Privacy Policy

This Privacy Policy explains how Upp Technologies Group t/a Upp Technologies Limited (“we”, “us”, or “our”), trading as Upp.ai, collects, uses, and protects your personal information when you visit https://upp.ai, contact us, or otherwise engage with us through sales, marketing, or events (the “Services”).

We are the data controller responsible for your personal information. If you have any questions, contact us at privacy@upp.ai.

Summary of key points

What we collect: contact details you give us (such as name, email, phone, job title), information collected automatically (such as IP address and usage data), and limited business information from third-party sources.
Why we use it: to respond to enquiries, provide and improve the Services, send marketing where permitted, keep the Services secure, and comply with the law.
Sharing: with trusted service providers who process data on our behalf under contract, and where required by law.
Your rights: you have rights over your personal information under UK and EU data protection law, including access, correction, and erasure.

1. What information we collect

Information you provide to us

We collect personal information you voluntarily provide when you complete a form, request an audit or demo, subscribe to communications, or otherwise contact us. This may include:

names
email addresses
phone numbers
job titles and company names
the content of your enquiry and your contact preferences

We do not seek to collect special category (sensitive) personal information through the Services.

Information collected automatically

When you visit the Services we automatically collect certain technical information, primarily to keep the Services secure and to understand how they are used. This may include your IP address, device and browser characteristics, operating system, language preferences, referring URLs, approximate location (derived from IP), and information about your interactions with our pages. We collect much of this through cookies and similar technologies — see our Cookie Policy.

Information from other sources

To support our B2B marketing we may receive limited business information from public databases, marketing partners, and data providers — such as company name, job title, business email, and company-level intent or website-activity data. We use this to identify and reach organisations that may be interested in our Services.

2. How we use your information

We use your personal information to:

respond to your enquiries and provide the information or services you request;
provide, operate, maintain, and improve the Services;
send administrative information, such as changes to our terms and policies;
send marketing and promotional communications where you have consented or where we are otherwise permitted to do so (you can opt out at any time);
measure and improve the effectiveness of our marketing;
understand usage trends so we can improve the Services; and
protect the security of the Services and prevent fraud, and comply with our legal obligations.

3. Legal bases for processing

Under the UK GDPR and EU GDPR we rely on the following legal bases:

Consent — for example, for certain marketing communications and non-essential cookies. You can withdraw consent at any time.
Performance of a contract — where processing is necessary to provide a service you have requested or to take steps before entering a contract.
Legitimate interests — to run and grow our business, including B2B marketing, analytics, and improving the Services, where these interests are not overridden by your rights.
Legal obligation — where we must process your information to comply with the law.

4. When and with whom we share your information

We do not sell your personal information. We share it with trusted third-party service providers who process it on our behalf under contract, and only as needed to provide their service. These include, among others:

Vercel — website hosting and infrastructure.
Sanity — content management for the website.
HubSpot — forms, CRM, and marketing communications.
PostHog — product analytics (EU-hosted).
Google — Tag Manager, Analytics, Ads, and Search Console.
Cookiebot — cookie consent management.
Clay — company-level website-visitor intelligence for B2B marketing.
LinkedIn and Microsoft — advertising and campaign measurement.
Sentry — error monitoring.
IPinfo — IP-based location lookup.

We may also embed third-party media (for example YouTube or Vimeo), which may set their own cookies. We may share information where necessary in connection with a business transfer (such as a merger or acquisition), or where required to comply with the law or to protect our rights.

5. Cookies and tracking technologies

We use cookies and similar technologies (such as pixels and web beacons) to operate the Services, remember your preferences, analyse usage, and support marketing. You control non-essential cookies through our consent manager — see the Cookie Policy for full details and how to change your choices.

6. International transfers

We are based in the United Kingdom and store data primarily in the UK and the European Economic Area (EEA). Some of our service providers may process personal information outside the UK or EEA. Where they do, we put appropriate safeguards in place — such as the UK International Data Transfer Agreement or Addendum, or the European Commission’s Standard Contractual Clauses — so that your information remains protected. You can request details of these safeguards by contacting us.

7. How long we keep your information

We keep your personal information only for as long as necessary for the purposes set out in this policy, unless a longer retention period is required or permitted by law (for example, for tax or accounting purposes). When we no longer need it, we securely delete or anonymise it.

8. How we keep your information safe

We have implemented appropriate technical and organisational measures designed to protect your personal information. However, no transmission over the internet or method of storage is completely secure, so we cannot guarantee absolute security. You access the Services at your own risk and should use a secure environment.

9. Information from children

The Services are not directed at children. We do not knowingly collect personal information from anyone under 18. If you believe we may have collected information from a minor, please contact us at privacy@upp.ai and we will take steps to delete it.

10. Your privacy rights

Depending on your location, you have rights under applicable data protection law, which may include the right to:

request access to the personal information we hold about you;
request correction of inaccurate or incomplete information;
request erasure of your personal information;
restrict or object to our processing of your information;
request portability of your information; and
withdraw consent at any time where we rely on consent.

To exercise any of these rights, contact us at privacy@upp.ai. You can unsubscribe from marketing at any time using the link in our emails. If you are in the UK or EEA and believe we have processed your information unlawfully, you have the right to complain to a supervisory authority — in the UK, the Information Commissioner’s Office (ICO).

11. Controls for do-not-track features

Most browsers offer a “Do-Not-Track” (DNT) setting. As there is no agreed industry standard for responding to DNT signals, we do not currently respond to them. We will update this policy if a standard is adopted.

12. Updates to this policy

We may update this Privacy Policy from time to time. The updated version will be indicated by the “Last updated” date above. We encourage you to review it periodically.

13. How to contact us

If you have questions or wish to exercise your rights, contact our Data Protection team at privacy@upp.ai, by phone on +44 (0)20 3983 3355, or by post to:

Upp Technologies Group t/a Upp Technologies Limited

Data Protection, 85 Great Portland Street, London W1W 7LT, England