Privacy notice.

Flow Nexus AI(“we”, “us”) is a UK-based AI agency. The two founders, Archie Yoxall and Kieren Fox, are the joint data controllers for any personal data you give us through this website.

Contact: hello@flownexusai.co.uk. If we ever appoint a separate Data Protection Officer or register with the ICO, we’ll list those details here.

The only personal data we collect through this site comes from you using the contact form or emailing us. That data is:

• your name
• your business name
• your email address
• your phone number, if you choose to provide it
• which service you’re interested in
• the message you write to us

We use it for one thing: replying to your enquiry and, if it turns into a working relationship, delivering the work. That’s our lawful basis under UK GDPR Article 6(1)(b) — steps taken at your request prior to entering a contract.

We do not add you to a marketing list, sell your data, share it with third-party advertisers, or use it to train AI models.

When you submit the contact form, your message is delivered to our inbox via Resend, our transactional email provider. The website itself is hosted by Vercel in their UK / EU edge regions. Email itself is read in Microsoft 365 (or Google Workspace) on the founders’ devices.

Resend may transfer email content to the United States. The transfer is covered by Standard Contractual Clauses and the EU-US Data Privacy Framework. If you’d rather not have your message routed via a US-headquartered provider, email us directly and we’ll respond from our UK infrastructure.

Enquiries we don’t take forward are deleted from our systems within 12 months of last contact. Enquiries that become engagements are retained for the duration of the contract plus 6 years (HMRC record-keeping requirement).

Server-level access logs at Vercel are retained per Vercel’s defaults (typically 30 days for analytics aggregates, longer for billing-related event logs). We do not operate or retain our own visitor-level analytics database.

Under UK GDPR you have the right to:

• be told what we hold on you (right of access)
• correct anything that’s wrong (right to rectification)
• have your data deleted (right to erasure)
• restrict or object to how we use it
• have it ported to another provider
• complain to the Information Commissioner’s Office

To exercise any of these, email hello@flownexusai.co.uk. We’ll respond within one calendar month.

This site sets notracking, advertising, or analytics cookies. The only cookie-like storage on this domain is the strictly-necessary form-state used while you’re filling the contact form, which is cleared when you leave the page. See the cookies notice for details.

Once we start a paid engagement, the data we handle on your behalf (call recordings, customer records, governance minutes, etc.) sits under a separate Data Processing Agreement we’ll provide before any production system goes live. That DPA, not this notice, governs how we handle your customers’ data inside the systems we build for you.

If we materially change anything above, we’ll update the “Last reviewed” date and, where the change is significant, email anyone who has an active enquiry with us.