How we handle your data.

autore.ai is a small international consultancy operated by Uwa Ujam from London, United Kingdom. We design and ship AI-powered systems for ambitious teams.

For anything in this policy — questions, requests, complaints — reach us at uwa@autore.ai.

We collect only what we need to deliver the thing you asked for and to follow up with you about it. Specifically:

• Contact form & QR-flow submissions: name, email, phone number, business name, and an optional website URL. Used to reply to you, dial you back via our AI voice agent (only with explicit consent — see below), and send the resource you requested.
• Workshop purchases: the above, plus card processing handled by Stripe (we never see your card number — only the last 4 digits as part of Stripe’s receipt metadata).
• Calculator submissions: the inputs you moved the sliders to, plus the name, company, email and optional phone you entered. Used to generate your personalised missed-call recovery report.
• Submitted website URL: when you give us your business URL on the QR flow, we fetch its publicly available pages and pass the text to Anthropic’s Claude API to generate a two-line summary the AI agent uses on the call. We do not store the scraped pages.
• Sales evidence for the Workshop refund: if you submit proof of £100+ in real sales to claim the graduation refund, we keep that proof in our records as part of the contract.
• Anonymised analytics: Vercel Analytics counts page views without setting cookies and without fingerprinting visitors. We see traffic totals, not individuals.
• Error reports: if the site crashes for you, Sentry captures the error trace and the URL you were on. It does not capture form contents.

• Consent — for the AI voice-agent call (the tick-box on the form makes this explicit), for marketing emails, and for the call recording (see next section).
• Contract — for Workshop purchases, Workshop access delivery, and the £100 refund mechanic.
• Legitimate interests — for internal security logs, error monitoring, and the occasional reply to a question you sent us.

When you tick the box for the AI demo call, our voice agent dials your number and the call is recorded and transcribed. We use the recording to improve the agent and to follow up with you appropriately. You can ask us to delete the recording for your number at any time — see Your rights, below.

Everyone in this list is a data processor we’ve picked for a specific reason. They process data on our instructions; they don’t use it for their own marketing.

• Stripe (Ireland / US) — card payment processing for the £249 Workshop. Stripe is an independent data controller for the card details themselves. See stripe.com/privacy.
• Airtable (US) — secure database for leads and Workshop purchases.
• Resend (US) — sending our transactional emails (welcome, access, follow-up, refund confirmation).
• VAPI (US) — placing and recording the AI demo phone call, transcribing the audio.
• Anthropic (US) — Claude API, used to summarise the public content on the website you submit and to draft personalised follow-up content.
• Firecrawl (US) — fetching the public content of the website URL you provide.
• Inngest (US) — running the durable workflow that ties the above together.
• Vercel (US) — hosting the site and the server functions.
• Voiceflow (US) — powering the site chatbot (if you use it).
• Sentry (US) — error monitoring (no form-field contents captured).

We don’t sell your data. We don’t share it with advertisers. The above is the full list.

Most of the processors above are based in the United States. For each, we rely on either the EU-US / UK-US Data Privacy Framework where the processor is certified, or on Standard Contractual Clauses where they aren’t. Practically: your data stays inside the named processor’s infrastructure and is bound by GDPR-equivalent contractual terms even when stored on US-located servers.

• Lead and contact records: kept while we still have a reason to follow up — typically up to 24 months from your last interaction with us. Deleted earlier on request.
• Workshop purchase records: kept for 7 years from purchase, because UK HMRC requires us to retain transactional records for that period.
• Call recordings & transcripts: kept for up to 6 months, then deleted automatically. Deleted sooner on request.
• Submitted website content: not stored. Scraped, summarised, summary saved, original discarded.
• Error traces (Sentry): kept for 90 days then aged out automatically by Sentry.
• Stripe transaction data: retained by Stripe under their own retention policy. We keep the PaymentIntent ID indefinitely as part of the purchase record.

We use essentially no cookies for marketing or analytics. The complete cookie list:

• qr-scanned-<event>— a small httpOnly cookie that prevents one person from inflating the “scans so far today” counter on our event-projection page. Expires after 24 hours. Strictly functional; no analytics use.
• The Voiceflow chatbot, if you open it, may set its own cookies to remember the conversation across page loads. See Voiceflow’s privacy notice.

Vercel Analytics is cookieless by design and is documented as such on Vercel’s privacy notice.

Under UK GDPR you can ask us, at any time, to:

• Show you a copy of the personal data we hold about you (a subject access request).
• Correct anything that’s wrong.
• Delete your data (with some exceptions for tax records).
• Restrict or object to processing.
• Receive your data in a portable format (we’ll send it as JSON or CSV).
• Withdraw your consent to the AI voice call at any time.
• Complain to the UK Information Commissioner’s Office at ico.org.uk/make-a-complaint.

For any of these, email uwa@autore.ai. We aim to respond inside 30 days; usually faster.

We don’t market to or knowingly collect data from anyone under 16. If you’re a parent or guardian and you believe we’ve received a child’s data, email us and we’ll delete it immediately.

We update this policy when we add a new processor, change how we use data, or revise retention periods. The “Last updated” date at the top of the page reflects the most recent change. For material changes affecting people whose data we already hold, we’ll email you separately.

Data-protection lead: Uwa Ujam
Email: uwa@autore.ai
Post: London, United Kingdom (full address on request).