Privacy Policy

Introduction

THEAX LTD (Company No. 11980590), trading as Axel Up (axelup.dev) and A.X.E.L Portal (portal.axelup.dev), is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information when you visit our website or use our services.

We are based at 3 Crompton Street, Bury, United Kingdom, BL9 0AD and operate in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Protection Contact

For all data protection matters, you can contact us at:

• Email: privacy@axelup.dev
• General inquiries: info@axelup.dev
• Post: Data Protection, THEAX LTD, 3 Crompton Street, Bury, BL9 0AD

Information I Collect

Information You Provide

When you use the project estimator, contact form, or engage our services, we may collect:

• Name and contact details (email address, phone number)
• Company name (if applicable)
• Project details and requirements you share
• Communications between us

Information Collected Automatically

When you visit our website, we may automatically collect:

• IP address and approximate location
• Browser type and device information
• Pages visited and time spent on site
• Referring website

A.X.E.L Portal Data

When you use A.X.E.L Portal services, we collect and process:

• Business data: Leads, quotes, invoices, expenses, timesheets
• Team data: User accounts, roles, permissions, activity logs
• Customer data: Contact details, project information, communication records
• Financial data: Payment information, transaction records, billing details
• Media files: Receipt images stored securely in Cloudflare R2
• Voice recordings: Temporarily processed for speech-to-text, then deleted
• Usage analytics: Feature usage, performance metrics, anonymized behavior patterns

How I Use Your Information

We use your information to:

• Respond to your enquiries and provide project estimates
• Deliver the services you have engaged
• Send project updates and relevant communications
• Improve our website and services
• Comply with legal obligations

Legal Basis for Processing

We process your data based on:

• Consent: When you submit a contact form or estimator request
• Contract: To fulfil services you have engaged
• Legitimate interests: To improve our services and website
• Legal obligation: For tax and business records

Detailed Lawful Basis

Automated Decision-Making

A.X.E.L Portal uses automated systems and AI to assist with business processes. These include:

AI Lead Scoring

• Automatically evaluates and ranks leads based on conversion likelihood
• Uses factors like response time, project size, and communication patterns
• Helps prioritize follow-up efforts for better business outcomes
• You can review and override all AI scoring decisions

AI Quote Generation

• Suggests quote amounts based on project descriptions and historical data
• Considers industry standards, project complexity, and your pricing patterns
• All AI-generated quotes require human review and approval before sending

Expense Categorization

• Automatically categorizes business expenses from receipt images
• Uses OCR and AI to identify expense types and amounts
• Categorization can be reviewed and corrected at any time

Your Rights: You have the right to request human review of any automated decision and to challenge or override AI recommendations. See our AI Supplementary Terms for more details.

WhatsApp Messaging

We use the WhatsApp Business Platform (provided by Meta Platforms, Inc.) to communicate with customers. When you message us on WhatsApp:

• Your phone number, name, and profile information (as set in your WhatsApp account) are received
• Message content you send (text, images, documents) is processed to respond to your enquiry
• Messages may be handled by automated systems to provide faster responses

WhatsApp messages are processed on the basis of legitimate interest (responding to your enquiry) or consent (when you initiate contact). Messages are retained for up to 2 years from last contact for service continuity, then deleted.

Meta processes WhatsApp data in accordance with their own Privacy Policy. We do not use your WhatsApp data for marketing unless you explicitly opt in.

Data Sharing and Sub-Processors

We do not sell your personal information. We may share data with trusted third-party processors:

• Payment processing: Stripe for billing and subscription management
• Cloud infrastructure: Cloudflare for hosting, CDN, and database services
• AI processing: OpenAI for AI features, ElevenLabs for voice synthesis
• Email services: Resend for transactional emails and notifications
• Analytics: Google Analytics for website usage insights (anonymized)
• Messaging platforms: WhatsApp (Meta Platforms, Inc.) for business communications
• Legal requirements: If required by law or court order

For a complete list of sub-processors, their purposes, and data protection measures, see our Sub-Processor List.

International Data Transfers

Some of our sub-processors are located outside the UK and EU. When personal data is transferred internationally, we ensure appropriate safeguards:

Transfer Mechanisms

• Standard Contractual Clauses: Approved by UK and EU authorities for transfers to third countries
• Adequacy decisions: Where the UK has determined adequate data protection exists
• Additional safeguards: Technical measures like encryption, access controls, and audit requirements

Key Transfer Locations

• United States: OpenAI (AI processing), Resend (email), Google (analytics), Meta (WhatsApp)
• Global: Cloudflare (with data residency controls where available)

Data Retention

We retain personal information only as long as necessary for the purposes outlined in this policy. Our detailed retention schedule:

Your Rights

Under UK GDPR, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal obligations)
• Restriction: Limit how we process your data
• Object: Object to processing based on legitimate interests
• Data portability: Receive your data in structured, machine-readable format
• Withdraw consent: For processing based on consent
• Lodge complaints: With the Information Commissioner's Office (ICO)

Data Portability and Export

A.X.E.L Portal users can export their data in standard formats:

• CSV format: Leads, quotes, invoices, expenses, timesheets
• JSON format: Complete data export including metadata
• PDF reports: Formatted business reports and summaries
• Receipt images: Downloadable via secure links

Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

Data Breach Notification

In the event of a personal data breach:

• Authority notification: We will notify the ICO within 72 hours where required
• Individual notification: We will inform affected individuals without undue delay if the breach poses high risk
• Mitigation measures: We will take immediate steps to contain and remedy any breach
• Transparency: We may publish general information about significant incidents

Security

We implement appropriate technical and organisational measures to protect your data. However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

Changes to This Policy

We may update this policy from time to time. Significant changes will be noted on this page with an updated revision date.