Privacy Policy
Last updated: 24 March 2026
Who we are
Evil Robot Industries Ltd (ERI) is a private limited company registered in England and Wales (No. 15805708). Registered office: 71-75 Shelton Street, London, WC2H 9JQ.
Contact: [email protected]
What data we collect
We collect and process the following types of data when you use this website.
Enquiries
When you use our enquiry agent, your conversation is stored to maintain continuity. A unique enquiry identifier is stored in your browser's local storage. This identifier is not used for tracking or analytics and expires after 28 days.
If you voluntarily provide personal details (name, email address, etc.), these are automatically separated from your conversation and deleted after 28 days. The remaining anonymised conversation data is retained for up to 90 days. This data is used to improve the enquiry agent only.
IP addresses
Your IP address is cryptographically hashed (one-way, irreversible) at the point of receipt. Only the hash is stored, solely for rate limiting purposes. We do not store, log, or process your raw IP address.
AI processing
Enquiries are handled by an AI agent. Before your message is sent for inference, personal information (such as names, email addresses, and phone numbers) is automatically detected and redacted. However, this process cannot guarantee detection of all sensitive data. Please do not share information beyond what is needed for your enquiry, such as financial details or identity documents.
Email verification
If you provide an email address during an enquiry, a one-time verification code is sent via a third-party transactional email service to confirm it is correct. Only your email address is shared with this service for the sole purpose of delivering the code. The code expires after 10 minutes.
Error monitoring and analytics
After you accept this privacy policy, a third-party application monitoring script is loaded to help us detect errors and understand how the site is used. This collects:
- Frontend errors — JavaScript exceptions and unhandled promise rejections
- Performance metrics — Core web vitals (page load speed, responsiveness, visual stability)
- Page views — which pages are visited and navigation patterns
- User interactions — clicks and form interactions (element metadata only, not input values)
- Console errors — browser error messages for diagnosing issues
We do not enable session replays, browser fingerprinting, or cross-session user identification. A randomly generated anonymous identifier is stored in your browser's local storage to associate events within a single session. This identifier is not linked to any personal data.
Cookies
This website does not use cookies.
We use browser local storage (a similar technology) for the following purposes:
Strictly necessary (do not require consent under PECR):
- Enquiry identifier — maintains your conversation with our enquiry agent. Expires after 28 days.
- Enquiry expiry — records when the enquiry identifier expires.
- Privacy consent — records that you have accepted this policy.
Enabled after consent:
- Anonymous session identifier — used by our error monitoring and analytics provider to associate events within a session. Not linked to any personal data.
Legal basis for processing
Under UK GDPR, we process personal data you provide during an enquiry on the lawful basis of legitimate interests (Article 6(1)(f)) — specifically, to respond to and manage your business enquiry.
Data retention
All data is automatically deleted after its retention period. No manual intervention is required.
| Data | Retention |
|---|---|
| Personal information (names, emails, etc.) | 28 days from last interaction (auto-deleted) |
| Anonymised conversation data | 90 days from last interaction (auto-deleted) |
| IP address hashes | 24 hours (auto-deleted) |
| Email verification codes | 10 minutes (auto-deleted) |
Categories of recipients
Your data may be processed by the following categories of third-party service providers, acting as data processors under appropriate agreements:
- AI inference providers — personal information is redacted before processing
- Transactional email providers — for delivering verification codes only
- Error monitoring and analytics provider — receives frontend errors, performance metrics, page views, and anonymised interaction data only after you accept this policy
Your rights
Under UK GDPR you have the right to:
- Access personal data we hold about you
- Request correction or deletion
- Object to processing
- Lodge a complaint with the ICO (ico.org.uk)
To exercise these rights, contact [email protected].
Changes to this policy
We may update this policy. The date above reflects the most recent revision.