How we keep your data safe and you in control
An AI helper only earns its place if you can trust it with your business. This page explains how that trust works — plain English first, precise detail second. Written so you can forward it to your IT adviser or professional body.
UK GDPREvery action loggedA person approves anything important
ISO 27001-aligned governance controls — in plain English:
your data stays safe, you stay in control
Where does our data live and who can see it?
Your data stays in the systems you already own — your mailbox, your files, your practice software. We do not build a copy of it in a database of ours. The helper works inside the access you grant, you can switch that access off at any time, and only the people you name can see the logs.
For your IT adviser: the helper reads and writes where you have granted access, rather than moving your records into a system of ours. When it reads an email or a document, that text is processed by our AI suppliers to work out the next step, under contract terms that forbid training on it and limit how long it can be kept. We keep an operational log of what the helper did — what it read, sent and filed — and access to that log is limited to you and the small number of our people who look after your helper. Which suppliers are involved, and where they process data, is set out in your data processing agreement before anything is switched on.
Is our data used to train AI models?
No — never. Our contracts with our AI suppliers say your data must not be used to train their models, and we choose suppliers who offer that commitment in writing. Your emails, files and client records are processed to do the job you have asked for, and nothing more.
That rule sits in our contracts with the AI suppliers whose models the helper uses, and in our agreement with you. The same discipline applies to us: we do not use one client's data to build helpers for another. If a supplier ever changed its terms, we would move your helper to one that keeps this promise — that is our job, not yours.
What can the helper actually touch?
Only what you authorise — the least access the job needs. A helper that chases documents gets the one mailbox and the client folders you choose, and nothing else. It cannot open payroll, banking or anything you have not named. If it only needs to read something, it gets read-only access.
For your IT adviser: the helper signs in with its own named account — never a shared or admin one — and its permissions are scoped to the single job it does, read-only wherever the job allows. The exact access list is agreed with you in writing at setup and changes only when you say so. And because the account lives in your systems, you can cut its access yourself, at any time, without waiting for us.
Who approves what the helper does?
A person — always, for anything important. At the start, someone in your team approves everything the helper wants to send, with one click. As trust builds, you decide which routine actions can run on their own. You set the line, and you can move it back at any time.
When someone reviews an action, they see the draft, the reason the helper wants to take it, and where the information came from — so approving takes seconds but is a real decision, not a rubber stamp. Anything the helper is not sure about, it does not guess: it stops and asks a person. Loosening the rules is always your call, made action by action, once the log shows the helper handling something reliably.
What gets logged?
Everything the helper does. Every email it sends, every file it moves, every decision it makes and every approval a person gives is written to a log, with the time and the reason. You can see the lot, any time — and you get a simple weekly summary too.
For any single action, the log can answer four questions: what happened, why, who approved it, and what it touched. Your weekly summary gives you the plain version — what the helper did, what it saved, and anything that needs you. The full log is there whenever you or your adviser want to look deeper, and it stays yours: if you ever leave, you take it with you.
What happens when something goes wrong?
It gets caught, corrected and explained. Because every action is logged and anything important needs approval, mistakes are small and easy to trace. We can pause the helper in minutes, put right anything it got wrong, and tell you plainly what happened and what we changed so it cannot happen again.
We plan for mistakes rather than pretending they will not happen. The helper can be paused within minutes — by us, or by you simply cutting its access. Whatever went wrong is put right, and you get a short written note: what happened, what it affected, and what we changed. If personal data were ever put at risk, we follow the UK GDPR rules on breaches: we tell you without undue delay, with the facts you and your advisers need, including anything that must be reported to the ICO.
Do you follow UK GDPR?
Yes. We sign a data processing agreement with you before any work starts, we follow UK data protection law, and we are registered with the ICO (registration [ICO NUMBER]). When you leave, your data is deleted on request and the helper's log is yours to keep.
For your IT adviser: you remain the data controller — the data is yours and is used only on your instructions. We act as your processor under a written data processing agreement, signed before any work starts. It sets out what is processed, why, for how long, and every supplier that helps us run the helper (your adviser will know these as sub-processors). When you leave, we delete the data we hold for you on request and confirm it in writing — and the helper's log and documentation remain yours to keep.
What should our IT adviser check?
Send them this list. It covers what a careful adviser should check before any AI helper touches business data, and we will answer every point in writing. If your adviser wants more — supplier terms, access lists, log samples — we will share those too.
An IT adviser's checklist for any AI helper — with our answers in brackets:
- A signed data processing agreement before any work starts. (Yes.)
- Written confirmation that client data is never used to train AI models. (Yes — in our supplier contracts and in our agreement with you.)
- Access limited to the named mailbox and folders the job needs, on its own account. (Yes — listed in writing at setup.)
- A person approves anything important, with the client setting the line. (Yes — everything needs approval at first.)
- A full log of every action, available to the client at any time. (Yes.)
- A way to stop the helper immediately. (Yes — paused in minutes, and you can cut its access yourself.)
- UK GDPR compliance and ICO registration. (Yes — registration [ICO NUMBER].)
- Deletion of data on request when the engagement ends. (Yes — confirmed in writing.)
Happy to walk your IT adviser through it.
Bring them to the call, or send them on their own. We will go through every point on this page — and anything it does not cover — in plain English.