01Who we are
This site, digitopialabs.com, is operated by Digitopia Design Ltd, a company registered in England and Wales. Digitopia Labs is the trading name for our AI infrastructure work.
As the data controller, we determine how and why your personal data is processed. We're committed to handling it transparently and minimally - collecting only what we need, keeping it only as long as necessary, and never selling it or sharing it for marketing purposes.
02What data we collect
We collect personal data only in specific, limited circumstances. Here's exactly what we collect and when:
| Data type | When collected | Why |
|---|---|---|
| Name + email | You book a call or contact us | Reply to enquiries, schedule meetings |
| Company + role | You request a proposal or engage us | Tailor the engagement, invoice correctly |
| Billing details | You become a paying client | Process payments, issue invoices |
| Email + purchase record | You buy a ready-made skill | Give you access to what you bought, let you sign back in later, meet accounting obligations |
| Sign-in events | You sign in with a magic link | Keep your account secure (we email a link, we don't store a password) |
| Voice Match answers + writing sample | You use Voice Match | Generate your voice profile and let you return, edit, regenerate or delete it |
| Engagement content | During an active project | Deliver the work (brand materials, prompts, etc.) |
| Engagement intake answers + uploaded documents | You complete an Audit or Blueprint intake | Start the engagement from the right place and deliver it; files stored privately, deletable, never used to train |
| Email + scorecard answers | You complete the AI Scorecard | Send your result by email; if you tick the marketing box, enrol in the nurture sequence |
| Email + project answers | You use the AI Project Starter | Generate your one-page brief (your answers are processed by Anthropic's API) and email it to you; stored so we can run the tool fairly and improve it |
| Email + saved comparison link | You email yourself an AI Cost Calculator comparison | Send your saved comparison and cost tips by email - nothing else is stored |
| Marketing-consent record | You tick a marketing box (scorecard, Project Starter, Cost Calculator, or checkout) | Evidence when (and whether) you consented to marketing - timestamped on submission |
| UTM tags + referrer | You arrive via a tracked link (e.g. an ad) | Understand which campaigns send leads; stored alongside the scorecard or Project Starter submission |
| Site analytics | You visit the site | Understand what content is useful (anonymised) |
We don't ask for, or accept, any special category data (health, ethnicity, religion, etc.) unless it's genuinely necessary for an engagement and we have explicit consent.
03Lawful basis for processing
Under UK GDPR we must have a lawful basis for processing your data. We rely on the following bases:
- Contract - when you engage us for a paid product or retainer, we process the data needed to deliver the work and invoice for it.
- Legitimate interests- when you contact us via the booking form, one of the free tools (the AI Scorecard, the AI Project Starter, or the AI Cost Calculator), or email, we process your enquiry to respond. Our legitimate interest is responding to people who've contacted us. For the free tools specifically: you completed the tool and asked for the result by email, so sending that one email is processing in your interest - it doesn't enrol you in anything.
- Consent - for ongoing marketing emails (the nurture sequence that follows the scorecard or another free tool, updates about our ready-made skills if you buy one and tick the optional box at checkout, and our newsletter), we only enrol you if you've ticked the separate marketing consent box. We record the timestamp of that consent. You can withdraw it any time via the unsubscribe link in every marketing email, or by emailing us. Non-essential cookies (analytics, ad pixels) are also gated on consent via the cookie banner - see our Cookie Policy for detail.
- Legal obligation - we retain financial records (invoices, payments) for the period required by HMRC and UK accounting regulations.
04How we use your data
We use the data we collect for these specific purposes only:
- Responding to enquiries and scheduling discovery calls
- Delivering paid engagements (Audits, Blueprints, Sprints, Skills, retainers)
- Issuing invoices and processing payments
- Maintaining ongoing client relationships and retainer work
- Understanding which parts of our site are useful (via anonymised analytics)
- Complying with our legal and accounting obligations
Voice Match and your writing sample
Voice Match generates a “voice profile” from questionnaire answers and a writing sample you paste in. We store your answers and sample so you can return, edit and regenerate your profile. To generate the profile, your answers and sample are sent to Anthropic's API (the provider of the Claude model) for processing; we send only what's needed to generate your profile - not your email or account identifiers. We do not use your writing sample to train anything, we don't share it with anyone else, and our staff don't read it in the ordinary course of business. You can delete your sample and profile from your account at any time, which removes them from our systems. Legal basis: performance of a contract.
What we don't do
We don't sell your data. We don't share it with advertisers. We don't add you to a mailing list without asking. We don't use AI training services that ingest customer data. If you've engaged us for client work, we don't reference your engagement publicly without your explicit permission, given in writing.
05Third-party services we use
To deliver the site and our services, we use a small number of carefully chosen third-party tools. Each one has its own privacy policy:
| Service | Used for | Data shared |
|---|---|---|
| Vercel | Site hosting | Standard request logs |
| Supabase (EU) | Database, magic-link sign-in, purchases, Voice Match profiles, and private storage for engagement source material | Email, purchase/entitlement records, sign-in, Voice Match answers + writing sample + generated profile, engagement intake answers + uploaded documents (private bucket), scorecard answers + score, Project Starter answers + generated brief, marketing-consent flag + timestamp, UTM tags |
| Resend | Transactional email (scorecard results, Project Starter briefs, Cost Calculator comparisons, purchase access + receipts) | Email address + the email contents |
| MailerLite | Marketing emails (only with your consent) | Email; for free-tool leads, which tool you used (and for the scorecard, your verdict/score band); for skills buyers who opt in, which skills you own and your licence type - only if you ticked the marketing box |
| Cal.com | Call scheduling | Name, email, call details |
| Stripe | Payment processing | Billing details, payment info |
| Google Workspace | Email + docs | Client communications |
| Anthropic (Claude) | AI infrastructure work; Voice Match profile generation; Project Starter brief generation | Client engagement content during active delivery; for Voice Match, your questionnaire answers + writing sample; for the Project Starter, your project answers (none of it used for training) |
| Cloudflare Turnstile | Bot protection on the free tools | Browser and interaction signals used to tell humans from bots; no account data |
| Google Analytics 4 | Site analytics (consent-gated) | Aggregate page-view data, no PII sent |
| PostHog (EU) | Product analytics, session replay with inputs masked (consent-gated) | Page-view + interaction data, no PII sent |
| CookieYes | Cookie consent management | Anonymous consent record |
| Advertising measurement (consent-gated, when campaigns live) | Ad-click attribution data |
We only use third-party services where we've reviewed their privacy practices and they meet UK GDPR requirements. We don't share your data with any third party for marketing purposes.
06How long we keep your data
We keep personal data only for as long as we need it for the purposes set out above, then we delete it.
- Enquiry contacts - kept for 12 months after our last contact, then deleted
- Active client data - kept for the duration of the engagement plus 6 months
- Invoices and financial records - kept for 7 years to comply with HMRC requirements
- Skill purchase records + account entitlements - kept while your account is active so you keep access to what you bought; the underlying payment records are held for 7 years under the accounting rules above
- Voice Match data (answers, writing sample, generated profile) - kept while your account is active, or until you delete it. You can delete it at any time from your account, which removes it from our systems
- Engagement deliverables (the work we produce for you) - typically deleted within 90 days of project completion (you retain ownership; we don't need long-term copies). This is separate from the source material you upload, covered under Retention and deletion below.
- Scorecard submissions - kept for 24 months from the submission date, then deleted. If you opted into marketing, we also keep the consent timestamp for that long as evidence of the lawful basis for emailing you.
- Marketing subscriber records (MailerLite) - held until you unsubscribe, or for 24 months of inactivity (no opens / clicks), whichever comes first; then removed.
- Site analytics - anonymised at point of collection; not associated with you personally
You can request earlier deletion at any time (see “Your rights” below).
07Your rights
Under UK GDPR you have the following rights regarding your personal data:
- Right of access - get a copy of the personal data we hold about you
- Right to rectification - correct inaccurate or incomplete data
- Right to erasure - ask us to delete your data (subject to legal retention requirements)
- Right to restrict processing - limit how we use your data
- Right to data portability - receive your data in a portable format
- Right to object - object to specific kinds of processing
- Right to withdraw consent - where we rely on consent, you can withdraw it anytime
To exercise any of these rights, email hello@digitopialabs.com. We'll respond within one month.
If you're unhappy with how we've handled your data, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk. We'd prefer you came to us first so we can put things right.
08Cookies
This site uses minimal cookies. Essential cookies (for site function) load automatically. Non-essential cookies (analytics) only load with your consent.
For full detail on what cookies we use and how to manage them, see our Cookie Policy.
09Children
Our services are designed for businesses and adult professionals. We don't knowingly collect data from anyone under 18. If you believe a child has provided us with personal data, contact us and we'll delete it.
10Changes to this policy
We may update this Privacy Policy from time to time - when our services change, when third-party tools change, or when legal requirements change. The “Last updated” date at the top of this page shows when changes were made.
For material changes that affect how we process your data, we'll notify active clients directly by email before changes take effect.
11When you work with us on an Audit or Blueprint
Intake answers
If you buy an engagement (such as the AI Audit or AI Blueprint), we ask structured questions about your business so the work starts from the right place. Your answers are stored against your account so you can return, edit and complete them, and so we can prepare for and deliver your engagement. Legal basis: performance of a contract.
Documents you upload
For some engagements we ask for source material - for example brand documents, existing content, or presentations. Files you upload are stored privately (Supabase Storage, access restricted to you and to us for delivery of your engagement), are never made public, and are never used to train anything. Please don't upload anything you're not permitted to share - if a document contains someone else's confidential or personal information, it's your responsibility to have the right to share it with us.
AI processing
We prepare and deliver engagements using AI tooling, including Anthropic's Claude, inside our own workspaces. That means your intake answers and uploaded documents may be processed by Anthropic's API on our instructions as part of delivering your engagement. As with Voice Match data, API inputs are not used by Anthropic to train models under the commercial terms we operate on.
Retention and deletion
Engagement materials are kept for the duration of the engagement and for up to 12 months after completion (so we can support you on what was delivered), then deleted. You can ask us to delete uploaded documents earlier at any time; before an intake is submitted you can delete it yourself from your account. Deleting removes the files from our storage, not just from view.
Confidentiality
Engagement materials are treated as confidential client information. They're accessed only for delivering and supporting your engagement, and only by the people doing that work.
12Contact us
For any questions about this Privacy Policy or how we handle your personal data, get in touch: