Privacy Policy: GDPR & Data Protection
Last updated: 12/06/2026
1. Who We Are
AireStream ("we", "us", "our") operates the website https://airestream.ai and provides AI visibility assessments, growth diagnostics, and system implementation services.
Company name: AIRESTREAM LTD
Registered address: 6 COCKCROFT MEWS, CHAPEL LANE, LEEDS, ENGLAND, LS6 3FG
Email: admin@airestream.ai
We are the data controller for the purposes of UK GDPR.
We are registered with the Information Commissioner's Office (ICO) under registration number ZC103113.
2. What Data We Collect
We may collect and process the following types of personal data:
a) Information you provide directly
Name
Email address
Company name
Job title
Phone number (if provided)
Website URL (submitted via the AI Discoverability Snapshot tool)
Information submitted via forms, calendars, or emails
b) Information collected automatically
IP address
Browser type and version
Pages visited and time spent
Referring website
This data is collected via cookies and analytics tools.
3. How We Use Your Data
We use your data to:
Respond to enquiries and book assessments
Deliver your AI Discoverability Snapshot report by email
Send a follow-up email related to your snapshot results (see Section 4 below)
Deliver Growth Assessments and Audits
Communicate about our services
Improve our website and content
Comply with legal obligations
We do not sell personal data.
4. Legal Basis for Processing
We process personal data under the following lawful bases:
Consent – when you submit a form or book a call
Legitimate interest – to operate and improve our business
Contract – where services are provided under agreement
Legal obligation – where required by law
AI Discoverability Snapshot: follow-up emails
When you submit your website URL and business email via our free AI Discoverability Snapshot tool, we will send you your report by email. We may also send one follow-up email related to your results, referencing similar services we offer.
This follow-up is sent under the soft opt-in provision of PECR (Regulation 22), which permits direct marketing to individuals who have provided their contact details in the course of enquiring about a service, provided the marketing relates to similar services and a clear opportunity to opt out was given at the point of collection.
You can opt out of further contact at any time by emailing admin@airestream.ai or by clicking the unsubscribe link in any email we send.
5. Cookies & Tracking Technologies
We use cookies and similar tracking technologies to provide and improve our website.
Types of cookies we use:
Essential cookies – Required for site functionality (cannot be disabled)
Analytics cookies – Help us understand how visitors use our site (Google Analytics 4)
Visitor identification cookies – Identify the organisation visiting our site (Apollo)
Third-party cookies – Embedded services like Calendly for scheduling
For detailed information about the specific cookies we use, their purpose, and how to manage your preferences, please see our Cookie Policy.
You can control your cookie preferences through:
Our cookie consent banner (shown on first visit)
Your browser settings
Contacting us at admin@airestream.ai
Note: Disabling cookies may affect website functionality.
6. Data Sharing and Third-Party Processors
We share data with the following trusted third-party service providers who help us operate our business. All third parties are contractually required to comply with UK data protection laws and only process data on our instructions.
AI model providers – Anthropic, OpenAI, Google, Perplexity and Microsoft (Azure OpenAI) (all USA). When you use our Snapshot tool or we deliver audit services, content such as website URLs and audit inputs may be processed by these providers' APIs to generate analysis. All are engaged on commercial API terms under which your data is not used to train their models, with data processing agreements incorporating UK transfer safeguards (UK Addendum / International Data Transfer Agreement, or certification under the UK Extension to the EU-US Data Privacy Framework).
Supabase (EU) – database and infrastructure provider. Stores lead data submitted via our Snapshot tool and website forms.
Resend (USA) – transactional email provider. Used to deliver your Snapshot report and any follow-up emails.
Notion (USA) – internal CRM and project management. Lead and client records may be stored in Notion.
Calendly (USA) – scheduling platform. When you book a Growth Assessment, your name and email are collected by Calendly.
Google Analytics 4 (USA) – website analytics. Collects anonymised usage data as described in Section 5.
Apollo.io (USA) – website visitor identification. Identifies the organisation visiting our site (and, in the United States, individuals) and records site activity, set only with your consent.
Netlify (USA) – website hosting. Processes IP addresses and request logs as part of standard web hosting.
Hetzner Online GmbH (Germany/Finland, EEA) – cloud infrastructure hosting our audit engine and working data, under an Article 28 data processing agreement.
Microsoft (USA/EU) – productivity, email and file storage (Microsoft 365), and AI analysis via Azure OpenAI in the audit engine, under the Microsoft Data Protection Addendum (one Microsoft DPA covers both).
Search and data-enrichment providers – Serper and SerpApi (search results), additional Google APIs (Places, PageSpeed Insights, Chrome UX Report, Search Console, Knowledge Graph), Trustpilot (reviews), Companies House (UK registry), and Wikimedia and Reddit (public sources) – used to measure how your brand appears across the web. These receive limited data such as your brand name, domain and public URLs; US providers are covered by UK transfer safeguards, and public-source lookups involve no account.
Sentry (USA; EU region available) – application error and performance monitoring, under a data processing agreement; personal data is redacted from diagnostics.
Slack (USA) – team messaging, including Snapshot and lead notifications, under a provider data processing agreement with UK transfer safeguards.
We do not sell personal data to third parties.
6a. Client Engagement Data
Where we deliver audit or implementation services to a business client and process personal data on that client's behalf (for example, details of client personnel provided in our kick-off questionnaire, or data accessed via Google Search Console or Bing Webmaster Tools), we act as a data processor for that client under a Data Processing Agreement. Our current sub-processor list is published at airestream.ai/sub-processors. For details, see "How We Handle Your Data".
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.
We retain personal data as follows:
Enquiry/prospect data: 24 months from last contact
Active client data: Duration of service plus 6 years (for tax and accounting purposes)
Marketing consent: Until withdrawn or after 3 years of inactivity
Website analytics: 26 months (Google Analytics default)
Audit engagement working data (questionnaire responses, website crawl data, analysis inputs and outputs): 12 months after delivery, then deleted or anonymised
Snapshot tool leads (email, website URL and generated analysis): deleted 12 months after submission, unless you become a client
Platform access (Google Search Console, Bing Webmaster Tools, analytics): revoked at the end of the engagement
Audit deliverables and contractual records: 6 years
You may request earlier deletion by contacting admin@airestream.ai
8. International Data Transfers
Some of our service providers process data outside the UK. Where we transfer personal data internationally, we rely on one of the following safeguards: UK adequacy regulations (for providers in the EEA, such as Hetzner and Supabase); the UK Extension to the EU-US Data Privacy Framework, where the US provider is certified; or the UK International Data Transfer Addendum / Agreement (IDTA) incorporated into the provider's data processing agreement. Copies of the relevant safeguards are available on request.
9. Children's Data
Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at admin@airestream.ai
10. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.
Our AI Discoverability Snapshot tool generates an automated score based on analysis of your website. This score does not constitute a legally significant decision and is provided for informational purposes only. You are free to disregard it or seek an independent assessment.
11. Your Rights
Under UK GDPR, you have the right to:
Access your personal data
Request correction or deletion
Object to processing
Request data portability
Withdraw consent at any time
To exercise these rights, contact: admin@airestream.ai
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk / 0303 123 1113. We would appreciate the chance to address your concerns first, so please contact us at admin@airestream.ai.
12. Data Security
We take reasonable technical and organisational measures to protect personal data against loss, misuse, or unauthorised access.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website.
14. Contact Us
If you have questions about this policy, contact:
Email: admin@airestream.ai
Address: 6 COCKCROFT MEWS, CHAPEL LANE, LEEDS, ENGLAND, LS6 3FG

