Legal
Privacy Notice
Last updated: 4 July 2026
Who we are and our role
economAIcs Group Ltd is a company registered in England and Wales under company number 17165141, with its registered office at The Kiln, 2 Copenhagen Street, Worcester, WR1 2HB. We operate economaicsgroup.com and the economAIcs platform, an AI-powered procurement intelligence system that helps public transport operators, technology companies and consultancies discover, analyse, write and manage competitive tenders.
economAIcs Group Ltd is the data controller for the personal data described in this notice: the data we collect through our website, enquiries, the Bid Mechanics Diagnostic, the Intelligence Report subscription, and the account and identity data of platform users.
For the content our clients upload to the platform (their bid history, tender documents and the personal data within them), economAIcs acts as a data processor on the client's instructions under a separate Data Processing Agreement. That processing is governed by the DPA and the client's own privacy notice, not this one.
Executive accountability for data protection at economAIcs Group Ltd sits with our Chief Executive Officer. Our data-protection contact is privacy@economaicsgroup.com.
What we collect and why, and our lawful basis
- Booking and enquiry data
- when you book a walkthrough or contact us (via Google Calendar or forms), we collect your name, email and anything you provide, to arrange and respond to you. Lawful basis: legitimate interests, or steps to enter into a contract.
- Diagnostic submissions
- when you complete the Bid Mechanics Diagnostic, we collect your name, email, organisation, role and your responses (submitted via n8n) to generate your output and follow up. Lawful basis: consent.
- Intelligence Report subscription data
- your name and email, to send the report you asked for. Lawful basis: consent.
- Website usage data
- standard technical data (such as IP address, browser and pages visited) for security and, where you accept analytics cookies, to understand site usage. Lawful basis: legitimate interests for security; consent for analytics.
- Account and identity data (platform users)
- to provide and secure the platform. Lawful basis: contract performance.
We do not sell personal data, and we do not use it for advertising.
Automated decision-making
Our platform scores tenders and opportunities, not individuals. We do not carry out automated decision-making that produces legal or similarly significant effects on you as an individual, and we do not enrich, or build profiles of, individuals from third-party or public sources.
How long we keep your data
Booking and enquiry data: 24 months from last contact. Diagnostic submissions: 24 months from submission (earlier on request). Intelligence Report subscriber data: while you subscribe and 12 months after unsubscribing. Website usage data: up to 26 months. Account and identity data: for the life of the account.
Client platform data is processed for the duration of the client contract. On termination, the client's data is made available for export for 30 days and then deleted, in line with the client agreement and the DPA, save for residual copies in routine backups, which are overwritten in the ordinary course, unless we are required by law to retain it.
Who we share your data with (recipients and sub-processors)
We use the recipients and sub-processors below to run our website and platform. We never allow our AI providers to train on your data.
- Google (Workspace)
- our email and document suite, calendar booking, meeting management and subscription forms; may process business personal data within our communications and documents.
- Google (Analytics)
- privacy-friendly website analytics (Google Analytics 4) to understand site usage, loaded only if you accept analytics cookies; IP addresses are anonymised and we do not use it for advertising. US-based (see International transfers).
- Vercel
- hosting and delivery of economaicsgroup.com (global edge network) and the economAIcs platform application (UK / London region).
- Supabase
- UK-hosted (London / eu-west-2) database and storage for platform data.
- Anthropic
- AI inference within the platform; processes inputs at the point of a query and does not train its models on the data. US-based (see International transfers).
- OpenAI
- generates the numerical embeddings that power search and retrieval; processes text for that purpose only and does not train its models on the data. US-based.
- n8n
- workflow automation and orchestration within the platform and for diagnostic submissions (EU-hosted).
- Langfuse
- technical performance monitoring, where enabled. Receives only non-content technical data (anonymous trace identifiers and numeric scores), never documents, queries or answers.
- Railway
- backend hosting and document text-extraction (OCR); processes uploaded documents solely to deliver the service. US-headquartered with an EU (Amsterdam) deployment region.
- Postmark
- transactional and account emails; processes your email address only, never client platform content. US-based.
- Attio
- our customer-relationship management system; processes business-contact data of prospects and contacts.
- Notion
- our internal workspace and knowledge base; may hold business-contact and account records.
- PandaDoc
- electronic signature for contracts; processes the names and email addresses of signatories.
International transfers
Most of your personal data is stored in the UK. Some sub-processors are based in, or process data in, the United States, in particular Anthropic and OpenAI (AI inference and embeddings), Google (Analytics, where you accept analytics cookies), Postmark (transactional email), and Railway (backend host; our deployment region is the EU but Railway is US-headquartered and may process limited data in the US).
Where personal data is transferred to a country without UK adequacy status, we rely on the UK International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses as amended by the UK Addendum, together with a transfer risk assessment, which we are preparing. You can request a copy of the relevant safeguards from privacy@economaicsgroup.com.
We minimise the personal data sent to our AI sub-processors and rely on their contractual no-training terms. Operator structured personal data (emails, phone numbers, national-insurance numbers, postcodes, payment details) and known account-user identities are removed from text before it is sent to the AI sub-processors, enforced at the call boundary and verified by automated tests; free-text personal names are minimised on a best-effort basis.
Your rights
You have the right to access, correct, delete, restrict or object to processing of your personal data; to data portability; and to withdraw consent where processing is based on consent. To exercise any right, contact privacy@economaicsgroup.com; we will respond within one month.
Where you ask us to erase your personal data, we will acknowledge your request within 72 hours and complete the erasure within 30 days, unless we are legally required to keep the data or another exemption applies, in which case we will tell you what we are retaining and why.
If you are unhappy with how we handle your data, please raise it with us first; you also have the right to complain to the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (ico.org.uk).
Cookies
We use strictly necessary cookies to run the website and maintain your session. We also use privacy-friendly analytics (Google Analytics 4) to understand how the website is used. Analytics cookies are set only if you accept them in our cookie banner: until you accept, none are set, and if you decline, none are set. We do not use advertising or cross-site tracking cookies. You can change your choice at any time by clearing this site's cookies and local storage in your browser.
Data security, the Procurement Act, and breaches
Data is encrypted in transit and at rest; platform data is hosted in the UK (London / eu-west-2) with access controls and regular security reviews. We are built against the SOC 2 and ISO 27001 control families and are not yet formally certified; Cyber Essentials is targeted for Q3 2026. Our citation trail and audit logs are designed to support the transparency obligations of the Procurement Act 2023 and PPN 017.
If a personal data breach occurs, we will notify the ICO where required within 72 hours of becoming aware, and notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms.
Changes and contact
We may update this notice to reflect changes in our services or the law; the date at the top indicates the last update. Contact: privacy@economaicsgroup.com (data protection) or hello@economaicsgroup.com (general).
economAIcs Group Ltd
The Kiln, 2 Copenhagen Street, Worcester, WR1 2HB
privacy@economaicsgroup.com
Company number: 17165141