Privacy Policy

Privacy Policy

Last Updated: March 2026

Effective Date: 07 February 2026

Version: 2.0

This Privacy Policy describes the policies of Beyond Touch Ltd, 30 Main Road, Toynton All Saints, Spilsby, Lincolnshire, PE23 5AE, United Kingdom of Great Britain and Northern Ireland (the “Company”), email: info@beyondtouch.co.uk, phone: +44 1790 751238, on the collection, use and disclosure of your information that we collect when you use our website (https://beyondtouch.co.uk/) (the “Service”). By accessing or using the Service, you are consenting to the collection, use and disclosure of your information in accordance with this Privacy Policy. If you do not consent to the same, please do not access or use the Service.

We may modify this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a notice on our website at least 30 days before the changes take effect. The revised Policy will be effective 30 days from when the revised Policy is posted in the Service, unless otherwise stated. For minor changes (such as clarifications or formatting), we may implement updates immediately. Your continued use of the Service after any changes constitutes your acceptance of the revised Privacy Policy. We therefore recommend that you periodically review this page.

1. How We Use Your Information

We will use the information that we collect about you for the following purposes:

  • Marketing / Promotional
  • Creating user account
  • Testimonials
  • Processing payment
  • Administration info
  • Targeted advertising
  • Manage customer order
  • Service delivery and business consultancy (including use of AI tools to enhance analysis and recommendations – see Section 6 for details)
  • Business intelligence and research (anonymised data only, unless Enhanced Processing has been agreed – see Section 6)

If we want to use your information for any other purpose, we will ask you for consent and will use your information only on receiving your consent and then, only for the purpose(s) for which you grant consent unless we are required to do otherwise by law.

AI-Assisted Processing: Where we use AI tools to assist in service delivery (see Section 6 for full details), we ensure:

  • Privacy-first configuration with model training disabled
  • Dedicated, access-controlled project workspaces for each client engagement
  • Incognito Mode available for ad-hoc sensitive queries
  • Client confidentiality maintained at all times
  • You can opt-out of AI-assisted service delivery upon request

2. Your Rights

Depending on the law that applies, you may have a right to access and rectify or erase your personal data or receive a copy of your personal data, restrict or object to the active processing of your data, ask us to share (port) your personal information to another entity, withdraw any consent you provided to us to process your data, a right to lodge a complaint with a statutory authority and such other rights as may be relevant under applicable laws. To exercise these rights, you can write to us at info@beyondtouch.co.uk. We will respond to your request in accordance with applicable law.

You may opt-out of direct marketing communications or the profiling we carry out for marketing purposes by writing to us at info@beyondtouch.co.uk.

Do note that if you do not allow us to collect or process the required personal information or withdraw the consent to process the same for the required purposes, you may not be able to access or use the services for which your information was sought.

3. Cookies Etc.

To learn more about how we use these and your choices in relation to these tracking technologies, please refer to our Cookie Policy.

4. Security

The security of your information is important to us and we will use reasonable security measures to prevent the loss, misuse or unauthorised alteration of your information under our control. However, given the inherent risks, we cannot guarantee absolute security and consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.

5. Grievance / Data Protection Officer

If you have any queries or concerns about the processing of your information that is available with us, you may email our Grievance Officer at Beyond Touch Ltd, 30 Main Road, Toynton All Saints, Spilsby, email: info@beyondtouch.co.uk. We will address your concerns in accordance with applicable law.

6. Use of AI Tools and Data Processing

Overview

Beyond Touch Ltd uses artificial intelligence (AI) tools, including Claude AI by Anthropic, Fathom AI for meeting transcription, and Microsoft Copilot for productivity enhancement, to enhance the quality and efficiency of our business consultancy services. We are committed to protecting your confidential information when using these tools.

What AI Tools We Use

We currently use the following AI tools to enhance our service delivery:

  • Claude AI (by Anthropic) – for business analysis, strategic planning support, document review, content creation, market research, and competitive intelligence
  • Fathom AI – for automated meeting transcription, note-taking, and meeting summaries
  • Microsoft Copilot (Microsoft 365) – for document creation, email drafting, and data analysis within Microsoft applications

Other AI tools may be used from time to time to support our service delivery, and we will update this policy accordingly.

How We Protect Your Data When Using AI Tools

Claude AI:

  • Our Claude AI subscription is configured with AI model training disabled
  • Dedicated, access-controlled Projects are maintained for each client engagement, ensuring no cross-client data mixing
  • Incognito Mode (zero-retention) is available and used for ad-hoc sensitive queries outside of structured project workspaces
  • Conversation data retention: 30 days maximum (with training disabled), then deleted
  • Project files uploaded to workspaces persist for the duration of the engagement and are deleted upon project completion or client request
  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • No data used for AI model training (confirmed by our account configuration)
  • Anthropic’s infrastructure holds SOC 2 Type II, ISO 27001:2022, and ISO/IEC 42001:2023 certifications
  • Anthropic employees cannot access conversations by default unless explicitly consented or required for usage policy enforcement
  • Web search functionality may be enabled within project workspaces to support market research and competitive analysis; search queries may be processed by third-party search providers

Fathom AI:

  • HIPAA, SOC 2 Type II, and GDPR compliant
  • Meeting recordings stored securely with encryption
  • Data is NOT used to train AI models (Anthropic, OpenAI, or Google sub-processors are contractually prohibited from using customer data for training)
  • Fathom uses de-identified customer data only to improve its own proprietary models
  • Meeting participants can see the Fathom bot (visible for transparency)
  • Recordings deleted within 30 days of account deletion request
  • Important: We always obtain consent from all meeting participants before recording

Microsoft Copilot (Microsoft 365):

  • Covered by Microsoft’s Data Protection Addendum (DPA) and Product Terms
  • Enterprise Data Protection when used with our business Microsoft 365 account
  • Prompts and responses NOT used to train foundation AI models
  • Data stays within Microsoft 365 service boundary
  • GDPR, ISO 27001, and HIPAA compliant (properly configured)
  • Data encrypted in transit and at rest
  • Access restricted by Microsoft 365 permissions (can only access what users can access)
  • Bing web search functionality disabled for enhanced privacy

Client data processed through AI tools is handled in accordance with our data protection obligations and UK GDPR requirements.

Data Processing: Default and Enhanced Modes

Default Processing (all clients)

Unless otherwise agreed, Beyond Touch Ltd processes client data through AI tools on a default basis. Under default processing, AI tools are used with:

  • Anonymised or pseudonymised business scenarios and case studies
  • Strategic planning frameworks and business models
  • General market research and industry analysis
  • Document structuring, formatting, and content creation
  • Meeting recordings and transcripts (with participant consent via Fathom)
  • Email drafts and document creation (via Microsoft Copilot within our secure Microsoft 365 environment)

Under default processing, we do NOT process the following through AI tools:

  • Client names, contact details, or identifying information
  • Confidential financial data or commercially sensitive information
  • Personal data of your customers or employees
  • Proprietary business methodologies or trade secrets
  • Information subject to legal professional privilege or confidentiality agreements

Enhanced Processing (by written agreement)

Where the nature of our engagement requires deeper analysis – for example, strategic growth programmes, business intelligence projects, or ongoing consultancy retainers – we may, with your explicit written agreement, process identified and commercially sensitive data through AI tools. This is referred to as Enhanced Processing.

Enhanced Processing may include:

  • Client and prospect names, project details, and commercial relationships
  • Financial data including turnover, project values, and pipeline information
  • Competitive intelligence and market positioning analysis
  • Customer and supplier relationship data
  • Operational data such as project histories, service records, and accreditations

Where Enhanced Processing is agreed, the following additional safeguards apply:

  • Dedicated Project workspace: Your data is held in an isolated, access-controlled project environment with no cross-client data mixing
  • Training disabled: AI model training is disabled on our account, meaning your data is never used to improve or train AI models
  • Restricted access: Only authorised Beyond Touch team members assigned to your engagement can access your project workspace
  • Encrypted infrastructure: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256) on SOC 2 Type II certified infrastructure
  • Data lifecycle management: Conversation data is retained for a maximum of 30 days then deleted. Project files are retained for the duration of the engagement and securely deleted upon completion or at your request
  • No default employee access: The AI provider’s employees cannot access your data unless explicitly consented or required for platform safety enforcement
  • Right to withdraw: You may withdraw your consent for Enhanced Processing at any time, and we will revert to default processing or cease AI-assisted processing for your engagement

Enhanced Processing will be documented in your engagement agreement, statement of work, or a separate data processing consent form. We will not commence Enhanced Processing without your written agreement.

Data Retention and Third-Party Processing

Claude AI:

  • Data transmitted securely to Anthropic’s servers (encrypted in transit and at rest)
  • With model training disabled: conversation data retained for 30 days maximum, then deleted
  • Project workspace files (uploaded documents, spreadsheets, etc.) persist for the duration of the project and are deleted when the project is closed or upon client request
  • Incognito Mode conversations are never retained or used for training
  • May process data internationally (including United States) with Standard Contractual Clauses
  • Anthropic does not train AI models on our configured account data

Fathom AI:

  • Meeting recordings stored on secure cloud servers (encrypted)
  • Data processed in the United States with GDPR-compliant safeguards
  • Recordings deleted within 30 days of account deletion request
  • Sub-processors (Anthropic, OpenAI, Google) contractually prohibited from using data for training
  • You maintain control over meeting recordings and can delete them at any time
  • Meeting participants must provide consent before recording (legally required in the UK and many jurisdictions)

Microsoft Copilot:

  • Data processed within Microsoft 365 service boundary
  • Encrypted in transit and at rest
  • Prompts and responses stored as part of Microsoft 365 data retention policies
  • Data stays within organisation’s Microsoft 365 tenant
  • Not used to train foundation AI models
  • May process data internationally but covered by Microsoft’s EU Data Boundary commitments
  • Subject to Microsoft’s Data Protection Addendum (DPA)

Your Rights

Regarding AI tool usage, you have the right to:

  • Request that we do not use AI tools for your specific project
  • Request details of what information (if any) has been processed through AI tools
  • Request deletion of any AI-processed data from our systems, including closure of your dedicated project workspace
  • Request copies of meeting recordings (Fathom) at any time
  • Decline to have your meetings recorded
  • Withdraw consent for Enhanced Processing at any time

International Data Transfers

All three AI providers process data internationally. When we use AI tools to process your information:

Claude AI (Anthropic):

  • Data may be transferred to and processed in the United States
  • Anthropic maintains Standard Contractual Clauses for GDPR compliance
  • Enterprise-grade encryption and security measures in place

Fathom AI:

  • Data processed and stored on servers in the United States
  • GDPR, SOC 2 Type II, and HIPAA compliant
  • Standard Contractual Clauses in place for international transfers
  • Passed extensive security reviews by Zoom and other platforms

Microsoft Copilot:

  • Data processed within Microsoft 365 global infrastructure
  • Covered by Microsoft’s EU Data Boundary commitments
  • Data Protection Addendum (DPA) includes Standard Contractual Clauses
  • GDPR, ISO 27001, and ISO/IEC 27018 compliant
  • Can be configured to keep data within specific geographic boundaries if required

We ensure all third-party AI providers comply with UK GDPR requirements and maintain appropriate safeguards for international data transfers.

Our Commitments

Beyond Touch Ltd commits to:

  • Only using AI tools where they genuinely enhance service quality
  • Maintaining privacy-first configurations on all AI subscriptions (model training disabled)
  • Anonymising or pseudonymising data before AI processing under default processing mode
  • Maintaining dedicated, access-controlled project workspaces for Enhanced Processing engagements with no cross-client data mixing
  • Using Incognito Mode or similar privacy features for ad-hoc sensitive queries
  • Always obtaining explicit consent before recording meetings (legal requirement)
  • Clearly identifying when AI recording bots are present in meetings (Fathom appears as a visible participant)
  • Regularly reviewing and updating our AI tool usage policies
  • Providing transparency about our AI tool usage when requested
  • Never allowing AI tools to make final decisions about your business without human review
  • Ensuring all AI providers are GDPR compliant with appropriate safeguards

Questions About AI Tool Usage

If you have questions or concerns about our use of AI tools, wish to understand whether your engagement involves default or Enhanced Processing, or wish to opt-out of AI-assisted service delivery, please contact us at:

Email: info@beyondtouch.co.uk

Phone: +44 1790 751238

We will always respect your preferences regarding AI tool usage in our service delivery.

Document Control

Policy Owner: Beyond Touch Ltd (Company No. 8488167)

Last Updated: March 2026

Next Review: September 2026

Version: 2.0

ICO Registration: ZA698564

Contact: info@beyondtouch.co.uk

Beyond Touch Ltd is committed to protecting your privacy in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)

We will always respect your preferences regarding AI tool usage in our service delivery.

Document Control

Policy Owner: Beyond Touch Ltd (Company No. 8488167)
Last Updated: February 2026
Next Review: August 2026
Version: 2.0
ICO Registration: ZA698564
Contact: info@beyondtouch.co.uk

Beyond Touch Ltd is committed to protecting your privacy in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)