PRIVACY POLICY

Brainqub3, a consulting brand of DATA-CENTRIC SOLUTIONS LTD

Last updated: 21 June 2026

1. ABOUT THIS PRIVACY POLICY

This Privacy Policy explains how DATA-CENTRIC SOLUTIONS LTD, trading through the Brainqub3 brand, collects, uses, stores, shares and protects personal data.

This policy applies to:

  • the website at brainqub3.com and associated pages, forms, resource downloads and booking flows;
  • enquiries, lead magnet downloads, discovery call bookings and marketing interactions;
  • sales, consultancy, enablement, workshops, custom AI engineering work and fractional CTO services;
  • personal data we handle as a controller for our own business purposes.

When we process personal data on behalf of a client as part of a client project, such as personal data contained in a client dataset, workflow, knowledge base, CRM, internal system, code repository, prompt, evaluation set, transcript or production AI agent, we will usually act as the client's processor. In that situation, the client is normally the controller and the processing is governed by our contract, statement of work and, where applicable, data processing agreement with that client. The client's own privacy notice should explain how it uses personal data in its business or service.

2. WHO WE ARE

The controller for the personal data covered by this policy is:

DATA-CENTRIC SOLUTIONS LTD

Company number: 14829432

Trading brand: Brainqub3

Registered in England & Wales

Registered office: 86-90 Paul Street, London, EC2A 4NE, United Kingdom

Website: brainqub3.com

Email: info@brainqub3.com

In this policy, "Brainqub3", "we", "us" and "our" refer to DATA-CENTRIC SOLUTIONS LTD trading as Brainqub3.

3. THE SERVICES WE PROVIDE

We are an AI engineering consultancy. We provide services including custom AI agent and automation builds, AI enablement, workshops, implementation support, technical strategy and fractional CTO services.

Because of the nature of these services, we may process business contact information, project information, operational requirements, workflow information and, where a client instructs us to do so, data contained in client systems or datasets. We aim to collect only what is relevant and necessary for the purpose in question.

4. PERSONAL DATA WE COLLECT

4.1 Information you give us directly

We may collect personal data when you:

  • visit our website;
  • complete a form;
  • download a lead magnet, playbook, guide, blueprint or other resource;
  • book a discovery call;
  • attend a discovery call, workshop, enablement session or meeting;
  • contact us by email, phone, website form, social media, messaging tool or other channel;
  • become a client, supplier, partner or prospective client;
  • send us project materials or grant access to systems for a project.

This may include:

  • name;
  • business email address;
  • telephone number;
  • company name;
  • job title, occupation, role or seniority;
  • industry;
  • company website or professional profile;
  • your stated AI goals, desired outcomes, current stage, project requirements, use case information and implementation challenges;
  • information about a dataset, workflow, tool stack, process, system or technical environment you have in mind;
  • how you found us, referral source, campaign source or UTM information;
  • meeting availability, booking details and calendar information;
  • communications, notes, call summaries, messages, attachments and feedback;
  • marketing preferences and unsubscribe records;
  • contract, invoice and payment administration information;
  • any other information you choose to provide.

Please do not provide special category personal data, criminal offence data, confidential third party personal data or personal data you are not authorised to share unless we have expressly agreed this in writing and there is a clear lawful basis for doing so.

4.2 Discovery call and preparation information

If you book a discovery call, we collect information to understand whether and how we may be able to help, to prepare for the call and to follow up afterwards. This may include your contact details, company information, the outcome you want to achieve with AI, your current project stage, your dataset or workflow readiness, your role, your industry and any further information you provide in the booking flow or during the call.

If a call is recorded, transcribed or summarised using an AI or automation tool, we will tell you at or before the point where that recording or transcription is taken, unless the processing is purely manual note-taking. You may object to a recording. We may still keep manual notes where necessary for our legitimate business purposes.

4.3 Lead magnet and resource download information

If you request a resource, such as a playbook, guide, checklist, blueprint or other lead magnet, we collect the information required to provide that resource and to understand your business interest. We may use this information for sales follow-up, lead qualification, CRM administration, segmentation and related business-to-business marketing, subject to your rights and applicable rules on direct marketing.

Submitting a resource form does not mean you have to buy anything. You can opt out of marketing communications at any time.

4.4 Website, device and analytics information

When you use our website, we and our service providers may process technical information needed to deliver, secure, maintain and improve the website. This may include:

  • IP address and approximate location derived from it, where processed by hosting, security or logging systems;
  • browser type and version;
  • device type;
  • operating system;
  • pages visited;
  • referrers;
  • date and time of visits;
  • interactions with forms, buttons, embedded content or resources;
  • campaign, source, medium and UTM parameters;
  • error logs and diagnostic information;
  • cookie or consent preference information, where applicable.

We use Vercel Web Analytics to understand page activity and improve the website. Vercel Web Analytics is designed to provide aggregated website analytics and, by default, does not use cookies or associate page view data with an individual visitor or IP address. We may also use technical logs and security tools that process personal data for website delivery, fraud prevention and security.

Where analytics information is anonymous and cannot identify or re-identify an individual, it is not personal data. Where website, device, analytics or log information is personal data, we process it in line with this policy.

4.5 Information from third parties and public sources

For business-to-business sales and relationship management, we may receive or collect limited professional information about you from third parties or public sources, such as referrals, your employer's website, public company pages, LinkedIn or other professional platforms. This may include your role, employer, professional contact details and business context.

We use this information only where relevant to our services and where we have a lawful basis to do so.

4.6 Client project data

For consultancy, workshops, enablement, custom AI builds, production agent work and fractional CTO services, clients may provide information about their teams, users, customers, suppliers, workflows, documents, datasets, systems, prompts, logs, outputs, call transcripts, integrations, tools or business processes.

Where this information contains personal data, we process it according to the role we have in the relevant engagement:

  • if we decide why and how the data is processed for our own purposes, we act as controller and this policy applies;
  • if we process the data only on the client's documented instructions, we act as processor and the relevant client contract and data processing agreement apply.

Unless agreed in writing, clients should not provide personal data that is not necessary for the project. Clients remain responsible for ensuring they have an appropriate lawful basis, transparency notice and authority to share personal data with us for the engagement.

5. SPECIAL CATEGORY DATA

We do not intentionally collect special category data through our website or standard sales forms. Special category data includes information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, sex life or sexual orientation.

We also do not intentionally collect criminal offence data through our website or standard sales forms.

If you provide such information without being asked, we may delete it, restrict it, return it or process it only to the extent necessary to deal with the matter and comply with the law. If a client project requires special category or criminal offence data to be processed, this must be agreed in writing in advance and supported by appropriate contractual, technical and organisational safeguards.

6. HOW WE USE PERSONAL DATA AND OUR LAWFUL BASES

We process personal data only where we have a lawful basis under UK data protection law. The lawful bases we most commonly rely on are:

  • contract, where processing is necessary to perform a contract with you or take steps at your request before entering into a contract;
  • legitimate interests, where processing is necessary for our business or a third party's business interests and those interests are not overridden by your rights and freedoms;
  • consent, where you have given clear consent and can withdraw it at any time;
  • legal obligation, where we must process data to comply with the law.

The main purposes for which we process personal data are set out below.

6.1 Responding to enquiries

We use contact details, message content and business context to respond to enquiries, answer questions, provide requested information and manage follow-up.

Lawful basis: legitimate interests and, where the enquiry relates to a potential contract, contract.

Our legitimate interests: communicating with people who contact us, understanding business requirements and developing appropriate proposals.

6.2 Providing lead magnets and resources

We use form information to deliver requested resources, confirm delivery, prevent abuse of forms, record your interest and understand which content is useful.

Lawful basis: contract or legitimate interests.

Our legitimate interests: providing requested business resources, measuring content performance, managing leads and improving our materials.

6.3 Sales follow-up, lead qualification and CRM administration

We use contact details, company information, stated interests, form responses, meeting notes, public professional information and CRM records to assess whether our services are relevant, prioritise follow-up, maintain accurate records and contact business prospects.

Lawful basis: legitimate interests. Where consent is required for a particular form of direct marketing, we rely on consent or another applicable permission under the Privacy and Electronic Communications Regulations 2003.

Our legitimate interests: business development, maintaining a sales pipeline, avoiding irrelevant outreach, preparing appropriate proposals and growing our consultancy.

6.4 Discovery call preparation and follow-up

We use booking information, form responses, call notes and communications to prepare for discovery calls, tailor the conversation, understand your business context, send follow-up materials and decide whether we can help.

Lawful basis: legitimate interests and contract.

Our legitimate interests: preparing properly for meetings, providing relevant advice and avoiding wasted time for both parties.

6.5 Delivering consultancy, workshops, enablement, custom builds and fractional CTO services

We use client and project information to deliver services, manage engagements, create deliverables, build or configure systems, run workshops, provide advice, test and evaluate outputs, document work and communicate with client stakeholders.

Lawful basis: contract, legitimate interests and legal obligation where applicable.

Our legitimate interests: delivering professional services, managing projects, maintaining quality, resolving issues and keeping appropriate records.

6.6 AI automations and internal workflow support

We may use AI systems and automation tools to support internal workflows, such as CRM routing, lead qualification, meeting preparation, call or email summarisation, proposal drafting, task creation, document organisation, research support, internal quality review and project administration.

Where these tools process personal data, we use only the data reasonably necessary for the task. We apply human review where outputs affect meaningful decisions. We do not make decisions based solely on automated processing that produce legal or similarly significant effects on individuals.

Lawful basis: legitimate interests, contract or legal obligation depending on the context.

Our legitimate interests: running efficient operations, reducing manual administration, improving response quality and preparing better for client work.

6.7 Website analytics, performance and improvement

We use analytics and technical information to understand how the website is used, which pages and resources are useful, where visitors come from, how forms perform and how to improve website content and user experience.

Lawful basis: legitimate interests where the data is personal data and the technology does not require consent. Consent where required for non-essential cookies or similar technologies under the Privacy and Electronic Communications Regulations 2003.

Our legitimate interests: maintaining and improving the website, understanding aggregate usage and making our content more useful.

6.8 Security, fraud prevention and abuse prevention

We use technical logs, IP addresses, form submission information, anti-spam checks, hCaptcha or similar verification tools, access logs and system data to protect our website, services, systems, client data and business from spam, fraud, misuse, security threats and unauthorised access.

Lawful basis: legitimate interests and legal obligation where applicable.

Our legitimate interests: keeping our systems and data secure, preventing abuse and protecting clients, prospects and our business.

6.9 Direct marketing

We may send business-to-business marketing about our services, resources, events, workshops, insights or related content where permitted by law. We may do this using business contact details you provide, details collected from business interactions, or limited professional details from public sources or referrals.

Lawful basis under UK GDPR: legitimate interests or consent, depending on the context.

Where the Privacy and Electronic Communications Regulations 2003 apply, we comply with the relevant rules for electronic mail, telephone calls and other channels. For individual subscribers, such as sole traders and some partnerships, we will use consent or the soft opt-in where available. For corporate subscribers, such as companies and LLPs, we may contact business email addresses where permitted, but we will identify ourselves and provide a clear way to opt out.

You can opt out of marketing at any time by using an unsubscribe link where provided or by emailing info@brainqub3.com.

6.10 Legal, compliance, finance and business administration

We use personal data to maintain business records, manage contracts, issue invoices, keep accounting records, handle disputes, enforce agreements, respond to legal requests, comply with tax and company law obligations, manage insurance and obtain professional advice.

Lawful basis: legal obligation, contract and legitimate interests.

Our legitimate interests: running a lawful business, keeping accurate records, protecting legal rights and managing risk.

7. LEGITIMATE INTERESTS

Where we rely on legitimate interests, we consider the impact on individuals and use safeguards where appropriate. Our legitimate interests include:

  • operating and growing an AI engineering consultancy;
  • responding to enquiries;
  • providing relevant resources and follow-up;
  • preparing for discovery calls and meetings;
  • managing sales, client relationships and CRM records;
  • delivering professional services;
  • improving our website, content and services;
  • using proportionate AI and automation tools to support internal work;
  • preventing fraud, spam and security incidents;
  • maintaining business records;
  • establishing, exercising or defending legal rights;
  • suppressing marketing to people who have opted out.

You have the right to object to processing based on legitimate interests. If you object to direct marketing, we will stop using your data for that purpose.

8. AI TOOLS, MODEL PROVIDERS AND AUTOMATIONS

Because we provide AI engineering and enablement services, we may use AI-enabled tools and automation platforms in our business and, where agreed, in client projects.

Personal data may be included in prompts, inputs, metadata, workflow events, meeting summaries, documents, outputs, logs or integration payloads. We apply data minimisation and access controls to reduce unnecessary exposure of personal data.

We do not authorise our processors to use personal data supplied to us for their own unrelated marketing. We do not authorise third-party AI providers to use personal data supplied to us as a processor to train public foundation models unless this has been agreed in writing with the relevant client and there is an appropriate lawful basis.

Where available, we use business, enterprise or contractual settings intended to restrict provider training use, protect confidentiality and support data protection obligations. We may use anonymised or aggregated information to improve our internal methods, templates, quality assurance and services, provided individuals cannot be identified from that information.

AI outputs can be inaccurate or incomplete. We use human oversight where AI or automation meaningfully supports decisions about prospects, clients, deliverables or project work.

9. COOKIES, ANALYTICS AND SIMILAR TECHNOLOGIES

Cookies are small files placed on a device. Similar technologies include scripts, tags, pixels, local storage, embedded content and technologies that store or access information on a user's device.

We may use the following categories of cookies and similar technologies:

  • Strictly necessary technologies: required for website operation, security, form submission, consent preferences, load balancing, anti-spam protection or other functions you request.
  • Analytics technologies: used to understand website performance, page views, referrers, events and aggregate user behaviour. We use Vercel Web Analytics for page activity analytics. By default, Vercel Web Analytics does not use cookies and provides aggregated analytics not tied to an identifiable visitor or IP address.
  • Attribution and campaign information: used to understand how people found us, such as referral information or UTM parameters. This helps us understand which content and campaigns are useful.
  • Embedded content and third-party widgets: some pages may include embedded content, scheduling tools, forms, video players, anti-spam checks or other third-party functionality. These providers may process data when you interact with their tools.

Where a cookie or similar technology is not strictly necessary and requires consent under the Privacy and Electronic Communications Regulations 2003, we will seek consent before using it. You can manage cookies using our cookie banner or consent controls where available, and you can also use browser settings to block or delete cookies.

If we materially change the cookies or similar technologies we use, we will update this policy or our cookie information.

10. WHO WE SHARE PERSONAL DATA WITH

We do not sell personal data.

We may share personal data with trusted third parties where necessary for the purposes described in this policy, including:

  • CRM and sales pipeline providers;
  • email, calendar, meeting and scheduling providers;
  • form, survey, booking and lead capture providers;
  • website hosting, deployment, analytics, performance and security providers, including Vercel;
  • anti-spam, bot detection and verification providers, such as hCaptcha or similar tools;
  • AI, automation, workflow and integration providers;
  • cloud storage, database, document management and backup providers;
  • communication and collaboration tools;
  • payment, accounting, finance and administrative providers;
  • professional advisers, such as lawyers, accountants, auditors, insurers and consultants;
  • client-authorised platforms, systems, model providers or integration partners in connection with a project;
  • regulators, public authorities, courts, law enforcement or other parties where required by law or necessary to protect legal rights;
  • prospective buyers, investors, advisers or counterparties in connection with a business sale, merger, restructuring, investment, acquisition or similar transaction, subject to confidentiality and appropriate safeguards.

Where a third party processes personal data on our behalf, we use contracts and safeguards designed to protect personal data and limit processing to authorised purposes. Where a third party acts as an independent controller, its own privacy notice will apply to its processing.

11. INTERNATIONAL TRANSFERS

Some of our service providers, systems, clients or project tools may process personal data outside the United Kingdom. This may include the European Economic Area, the United States or other countries.

Where we transfer personal data internationally, we use appropriate safeguards where required by law. These may include:

  • UK adequacy regulations;
  • the UK International Data Transfer Agreement;
  • the UK Addendum to the EU Standard Contractual Clauses;
  • standard contractual clauses or equivalent transfer terms;
  • the UK Extension to the EU-US Data Privacy Framework, where applicable;
  • additional technical and organisational safeguards, such as encryption, access controls and data minimisation.

12. HOW LONG WE KEEP PERSONAL DATA

We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, tax, reporting, contractual, security and legitimate business requirements.

We use retention periods based on the type of data, purpose, sensitivity, risk, legal requirements and whether we need the data to establish, exercise or defend legal rights.

Our standard retention approach is:

  • Website analytics: aggregated or anonymous analytics may be kept for as long as useful for trend analysis. Technical logs that contain personal data are normally kept only for a limited period needed for security, debugging and operational purposes.
  • Enquiries that do not become active opportunities: normally up to 24 months after the last meaningful interaction, unless a longer period is justified.
  • Lead magnet and resource download records: normally up to 24 months after the last meaningful interaction, unless you remain engaged, become a client, opt in to receive communications, or a longer period is justified.
  • Discovery call booking details, notes and follow-up records: normally up to 24 months after the last meaningful interaction, unless the matter becomes a client engagement or a longer period is justified.
  • CRM and business development records: for as long as there is an active business relationship, reasonable prospect relationship or legitimate business need, subject to objections and marketing opt-outs.
  • Marketing suppression records: minimal information needed to honour an opt-out may be kept for as long as necessary to make sure we do not contact you again for that purpose.
  • Client engagement records: normally for the duration of the engagement and then up to 7 years after the end of the engagement for contractual, tax, accounting, audit, insurance and legal purposes, unless a longer period is required.
  • Project working materials and client-provided datasets: retained only for as long as needed for the engagement, support period, handover, quality assurance, security, legal or agreed contractual purposes. Where we act as processor, return or deletion will be handled according to the relevant contract or data processing agreement.
  • Invoices, finance and accounting records: normally up to 7 years from the relevant financial year or transaction.
  • Legal dispute, complaint or claim records: for as long as necessary to resolve the matter and protect legal rights, which may be longer where limitation periods or proceedings require it.

When personal data is no longer needed, we delete it, anonymise it, aggregate it or securely archive it with restricted access until deletion is possible.

13. SECURITY

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include, depending on the context:

  • access controls and least privilege access;
  • multi-factor authentication where appropriate;
  • encryption in transit and, where appropriate, at rest;
  • secure cloud storage and backups;
  • confidentiality obligations;
  • vendor due diligence and contractual protections;
  • separation of client data where appropriate;
  • monitoring, logging and security review;
  • secure development and deployment practices;
  • incident response processes.

No website, transmission or storage system can be guaranteed to be completely secure. If we become aware of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will assess it and notify the Information Commissioner's Office and affected individuals where required by law.

14. YOUR RIGHTS

Under UK data protection law, you may have the following rights:

  • the right to be informed about how your personal data is used;
  • the right of access to your personal data;
  • the right to rectification of inaccurate or incomplete data;
  • the right to erasure, also known as the right to be forgotten;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object to processing based on legitimate interests;
  • the right to object to direct marketing at any time;
  • the right to withdraw consent where processing is based on consent;
  • rights relating to automated decision-making and profiling.

These rights are not absolute and may depend on the circumstances. For example, we may need to keep some information to comply with legal obligations, maintain suppression records, complete a contract or establish, exercise or defend legal rights.

To exercise your rights, contact us at info@brainqub3.com. We may need to verify your identity before responding. We aim to respond within one month. If a request is complex or we receive multiple requests, we may extend the response period where permitted by law.

15. MARKETING CHOICES

You can opt out of marketing communications at any time by:

  • clicking an unsubscribe link in an email, where provided;
  • replying to a marketing email asking to be removed;
  • emailing info@brainqub3.com.

Opting out of marketing does not stop service, transactional or administrative messages, such as messages about an active project, contract, invoice, security issue or requested resource.

16. THIRD-PARTY WEBSITES AND SERVICES

Our website may link to third-party websites, platforms, videos, scheduling tools, social networks, course platforms or other services. We are not responsible for the privacy practices of those third parties. You should review their privacy notices before providing personal data to them or interacting with embedded content.

17. CHILDREN

Our website and services are intended for business users and are not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us at info@brainqub3.com so we can review and take appropriate action.

18. CHANGES TO THIS POLICY

We may update this policy from time to time to reflect changes in our services, providers, technology, legal requirements or data practices. When we make changes, we will update the "Last updated" date above. Material changes may also be notified by additional means where appropriate.

19. COMPLAINTS AND CONTACT

If you have questions about this policy or how we process personal data, contact us first:

Email: info@brainqub3.com

Website: brainqub3.com

Postal address: DATA-CENTRIC SOLUTIONS LTD, 86-90 Paul Street, London, EC2A 4NE, United Kingdom

You also have the right to complain to the UK Information Commissioner's Office.

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

United Kingdom

Telephone: 0303 123 1113

Website: ico.org.uk

We would appreciate the opportunity to address your concern before you contact the ICO, but you are not required to contact us first.