Back to home

Privacy Policy

Andy'K Group International LTD

Registered Company Number: 16453500

86–90 Paul Street, London, EC2A 4NE, United Kingdom

Email: info@andykgroup.com

Last updated: 7 July 2026

Introduction

Andy'K Group International LTD (“we”, “us”, “our”) operates A.D.A.M. — the AI-Powered Business Development Operating System available at adam.andykgroup.com. This Privacy Policy explains how we collect, use, store, and safeguard personal data submitted through or processed by the A.D.A.M. platform.

We comply fully with the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018.

1. Data We Collect

Through the A.D.A.M. platform, we collect personal and business data necessary to deliver our client lifecycle management service, including:

  • Business contact details (name, job title, company name, business email, phone number)
  • Questionnaire responses (business objectives, target market, company background, service requirements)
  • Company information (industry, size, jurisdiction, registration details where provided)
  • Contract and proposal data (signed agreements, proposal content, versioned documents)
  • Invoice and payment information (amounts, payment terms, billing contact)
  • Account credentials (email address, hashed password — managed via Supabase Auth)
  • Activity data (login events, document views, submission timestamps)
  • KYC verification documents (company registry extract, director identity document, power of attorney where applicable, company registration number, VAT number, country of incorporation)

2. How We Use Your Data

We use your personal data to:

  • Provide access to and operate the A.D.A.M. platform
  • Process questionnaire submissions and generate proposals
  • Manage contracts, invoices, and client onboarding workflows
  • Send transactional notifications (e.g. contract updates, invoice delivery) via email
  • Maintain your client portal and activity history
  • Comply with legal and regulatory obligations

3. Legal Basis for Processing

Our processing of your data is based on one or more of the following:

  • Contract performance: processing necessary to deliver the A.D.A.M. service you have engaged
  • Legitimate interests: operating the platform, maintaining security, and communicating about your account
  • Legal obligation: retaining records as required by applicable law
  • Consent: where you have explicitly opted in (e.g. marketing communications)

4. Data Processors & Sub-processors

We use the following trusted sub-processors to operate A.D.A.M.:

  • Supabase (EU-West-1, Ireland): database storage, authentication, and file storage. All data is stored within the European Economic Area.
  • Resend: transactional email delivery (notifications, contract links, invoice emails). Email processing may occur outside the EEA; appropriate safeguards (Standard Contractual Clauses) are in place.
  • Revolut Business: payment processing and subscription billing. Revolut acts as a data controller for payment card data; we do not store card details. Subject to Revolut's own privacy policy.
  • Anthropic (Claude AI): AI-powered evaluation and document generation features. Questionnaire content and client data may be sent to Anthropic's API for processing. Data is not retained for AI model training under our agreement with Anthropic.
  • Vercel: application hosting and infrastructure. HTTP request metadata (IP address, request headers) is processed by Vercel to serve the platform. Vercel does not access application data stored in Supabase.

All sub-processors are contractually required to process data securely and in compliance with UK GDPR.

5. Data Sharing

We do not sell or rent your personal data. We may share data only:

  • With the sub-processors listed above, strictly to operate the platform
  • With regulatory authorities if required by law
  • With authorised members of Andy'K Group International LTD who need access to deliver your service

6. International Transfers

Your data is stored on Supabase infrastructure in EU-West-1 (Ireland) and remains within the EEA. Email delivery via Resend may involve processing outside the EEA; in such cases, appropriate safeguards (Standard Contractual Clauses) are in place.

7. Data Retention

We retain your personal data for as long as your account is active or as required to fulfil contractual and legal obligations. Account data is deleted or anonymised upon written request, subject to any legal retention requirements.

8. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent at any time (where processing is consent-based)
  • Lodge a complaint with the UK Information Commissioner's Office (ICO)

To exercise any of these rights, contact us at info@andykgroup.com.

9. Security

A.D.A.M. uses industry-standard security measures including encrypted connections (HTTPS/TLS), row-level security in Supabase, and hashed password storage via Supabase Auth. Access to client data is restricted to authorised personnel only.

10. Cookies

A.D.A.M. uses only essential cookies required for authentication. See our Cookie Policy for full details.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Continued use of A.D.A.M. after changes constitutes acceptance of the updated policy.

12. Contact

For questions or concerns about this Privacy Policy or our data practices:

Andy'K Group International LTD

Email: info@andykgroup.com

Address: 86–90 Paul Street, London, EC2A 4NE, United Kingdom