1
Consent 1 — AI Processing
Permission for your questionnaire responses to be processed by Notion AI in order to analyse your answers.
2
Consent 2 — Report Generation & Delivery
Permission for Notion AI to generate your personalised report and for it to be automatically delivered to your email address.
You may withdraw either consent at any point before submitting the questionnaire. Once the report has been generated and sent, it cannot be unsent, but you may request deletion of your underlying data at any time by contacting info@decodengrow.com.
Important: Your AI Readiness Report is generated automatically by Notion AI and is not reviewed by a human at Decode & Grow before delivery. In line with EU AI Act Article 50 transparency obligations, we are required to make this clear. The report is intended as a guidance tool only and does not constitute professional, legal, or compliance advice. If you would like a human review of your results, please contact info@decodengrow.com.
Data collected through the assessment (your questionnaire responses and contact details) is processed solely for the purpose of generating your report. It is not used for marketing unless you separately opt in. Responses are stored in Notion and subject to the retention periods set out in Section 8.