Privacy Policy

xamtek.ai is a web development agency specialising in AI-assisted design and engineering of websites, web applications, and enterprise systems. Our registered business contact is hello@xamtek.ai. When you interact with our website or submit an enquiry, you are engaging with xamtek.ai as the data controller responsible for your personal information.

We collect only the data necessary to respond to your enquiries and deliver our services: • Contact form submissions: name, email address, project type, and message content. • Usage data: pages visited, time on page, referral source, and browser/device type — collected via analytics cookies only with your consent. • Communication records: emails or messages you send us directly. We do not collect payment information, government identifiers, or sensitive personal data as defined under GDPR Article 9.

Your data is used exclusively for: • Responding to project enquiries and scoping requests. • Sending project-related communications once engaged. • Improving our website experience through aggregated, anonymised analytics. We do not sell, rent, or trade your personal data to third parties. We do not use your data for automated decision-making or profiling.

We process your data under the following lawful bases (GDPR Article 6): • Legitimate interests: responding to enquiries you initiate. • Consent: analytics cookies, where you have given explicit consent via our cookie banner. • Contractual necessity: processing data required to fulfil a service agreement once a project begins.

Enquiry data is retained for 24 months from the date of last contact, after which it is securely deleted. Active client project data is retained for the duration of the engagement plus 36 months to satisfy legal and contractual obligations. Analytics data is retained in aggregate form only, with no individual-level data stored beyond 14 months.

Under GDPR and applicable UK/EU data protection law, you have the right to: • Access the personal data we hold about you. • Request correction of inaccurate or incomplete data. • Request erasure of your data ("right to be forgotten"). • Object to or restrict processing of your data. • Data portability — receive your data in a structured, machine-readable format. • Withdraw consent at any time (where processing is consent-based). To exercise any of these rights, contact us at privacy@xamtek.ai. We will respond within 30 days.

We use cookies to operate the website and, with your consent, to understand how visitors use it. See our Cookie Policy for a full breakdown of cookies in use, their purpose, and how to manage your preferences.

We use a limited number of third-party processors who may handle your data on our behalf: • Vercel (hosting infrastructure) — data processed in accordance with their Data Processing Agreement. • Email service providers — used only to route contact form submissions to our team. All processors are contractually bound to process data only on our instructions and in compliance with GDPR.

If any data is transferred outside the UK or EEA, we ensure adequate safeguards are in place — including Standard Contractual Clauses or adequacy decisions — as required by GDPR Chapter V.

We implement technical and organisational measures appropriate to the risk, including TLS encryption in transit, access controls, and regular security reviews. In the event of a data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

We may update this policy to reflect changes in our practices or legal obligations. The "Last updated" date at the bottom of this page will always reflect the most recent revision. Material changes will be communicated directly where we hold your contact details.

For any privacy-related questions, contact: privacy@xamtek.ai If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK at ico.org.uk, or with your local data protection authority within the EU.