Back to Home
Legal

Privacy

Privacy Policy

Last updated: 5 May 2026

This notice explains how Rogue Systems Ltd(“we”, “us”) collects and uses personal data when you visit roguesystems.ai, contact us, or engage us for work. We’re committed to handling your data carefully and only for the purposes set out below. We process personal data in accordance with the UK GDPR, the Data Protection Act 2018, and the Data (Use and Access) Act 2025 as it comes into force.

1. Who we are

We are the data controller for personal data we collect through this site and our client work.

  • Company: Rogue Systems Ltd
  • Company number: 16492612 (registered in England and Wales)
  • Registered office: 124 City Road, London, EC1V 2NX, United Kingdom
  • Privacy contact: hello@roguesystems.ai

2. What we collect

We collect the minimum data we need. Specifically:

  • Booking form & enquiries.Your name, email address, company (optional), the service you’re interested in, your preferred date and time, and any project details you choose to share.
  • Email correspondence. Anything you send to hello@roguesystems.ai, including your email address, name (if provided), and message contents.
  • Client engagement data. Where we work with you on a project, we collect the information you share with us about your business, users, brand, or systems for the purpose of delivering the work.
  • Technical data. Your IP address (briefly, for rate-limiting and abuse prevention), browser/device metadata sent automatically by your browser, and standard server access logs.
  • AI features. If you interact with AI-powered parts of the site (chat, blog generation, site analysis tools), the prompts and content you submit are sent to our AI provider for processing.

We do notuse third-party advertising trackers, social-media pixels, or analytics cookies. We use a single short-lived security cookie (CSRF token) that’s strictly necessary for forms to work safely. If we ever change this — for example, by adding privacy-friendly analytics — we’ll update this notice and, where required by law, ask for your consent before setting any non-essential cookies.

3. Why we use it (and our lawful basis)

  • To respond to enquiries and arrange calls. Lawful basis: taking steps at your request prior to entering a contract (UK GDPR Article 6(1)(b)) or our legitimate interest in responding to people who contact us (Article 6(1)(f)).
  • To deliver client engagements. Lawful basis: performance of our contract with you (Article 6(1)(b)).
  • To meet legal and accounting obligations. Lawful basis: legal obligation (Article 6(1)(c)) — for example, retaining invoices for the period required by HMRC.
  • To keep the site secure. Lawful basis: legitimate interest (Article 6(1)(f)) in protecting our systems from abuse, fraud, and unauthorised access.

4. Who we share it with

We don’t sell your data. We share it only with service providers that help us run the business, under appropriate contracts:

  • Microsoft — email (Microsoft 365) and cloud services (Azure). Booking submissions and correspondence are handled in our Microsoft 365 tenant.
  • xAI — provides the AI models that power chat and content-generation features on the site. Inputs to those features are processed by xAI in order to return a response.
  • Hosting and infrastructure providers — the servers that run this site and our internal tooling, including standard access logs.
  • Professional advisers — accountants, lawyers, or auditors where strictly necessary.
  • Authorities — where we are legally required to disclose information (for example, to HMRC, the police, or a court).

5. International transfers

Some of our providers (notably xAI) are based outside the UK, primarily in the United States. Where personal data is transferred outside the UK, we rely on the safeguards available under UK data protection law — typically the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, an applicable UK adequacy decision, or any other transfer mechanism approved under UK data protection law (including any new framework introduced by the Data (Use and Access) Act 2025).

6. How long we keep it

  • Enquiries that don’t lead to a project: typically up to 12 months, then deleted.
  • Active client work: for the duration of the engagement plus a reasonable period afterwards for support and reference.
  • Financial records (invoices, contracts): 6 years from the end of the relevant accounting period, as required by UK tax law.
  • Server logs: short retention (typically days to weeks) for security and debugging.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased in certain circumstances.
  • Restrict or object to how we use your data.
  • Receive your data in a portable format where applicable.
  • Withdraw consent at any time, where we’re relying on consent (this won’t affect processing already carried out).

To exercise any of these rights, email hello@roguesystems.ai. We’ll acknowledge within a few working days and respond substantively within one month, in line with UK GDPR. We may extend that period by up to two further months for complex or numerous requests, and we’ll tell you if we do.

If something’s gone wrong, please tell us first.If you’re unhappy with how we’ve handled your data or responded to a request, email hello@roguesystems.ai with the subject line “Data protection complaint”. We’ll review the complaint, respond within 30 days, and aim to put things right.

You also have the right to lodge a complaint directly with the UK Information Commissioner’s Office at any time: ico.org.uk (helpline: 0303 123 1113). The Data (Use and Access) Act 2025 expects controllers to give you a route to complain to us first — that’s the route above.

8. Security

We use technical and organisational measures appropriate to the risk: encrypted transport (HTTPS), CSRF protection, rate-limiting, least-privilege access for our team, and reputable cloud providers. No system can be guaranteed perfectly secure, but we take it seriously and review our practices regularly.

9. Automated decisions and direct marketing

We don’t make decisions about you that produce legal effects, or similarly significant effects, based solely on automated processing (including profiling) within the meaning of UK GDPR Article 22. Our AI features generate content from your prompts — they don’t decide things about you.

We don’t send unsolicited marketing emails. If we ever want to send you marketing (for example, an occasional update about new services), we’ll do so only with your consent or under PECR’s “soft opt-in” for existing customers, and every message will include a clear way to unsubscribe.

10. Children

This site and our services are aimed at businesses. We don’t knowingly collect personal data from anyone under 18. If you believe we hold data about a child, please contact us so we can remove it.

11. Changes to this notice

We may update this notice from time to time. The version date at the top reflects the most recent change. For material changes that affect your rights, we’ll let you know directly where reasonably practical.

12. Contact

Privacy questions or requests: hello@roguesystems.ai
Postal: Rogue Systems Ltd, 124 City Road, London, EC1V 2NX, United Kingdom.

Read our Terms & Conditions →← Home