Privacy Policy

Last updated: 4 September 2025

1. Introduction

Struan.ai Ltd ("Struan.ai", "we", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share personal data when you use our website and services, including the Struan Surge managed AI service.

We are the data controller for website and marketing data. When we process personal data on behalf of our business customers as part of delivering the Service, we act as a data processor. We comply with UK GDPR, the Data Protection Act 2018, and PECR. If you are in the EU, we also consider EU GDPR where relevant.

Who we are

  • Company: Struan.ai Ltd (Company No. SC858161)
  • Address: 15 Blairbeth Drive, Glasgow, G44 4RU, United Kingdom
  • Contact: [email protected]

2. What we collect

Information you give us

  • Contact details: name, work email, phone, job title, company.
  • Enquiry and onboarding data: information you supply in forms, emails, or calls.
  • Calculator and assessment data: When you use our cost savings calculator or other assessment tools, we collect job descriptions, role specifications, salary information, company details, and any other business information you provide. We also retain the analysis outputs and recommendations generated by these tools.
  • Customer Data for service delivery: documents, messages, records and configuration we process on your instruction.

Information we collect automatically

  • Usage and device data: IP address, browser, device, pages viewed, timestamps.
  • Tool interaction data: How you interact with our calculators and assessment tools, including time spent, fields completed, and results viewed.
  • Cookies and similar tech: consent-based analytics and functional cookies. See Cookies section.

Information from third parties

  • Business contact details from referrals, partners, public sources, and events.

We do not seek special category data. Please do not send it unless strictly necessary and agreed. When submitting job descriptions or business information to our tools, please avoid including unnecessary personal data about individuals.

3. How we use data and lawful bases

PurposeDataLawful basisRetention
Provide and operate the ServiceContact, account, configuration, Customer DataContract necessity; legitimate interests for B2B interactionsContract term, then delete/return per DPA
Provide calculator and assessment resultsJob descriptions, role details, company information, calculator inputs and outputsLegitimate interests in providing requested analysis and demonstrating service value24 months from submission
Sales intelligence and prospect understandingCalculator inputs, outputs, business needs analysisLegitimate interests in understanding prospect needs to provide relevant solutions and improve services24 months from last interaction
Service improvement and developmentAggregated and anonymised calculator usage patternsLegitimate interests in improving our tools and servicesIndefinitely when anonymised
Support and operationsContact, usage, logsLegitimate interestsUp to 6 years for support records
Analytics and site improvementUsage, cookiesConsent for non-essential cookies; legitimate interests for securityAnalytics up to 26 months; logs a few months
Sales and marketingBusiness contact data, calculator submissionsConsent or legitimate interests; soft opt-in for existing customers under PECR24 months from last interaction, or until you opt out
Legal compliance and fraud preventionAny relevantLegal obligation; legitimate interestsAs required by law (e.g. invoices 6 years)

We will not use personal data for new incompatible purposes without notice and, where needed, consent.

Additional detail on calculator data use

When you use our calculators or assessment tools, we process this information to:

  • Generate immediate analysis and recommendations
  • Understand your business needs and automation potential
  • Provide relevant follow-up information and proposals
  • Improve our understanding of market requirements
  • Develop better automation solutions
  • Create aggregated insights about automation opportunities across industries

4. Cookies and similar technologies

We use cookies to make the site work and to measure performance.

Categories

  • Strictly necessary – security, consent storage, basic site functions.
  • Functional – preferences, calculator session data.
  • Analytics – Google Analytics via Cloudflare Zaraz, only with consent.
  • Marketing – currently not used on our site. If we add them, we will ask for consent first.

Consent and control

  • We obtain consent for non-essential cookies via a banner.
  • You can change choices at any time via our cookie settings link or your browser.
  • Blocking some cookies may affect functionality.

Example cookies

(illustrative – see banner for current list)

NamePurposeTypeExpiry
_cf_bmBot management and anti-abuseStrictly necessary30 minutes
_gaSite analytics (GA4 via Zaraz)Analytics2 years
_ga_*Session analyticsAnalytics30 minutes
consent_storeRemembers cookie choicesFunctional1 year
calculator_sessionMaintains calculator stateFunctionalSession
CalendlySessionBooking convenienceFunctional21 days

5. Sharing and processors

We share personal data with trusted service providers who help us run the website and Service. Typical categories include hosting/CDN, analytics, CRM, email, scheduling, automation, and AI platform providers. We ensure contracts and safeguards are in place and that they only process data for our stated purposes.

Calculator and assessment data may be shared with:

  • Our CRM system for lead management
  • Analytics platforms for aggregated insights
  • AI providers for processing and analysis
  • Our sales and customer success teams

Sub-processor list

  • Because this list can change, we provide the current list on request. We will notify customers of material changes as required by our DPA.

We do not sell personal data. We may share data to comply with law, to protect rights and safety, or as part of a business transfer.

6. International transfers

Default data residency is the UK. Some tools operate from data centres outside the UK or EEA. Where we transfer personal data internationally, we use appropriate safeguards such as the UK International Data Transfer Agreement or UK Addendum to EU SCCs, plus transfer risk assessments and technical measures. Contact us if you want details of relevant safeguards.

7. Retention

  • Calculator and assessment tool submissions: up to 24 months from submission.
  • Enquiries and leads: up to 24 months from last interaction.
  • Marketing contacts: until you opt out or 24 months of inactivity.
  • Contracts, invoices, and tax records: 6 years.
  • Website analytics: up to 26 months.
  • Service data: for the contract term, then delete or return per the DPA, with limited backup retention before secure removal.

We delete or anonymise data when no longer needed. You may request deletion of your calculator submissions at any time by contacting us.

8. Your rights

You have rights under UK GDPR, including:

  • Access, rectification, and erasure (including of calculator submissions).
  • Restriction and objection (including to direct marketing and use of calculator data for sales purposes).
  • Data portability where applicable.
  • Withdraw consent at any time.

To exercise rights, email [email protected]. We may need to verify identity. We aim to respond within one month. You can complain to the UK ICO if unhappy, but please contact us first.

9. Children

Our Services are for business users. They are not directed at under-18s. We do not knowingly collect children's data. If we learn we have such data, we will delete it.

10. Security

We apply administrative, technical, and organisational measures such as encryption in transit, access controls, security monitoring, and staff training. Calculator submissions are encrypted and access is restricted to authorised personnel. No system is perfect, but we work to prevent, detect, and respond to incidents. We will notify customers without undue delay where a notifiable personal data breach occurs.

11. Marketing

We send B2B marketing based on consent or legitimate interests, and use PECR soft opt-in for existing customers. Every message includes an easy opt-out. We do not share your details with third-party advertisers. If you submit information to our calculators, we may follow up with relevant information about our services unless you opt out.

12. Changes to this notice

We will update this policy as needed and change the date above. For material changes we will provide additional notice.

13. Contact

Questions or requests: [email protected]
Postal address: Struan.ai Ltd, 15 Blairbeth Drive, Glasgow, G44 4RU, United Kingdom