Privacy Policy

Last updated: February 2026

The AI Income Project ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, how we store it, and your rights under the UK General Data Protection Regulation (UK GDPR).

1. Data Controller

The data controller responsible for your personal data is The AI Income Project. You can contact us at aiincomeproject.team@gmail.com.

2. What Data We Collect

We collect the following personal data:

  • Name and email address — when you create an account, make a purchase, submit a contact form, book a consultation, or take our automation audit.
  • Account information — if you create an account, we store your email address and display name to provide access to your dashboard, purchased products, and order history.
  • Form responses — answers you provide in our automation audit quiz.
  • Message content — any messages you send via our contact or booking forms.

We do not collect payment card details. All payment processing is handled securely by Stripe. We never see, store, or have access to your card information.

3. Why We Collect Your Data (Legal Basis)

  • Contract performance: To process your purchases and deliver digital products to you.
  • Legitimate interest: To respond to your enquiries and provide customer support.
  • Consent: For any optional cookies beyond those strictly necessary for the site to function.

4. How We Store Your Data

  • Account data, audit quiz responses, and purchase records — stored in Supabase, a hosted PostgreSQL database. Supabase is SOC 2 Type II certified and GDPR compliant. We have reviewed and signed Supabase's Data Processing Agreement (DPA). You can read their full Privacy Policy. Access to the database is restricted to the business owner via Row Level Security policies.
  • Contact form submissions — processed by Netlify Forms and forwarded to the business owner via email. Submissions are stored in Netlify's infrastructure. Netlify is GDPR compliant and their Data Processing Agreement (DPA) is incorporated into their terms of service.
  • Consultation bookings — stored in Google Calendar only, for scheduling purposes. No separate database is used.
  • Payment card details — held by Stripe only. We do not store or have access to your card information. A record of your purchase (product name, amount, and email) is stored in our database for order history purposes.

We do not share access to any of this data with third parties beyond the processors listed below.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Supabase — database hosting and authentication. Privacy Policy | DPA
  • Stripe — payment processing. Privacy Policy
  • Netlify — website hosting, serverless functions, and contact form processing. Privacy Policy | DPA
  • Cloudflare Turnstile — bot protection on forms (no tracking cookies).
  • n8n — workflow automation for order delivery and form processing.

6. Data Retention

We retain your personal data for the following periods:

  • Account data: retained for as long as your account is active. You can delete your account at any time from your dashboard settings.
  • Purchase records: 6 years (as required for UK tax and accounting obligations).
  • Contact form submissions: 12 months, then deleted.
  • Audit quiz responses: 12 months, then automatically deleted via an automated GDPR cleanup process.
  • Consultation bookings: retained in Google Calendar as past events. You can request removal at any time.

7. Your Rights

Under the UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct any inaccurate data.
  • Erasure — ask us to delete your personal data (subject to legal retention requirements).
  • Restriction — ask us to limit how we use your data.
  • Portability — request your data in a portable format.
  • Objection — object to processing based on legitimate interest.

To exercise any of these rights, email us at aiincomeproject.team@gmail.com. We will respond within 30 days.

8. Cookies

We use only essential cookies required for the website to function (e.g., Cloudflare Turnstile for bot protection, Stripe for payment processing). We do not use analytics or advertising cookies. For more details, see our Cookie Policy.

9. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

10. Contact

For questions about this privacy policy, please contact us at aiincomeproject.team@gmail.com.