GDPR Compliance
Statement
Your privacy comes first. We design and run AI chat solutions that are GDPR-first, UK-hosted, and minimal by default. This statement explains what we collect, why, how we protect it, and your rights.
Who we are
Thinking ForWord Ltd ("we", "us"). We provide AI chat assistants for websites, staff knowledge hubs, and learning tools.
Controller vs Processor
- We act as controller for our own website, demos, and marketing
- We act as processor for client deployments, following each client's instructions and data-sharing agreement
What we collect
Minimal, purpose-based. We only collect what we need to run the service and improve it.
- Usage data: page views, clicks, basic device info, and anonymised chat metrics
- Chat content: not stored by default. If a user chooses to email or download a transcript, we process that action and the transcript may be sent to them or their chosen address
- Contact details (e.g., name, email) only when you provide them to request a demo, support, or a follow-up
Lawful bases for processing
- Contract: to provide and support the services you request
- Legitimate interests: to keep services secure, fix issues, and understand high-level usage (balanced against your rights)
- Consent: where required (e.g., certain cookies or marketing). You can withdraw consent at any time
Data security
UK-hosted by default.
- UK data residency by default for our hosting
- Encryption in transit (HTTPS/TLS) and at rest for applicable systems
- Access controls, audit trails, and least-privilege practices
- No persistent chat storage unless a user opts in by emailing/downloading their transcript
Your rights
Under UK GDPR / GDPR, you can exercise these rights at any time:
To act on your rights, contact us (details below). We'll respond without undue delay.
Data retention
We keep personal data only as long as needed for the stated purpose or as required by law.
Chat content is session-based and not stored by default. If you export/email a transcript, that copy will be processed to fulfil your request and retained only as necessary for delivery, security, and audit obligations.
International transfers
If we transfer data outside the UK/EEA (for example, for specific sub-processors or resilience), we use approved safeguards such as UK IDTA or EU Standard Contractual Clauses (SCCs), plus additional measures where appropriate.
Cookies and similar tech
We use only the cookies or local storage needed to run the service and improve performance. Where consent is required, we'll ask for it. You can manage preferences in your browser and (where present) our cookie banner.
Sub-processors
We use carefully selected providers for hosting, security, and service delivery. Each is under contract with appropriate data protection terms. A current list is available on request. For client deployments, we follow the client's approved vendor list.
Children
Our services are designed for organisations and adult users. If you believe a child has provided personal data to us, contact us so we can act promptly.
Updates to this statement
We may update this page to reflect changes in law or how we run the service. Significant changes will be signposted. Please check back from time to time.
Contact & complaints
info@thinkingforword.com
+44 7958 787 464
ICO: You have the right to complain to the UK Information Commissioner's Office if you're unhappy with how we process your data.
For more detail on cookies, retention periods, and sub-processors, see our full Privacy Policy.