Privacy Policy
How we collect, use and protect your personal information, and the rights you have over it.
Last updated: 23 June 2026
Who we are
AILORA LIMITED (“ai-lora”, “we”, “us”) is the data controller responsible for the personal information collected through ai-lora.com.
We are a company registered in England and Wales (company number 16660447), registered office 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom, VAT number GB 505 6462 01. We are registered with the UK Information Commissioner's Office (ICO) under reference ZC049520. You can reach us about any privacy matter at hello@ai-lora.com.
Scope of this policy
This policy explains how we handle personal data for visitors worldwide. We comply with the UK GDPR and the Data Protection Act 2018, the EU GDPR (Regulation 2016/679) for visitors in the EEA, and US state privacy laws including the California Consumer Privacy Act as amended by the CPRA. Where other national or state privacy laws apply to you, we honour the equivalent rights they grant.
Information we collect
We collect only what we need to run the site and respond to you:
- Contact details you submit — your name, email address, an optional budget range and the message you send through the contact form.
- Assistant conversations — the messages you type into the on-site AI assistant, which are processed to generate a reply.
- Technical & security data — your IP address and basic request metadata, used briefly to rate-limit the assistant and contact form and to protect against abuse.
- Hosting logs — standard server logs (IP address, browser/user-agent, timestamps) kept by our hosting provider for security and reliability.
- Preferences — your light/dark theme choice, stored locally in your browser (not on our servers).
Why we use your information, and our legal bases
Under the UK and EU GDPR we rely on the following legal bases:
- To respond to your enquiry and take steps at your request before any engagement — legitimate interests, and where relevant the performance of, or steps prior to, a contract.
- To operate, secure and improve the website and assistant, and to prevent abuse — legitimate interests.
- To send service emails such as a reply to your enquiry — legitimate interests, or performance of a contract.
- To meet legal, accounting and regulatory obligations — compliance with a legal obligation.
- Where we ever rely on consent (for example, optional analytics), you can withdraw it at any time.
The AI assistant
The on-site assistant sends your messages to our AI provider (OpenAI) to generate a response. Conversations are processed server-side and are not used to build a profile of you. Please do not enter sensitive personal information (such as health, financial account or government ID details) into the assistant. For anything confidential, email us instead.
Cookies and similar technologies
We use only the storage strictly necessary to run the site (for example, remembering your theme). We do not set advertising or cross-site tracking cookies. If we add privacy-friendly analytics in future, we will update our Cookie Policy and request consent where the law requires it. See our Cookie Policy for details.
Who we share your information with
We do not sell your personal information and we do not share it for cross-context behavioural advertising. We use a small number of trusted service providers who process data on our behalf under contract:
- Vercel — website hosting and delivery.
- Neon — managed database where contact submissions are stored.
- OpenAI — processing assistant conversations to generate replies.
- Resend — sending transactional email (such as enquiry notifications), where enabled.
- We may also disclose information where required by law, to establish or defend legal claims, or to protect the rights and safety of others.
International data transfers
Some of our providers process data outside the UK and EEA, including in the United States. Where personal data is transferred internationally, we rely on appropriate safeguards — such as the UK International Data Transfer Addendum, the European Commission’s Standard Contractual Clauses, and adequacy decisions or recognised frameworks (e.g. the EU–US Data Privacy Framework) where applicable.
How long we keep your information
We keep contact submissions for as long as needed to handle your enquiry and for a reasonable period afterwards (normally up to 24 months), then delete them, unless we must keep them longer to meet a legal obligation. Security and rate-limiting data is short-lived. Hosting logs are retained for a limited period by our provider.
Your rights under UK and EU GDPR
If you are in the UK or EEA, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data in certain circumstances.
- Restriction — ask us to limit how we use your data.
- Portability — receive certain data in a portable format.
- Object — object to processing based on legitimate interests.
- Withdraw consent — where we rely on consent, withdraw it at any time.
- Not be subject to solely automated decisions producing legal or similarly significant effects — we do not carry these out.
Your rights under US state privacy laws
If you are a California resident, the CCPA/CPRA gives you the right to know what personal information we collect and why, to request access and deletion, to correct inaccurate information, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information, and we do not use it for cross-context behavioural advertising. We will not discriminate against you for exercising your rights.
Residents of other US states with privacy laws (such as Virginia, Colorado, Connecticut and Texas) have comparable rights, which we honour. We respect the Global Privacy Control (GPC) browser signal as a valid opt-out where applicable.
To exercise any of these rights, email hello@ai-lora.com. We will verify your request and respond within the timeframe required by law.
Children’s privacy
This site is intended for business audiences and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.
How we protect your information
We use reasonable technical and organisational measures to protect your data, including encryption in transit (HTTPS), access controls, keeping API keys and database credentials in a secure server-side environment, and limiting access to the people who need it. No method of transmission or storage is completely secure, but we work to protect your information and review our practices regularly.
Changes to this policy
We may update this policy as our site and the law evolve. The current version, with its “last updated” date, will always live on this page. Material changes will be made clear here.
How to contact us or complain
For any privacy question or to exercise your rights, email hello@ai-lora.com.
If you are in the UK and unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk. If you are in the EEA, you can complain to your local data protection authority. We would, however, appreciate the chance to address your concerns first.
AILORA LIMITED · Company no. 16660447 · VAT GB 505 6462 01
Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
ICO data-protection registration: ZC049520
Contact: hello@ai-lora.com