Privacy Policy

Who we are

Doyle Automations is a sole trader business based in Derby, United Kingdom, operated by Shane Doyle. We provide AI automation services, including the Lead Rescue and Enquiry Catch product line for aesthetic clinics and other service businesses.

We are registered with the UK Information Commissioner's Office (ICO) as a data controller and data processor under registration number ZC118844.

Our role under UK GDPR

Our role depends on the context of the data processing:

• Data Controller — for personal data collected directly through our website (e.g. enquiry forms, marketing communications) and for our own business records.
• Data Processor — for personal data processed through automation systems we build and operate on behalf of our clients. In this context, our client is the Data Controller and we act under their instructions, governed by a Data Processing Agreement (DPA).

Data we collect

From website visitors and enquirers

• Name, email address, phone number, and business details you provide via forms or email
• Technical data such as IP address, browser type, and pages visited (via standard web analytics)
• Communications you send to us

From client automation systems we operate

When we build and operate a Lead Rescue or Enquiry Catch system for a client, the system processes data on behalf of that client. This may include:

• Names, contact details, and messages from people who interact with our client's Instagram, Facebook, website, or other channels
• Conversation transcripts between end users and the AI automation
• Booking enquiries and related contextual information
• Where the client operates an aesthetic clinic, this may include limited health-related information voluntarily shared by enquirers (e.g. interest in specific treatments)

We do not access this data routinely. Our clients retain full control of their data within the systems we provide. We will only access client data when explicitly requested in writing by the client (for example, to provide a support request or weekly performance log) and where permitted under our contract.

How we use your data

As a Data Controller, we use personal data to:

• Respond to enquiries and provide quotes
• Deliver our services and manage client relationships
• Send relevant marketing communications, where you have opted in
• Maintain business records and meet legal obligations

As a Data Processor, we process personal data strictly under our client's written instructions and only for the purposes set out in our Data Processing Agreement with that client.

Legal bases for processing

Under UK GDPR, we rely on the following legal bases:

• Legitimate interests — for general business operations, responding to enquiries, and improving our services
• Contract — to deliver services we have agreed to provide
• Consent — for marketing communications and any processing of special category data
• Legal obligation — to comply with applicable UK law

Sub-processors and third parties

To deliver our services, we rely on a small number of trusted sub-processors. These providers process personal data only on our instructions and under appropriate contractual safeguards:

• OpenAI — to generate AI responses within automation workflows. OpenAI processes message content but does not use it to train models on the business tier we operate under.
• Airtable — for structured data storage of conversation logs and CRM records.
• n8n — workflow automation infrastructure (self-hosted by us).
• Meta Platforms (Facebook & Instagram) — where automations integrate with Instagram or Facebook messaging.
• Twilio, Vapi, and Telnyx — where automations include SMS or voice functionality (used selectively and only where required).
• Google Workspace — for business email and document storage.

Some sub-processors are based outside the UK. Where this is the case, we rely on UK-approved transfer mechanisms such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.

How long we keep data

• Website enquiries — up to 24 months from last contact, unless you become a client
• Client records — for the duration of our contract plus 6 years for tax and legal purposes
• Data processed on behalf of clients — retained for up to 18 months within our systems, or as otherwise specified in the client's Data Processing Agreement
• Marketing data — until you unsubscribe

Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to legal exceptions)
• Restrict or object to certain processing
• Request data portability
• Withdraw consent at any time, where consent is the basis for processing
• Lodge a complaint with the Information Commissioner's Office (ico.org.uk)

If you wish to exercise a right relating to data processed by us on behalf of one of our clients, you should contact that client directly as they are the Data Controller. We will support them in responding to your request.

Security

We apply appropriate technical and organisational measures to protect personal data, including encrypted connections, access controls, authentication on all admin tools, and regular review of our sub-processors. Despite this, no system can be guaranteed to be completely secure. If a personal data breach occurs and presents a risk to individuals, we will notify the ICO and affected parties as required by law.

Cookies and analytics

Our website uses minimal cookies, primarily for essential functionality and basic analytics. We do not use advertising or tracking cookies. Where non-essential cookies are present, we will request your consent before they are set.

Changes to this policy

We may update this policy from time to time to reflect changes in our services, sub-processors, or legal requirements. The "Last updated" date at the top of the page will always reflect the most recent revision. Material changes will be communicated to active clients directly.

Contact us

For any questions about this policy, or to exercise your data rights, please contact us: