Skip to content

Privacy Policy

Last updated: 31 May 2026

1. Who we are

Akilima is a product of Chelsea AI Ventures Ltd (company no. 16264968), registered at 41 Abbey Gardens, London, England, W6 8QR ("Akilima", "we", "us"). For personal data we control, we are the data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For privacy questions or to exercise your rights, contact privacy@akilima.tech or use the contact page.

2. Our two roles

We act in two capacities. For the website, your account, and the contact form, we are the controller: we decide why and how your personal data is processed, and this policy applies. For data you send to our scoring APIs as a customer, we are usually a processor: you are the controller, you decide the purpose, and we process it on your documented instructions under a data processing agreement (see the Terms of Use, section on data protection).

3. What we collect and why

We collect the following personal data as a controller:

  • Contact and enquiry data. When you submit the contact or enquiry form, the name, email address, message, and the product you enquired about. Lawful basis: our legitimate interest in responding to you and scoping an integration (UK GDPR Article 6(1)(f)).
  • Account and API customer data. If you hold an account or an API key, the name, work email, organisation, and billing details needed to run the service. Lawful basis: performance of a contract (Article 6(1)(b)) and, for billing records, our legal obligations (Article 6(1)(c)).
  • Usage and technical data. Request logs, API usage counts, IP address, and basic device and browser information, used to operate, secure, and meter the service. Lawful basis: legitimate interest in running a secure, reliable service (Article 6(1)(f)).

We do not sell personal data, and we do not use enquiry or account data for unrelated marketing without your consent.

4. Cookies and analytics

The website sets only the cookies needed to function (for example, to keep you signed in). We measure site usage with privacy-first analytics that do not build cross-site advertising profiles. We do not run advertising trackers. If we ever add non-essential cookies, we will ask for your consent first.

5. Personal data in the scoring APIs

What the APIs process depends on the product and on what you, the customer, send:

  • Bot Detection scores standard HTTP request metadata only. It sets no cookies, runs no fingerprinting scripts, and does not store personal data.
  • UK Postcode Intelligence returns postcode-level aggregates built from public open data. The smallest unit attributed is the postcode (around 15 households on average), so a response does not identify a person.
  • Lead Scoring and Aegis (transaction screening) process the request payload you send, which may include personal data such as an email, phone number, or transaction details. For this data we act as your processor: we process it only to return the score or screening result, on your instructions, and we do not use your request data to train our models without your written agreement.

6. Who we share data with

We share personal data only with service providers (sub-processors) who help us run the service, under contracts that require them to protect it and use it only as instructed. These currently include our cloud hosting provider, our database and authentication provider, our forms provider (KirokuForms) for the contact form, our analytics provider, and an email provider. We will provide the current sub-processor list on request. We may also disclose data where required by law.

7. International transfers

Some of our providers are based outside the UK and the EEA, including in the United States. Where personal data is transferred outside the UK, we rely on a UK adequacy decision where one applies, or on the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum, together with appropriate safeguards.

8. How long we keep it

We keep enquiry data for as long as needed to handle your enquiry and a reasonable period after. We keep account and billing records for the life of the account and for as long as tax and accounting law requires (generally six years). API request logs are kept for a limited operational and security window and then deleted or aggregated. For data we process on your behalf, retention is governed by your agreement, and we delete or return it on termination as set out there.

9. How we keep it safe

We use encryption in transit, scoped API tokens, access controls limited to those who need them, and data minimisation (the Bot Detection and Postcode APIs are built not to handle personal data at all). No system is perfectly secure, but we take appropriate technical and organisational measures under UK GDPR Article 32.

10. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you, and get a copy;
  • have inaccurate data corrected, and incomplete data completed;
  • have your data erased in certain circumstances;
  • restrict or object to processing based on legitimate interests;
  • data portability, where processing is based on consent or contract;
  • withdraw consent at any time, where we rely on consent;
  • not be subject to a decision based solely on automated processing that produces legal or similarly significant effects, except as allowed by law.

To exercise any of these, email privacy@akilima.tech. We respond within one month. If your request concerns data we process on a customer's behalf, we will direct you to that customer (the controller). You can also complain to the ICO at ico.org.uk, though we ask that you raise it with us first.

11. Children

Akilima is a business product and is not directed at children. We do not knowingly collect personal data from anyone under 16.

12. Changes to this policy

We may update this policy. The date at the top shows the last change. For material changes that affect you, we will give notice through the service or by email where appropriate.