Privacy policy.

FoundationAI is a trading name of [Legal entity name to be added], registered in England & Wales. Our registered address is [Address to be added].

We are the data controller for personal data you provide through this website. Our representative for data protection enquiries is [Name to be added], reachable at privacy@foundationai.ai.

When you fill in a form on this site, we collect what you give us: typically your name, email, organisation, role and the message. When you take the maturity benchmark, your answers are processed in your browser and not sent to us unless you choose to share them.

When you visit the site, our hosting provider (Cloudflare Pages) collects standard server logs: IP address, user agent, pages visited and timestamps. These are retained for security and abuse prevention only.

We do not use third-party advertising trackers. We do not use Google Analytics or similar. We may use a privacy-respecting analytics tool (Plausible or similar) to understand which pages are useful. If we do, we will note it here.

• To reply to you when you contact us. Lawful basis: legitimate interest.
• To send you a resource you have explicitly requested (industry briefing, EU AI Act guide). Lawful basis: legitimate interest.
• To run the site safely and prevent abuse. Lawful basis: legitimate interest.
• To meet legal obligations where they apply.

We do not sell your data. We do not share it with marketing platforms. We do not use it to train any AI model. We do not enrich your record from third-party data providers.

Contact form submissions are kept for up to 24 months unless you ask us to delete sooner. Resource downloads are kept for up to 12 months. Server logs are kept for 90 days.

If you become a client, we keep relevant records for the duration of the engagement plus 7 years to meet UK and EU statutory retention requirements.

• Access the personal data we hold about you.
• Correct it if it is wrong.
• Ask us to delete it.
• Restrict or object to our processing.
• Receive your data in a portable format.
• Complain to the ICO (UK) or your local supervisory authority.

To exercise any of these, email us at privacy@foundationai.ai. We will respond within 30 days.

Some of our client engagements involve building knowledge graphs that include personal data: customer records, employee records, patient records depending on the sector. We never hold this data on our own systems. It remains in the client environment under their controllership.

Where we work with such data inside a client engagement, we operate as a data processor under UK and EU GDPR. Our processing is governed by a Data Processing Agreement signed alongside the Statement of Work. We follow data minimisation, purpose limitation and storage limitation principles, and we treat graph nodes representing individuals with the same care as any other personal data record.

If you are a data subject of a client we work with and you want to exercise rights against the graph, please contact your provider (our client) directly. We will support their response.