Privacy Policy

BEY AGENCY LTD, a private limited company registered in England and Wales under company number 16435596, with a registered office at Suite 90415 Brayford Square, London, United Kingdom, E1 0SG, is the data controller for personal data processed in connection with the AI2 Design Service. AI2 Design is a product operated by BEY AGENCY LTD.

For any data protection enquiries, you may contact us at hi@bey.agency or hello@ai2.design.

We collect the following categories of personal data:

• Contact data: email address when you subscribe to early-access updates or contact us directly.
• Submission data: the URLs you submit to the public Extractor, and any optional preferences such as AI-brief or curator generation flags.
• Technical data: IP address, user-agent string, approximate geographic region, session identifiers, and anti-abuse signals used for rate-limiting.
• Payment data: for paid features (e.g. sponsorship), we do not process full card data directly; we use regulated third-party payment processors (see Section 5). We may retain transactional metadata (amount, date, reference) for accounting purposes.
• Correspondence data: the content of any email you send us, retained for operational, customer-support and record-keeping purposes.

We do not intentionally collect special category data (health, biometric, religion, political opinions) or data from children under 13.

• Operate, maintain, secure and improve the Service.
• Deliver early-access newsletters, release notes and notifications of material changes to legal documents to active email subscribers.
• Process public Extractor submissions and deliver session-scoped results (2-hour TTL).
• Invoice and receive payment for paid features and provide related receipts.
• Prevent, detect and respond to fraud, abuse, unauthorised access and security incidents.
• Comply with our legal, regulatory and accounting obligations under the laws of England and Wales and any other applicable jurisdiction.

• Performance of a contract: where processing is necessary to deliver the Service you have requested (e.g. Extractor output, sponsorship fulfilment).
• Legitimate interests: for service security, abuse prevention, rate-limiting, anti-fraud, and anonymous aggregated traffic measurement (Vercel Web Analytics — no cookies, no IP storage, no identifiers). Optional session analytics (PostHog) remain consent-only.
• Consent: for optional email subscriptions and non-essential cookies; you may withdraw consent at any time.
• Legal obligation: for accounting, tax, fraud prevention, anti-money-laundering and compliance with statutory record-keeping.

We share personal data only with vetted service providers who process data on our behalf under contractual data-processing obligations. We do not sell personal data to any third party.

Active sub-processors as of the date of this Policy:

Vercel Inc. — United States

Hosting, edge runtime, content delivery, Web Analytics (anonymous aggregated pageview/visitor/referrer/geo/device — cookie-free, no IP storage, no fingerprinting, daily-rotating hash for unique counts) and Speed Insights real-user monitoring. Transfer mechanism: UK IDTA / EU SCC.

Stripe, Inc. — United States / Ireland

Sponsorship checkout and subscription billing. Self-certified under the EU-U.S. Data Privacy Framework (with UK Extension) and additionally covered by EU SCCs and UK IDTA. Receives only the data you enter on the hosted Stripe Checkout page.

Resend Inc. — United States

Transactional and marketing email delivery (welcome flow, sponsor lifecycle, contact responses). Receives recipient address, message content and engagement signals. Transfer mechanism: UK IDTA / EU SCC.

PostHog Inc. — European Union (Frankfurt)

Product analytics; EU data residency means no international transfer. Cookieless mode (memory-only persistence), IP anonymisation, session replay disabled. Loaded only after consent.

Upstash Inc. — European Union (Frankfurt instance)

Serverless Redis store for rate-limit counters and webhook idempotency keys. EU residency for the AI2 instance. Stores only short-TTL hashed identifiers (≤24h).

Sentry — Functional Software, Inc. — European Union (Germany)

Error and performance monitoring. EU data residency (de.sentry.io), session replay disabled, IP scrubbing enabled.

Anthropic, PBC — United States

Server-side AI inference for the optional Extractor curator brief. Receives only the public URL submitted and the resulting design tokens; no personal data is transmitted. Transfer mechanism: UK IDTA / EU SCC.

International transfers from the United Kingdom or European Economic Area to the United States rely on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (UK IDTA), the EU-U.S. Data Privacy Framework where the recipient is self-certified, or the EU Standard Contractual Clauses Module 2 (Controller-to-Processor), with supplementary safeguards as required by the Schrems II judgment.

We may disclose personal data where required by law, by a valid court order, or where necessary to protect our rights, property or safety, or the rights, property or safety of others.

For B2B customers who require a formal Article 28 data-processing agreement, our DPA is available at /legal/dpa. Material additions or replacements to this sub-processor list will be announced via the active email subscriber list at least thirty (30) days prior to taking effect, except where applicable law requires shorter notice.

We use a minimal set of cookies and similar technologies to operate the Service, remember your theme preference and measure performance. See /legal/cookies for a full list and for information about how to manage cookies.

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy and to comply with our legal obligations. The table below summarises the principal categories and the corresponding retention periods.

Public Extractor submissions

Maximum two (2) hours in a session-scoped in-memory store, then automatically and irrecoverably deleted. The 24-hour audit-pass cache stores only an output identifier and the audit verdict (no personal data) for cost-saving purposes and rotates automatically.

Email subscriber list

Retained until you unsubscribe via the one-click link in any newsletter. After unsubscribe we keep a hashed suppression record for thirty (30) days to ensure the unsubscribe takes effect across in-flight sends, after which the record is purged.

Contact form / inbound correspondence

Retained for up to ninety (90) days from the date of last reply for routine support enquiries; longer where the matter relates to an ongoing legal, accessibility or takedown process.

Server / extraction logs

Operational logs (request URL, status code, IP for rate-limit attribution, user-agent) retained for up to seven (7) days, then rotated. Aggregated counters with no personal identifiers may be retained longer for capacity planning.

Sponsor and customer billing records

Retained for up to seven (7) years from the end of the relevant accounting period, as required by UK accounting and HMRC tax law (Companies Act 2006, VAT Act 1994).

GDPR rights request audit trail

Records of access, rectification, erasure and portability requests are retained for three (3) years from completion to demonstrate compliance with our accountability obligations under Article 5(2) UK GDPR.

Subject to applicable law, you have the right to: access your personal data; request rectification of inaccurate data; request erasure (the "right to be forgotten" — Article 17 UK GDPR); restrict or object to certain processing; data portability (Article 20 UK GDPR); withdraw any consent you have given; and lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. We respond to all valid requests within one calendar month of receipt.

How to make a request — Article 17 (erasure) and Article 20 (portability) procedure:

• Send an email to hi@bey.agency with the subject line 'GDPR rights request' and specify which right(s) you wish to exercise (access, rectification, erasure, restriction, portability, objection, withdrawal of consent).
• Identity verification: to protect your data from third-party requests, we ask you to send the request from the email address associated with your account or subscription. If that is not possible, we may request one additional piece of context (e.g. the approximate date of subscription or the URL of an Extractor submission you initiated) sufficient to satisfy us of your identity. We do not require copies of identity documents for routine requests.
• For data portability requests, the exported format is machine-readable JSON conforming to UTF-8, returned within one calendar month at no cost. The export contains the personal data we hold, the lawful basis for each category, and the source of any data not collected directly from you.
• Erasure exceptions: we may retain a minimal record of the request itself for compliance accountability, and any data we are required to retain by law (e.g. tax records under the Companies Act 2006) for the duration of that legal obligation. We will tell you which exception applies and when the data will ultimately be deleted.
• Free of charge: we do not charge a fee for routine rights requests. Manifestly unfounded or excessive requests may be refused or charged a reasonable administrative fee, with reasons stated in writing as permitted by Article 12(5) UK GDPR.
• If you are unsatisfied with our response, you may complain to the UK Information Commissioner's Office at ico.org.uk without prejudice to any other administrative or judicial remedy.

Some of our processors may be located outside the United Kingdom or the European Economic Area. Where data is transferred internationally, we rely on adequacy decisions, Standard Contractual Clauses, or the UK International Data Transfer Addendum as appropriate.

We apply reasonable and appropriate technical and organisational measures designed to protect personal data against unauthorised access, accidental loss and misuse. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

The Service is not directed to children under the age of 13, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact hi@bey.agency and we will delete that data.

We may update this document from time to time to reflect changes in our services, applicable law, or business practices. When we make material changes, we will update the effective date at the top of the document. During early access, we notify active email subscribers of material changes. After general availability, registered users will additionally receive in-product and email notification. Continued use of the Service after an update constitutes acceptance of the revised document.

Data protection enquiries: hi@bey.agency (BEY AGENCY LTD) or hello@ai2.design (AI2 Design team). Registered address and company details: /legal/imprint.