Privacy Notice for AI Consultancy and Bespoke AI Development

Last Revised: 05 December 2025

Introduction

At Second Mesh Ltd, we are committed to respecting the privacy of our clients, partners and collaborators. This privacy notice outlines how we collect, use, store, and protect personal data in the course of providing AI consultancy and bespoke AI development services.

We uphold high standards of data protection, in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws. Our aim is to operate transparently, with integrity, and in a way that builds trust with our clients.

Who This Notice Applies To

• Clients engaging us for AI consultancy or bespoke development projects
• Employees or representatives of client organisations
• Prospective clients or partners making contact with us

Information We Collect

We may collect the following types of information during the course of delivering our services:

Business contact information:

• Name
• Job title
• Email address
• Phone number
• Company or organisation name
• Billing or invoicing details

Project-related information

• Details of your AI or digital transformation requirements
• Materials or documents provided by you for project scoping or delivery
• Technical specifications and solution requirements
• Information generated during the course of the project (e.g. meeting notes, deliverables, correspondence)

Usage or access data (where relevant)

• IP addresses and device data if you access project portals or environments hosted by Second Mesh

We do not collect special category or sensitive personal data unless explicitly required by a contract and with clear consent or justification.

How We Use Your Information

We use your data solely to:

• Manage and deliver consultancy and development services
• Communicate with you regarding ongoing work, meetings and support
• Provide project updates, deliverables, and documentation
• Fulfil contractual obligations
• Issue invoices and manage accounts
• Improve our services and manage internal operations

We do not use your data for marketing purposes without your consent.

Lawful Bases for Processing

Our processing is based on one or more of the following lawful bases:

• Contractual necessity: where we need the data to deliver a service you've requested
• Legitimate interest: to manage our business operations effectively and communicate professionally
• Legal obligation: for accounting, tax or regulatory compliance
• Consent: when required, such as for marketing communications or case studies

Data Sharing and Disclosure

We only share your data:

• With trusted suppliers or subcontractors who support project delivery (e.g. cloud platforms, dev partners)
• When required by law or regulatory obligation
• With your explicit consent (e.g. joint publicity or case studies)

We do not sell or trade your personal information.

How We Protect Your Data

We take appropriate security measures to protect your information, including:

• Secure storage of files and communications
• Encryption of sensitive documents
• Role-based access controls for project environments
• Staff confidentiality agreements and training

Data Retention

We retain project-related personal data for no longer than necessary, typically up to 6 years after the completion of the contract, unless legal or operational requirements mandate a longer retention period.

Your Rights

Under data protection law, you have the right to:

• Request access to your personal data
• Request correction of inaccurate information
• Request deletion of data no longer required
• Object to or restrict processing in certain cases
• Withdraw consent (where applicable)

To exercise these rights, please contact us using the details below.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us via the contact and enquiry form.