Introduction

Thrive (“we,” “us,” or “our”) provides machine‑learning and artificial‑intelligence consulting services. Protecting the privacy of our customers, website visitors, and other users of our services is important to us. This Privacy Policy describes how we collect, use and share personal information when you interact with our websites, contact us or engage us to provide services. It applies to our activities as a “data controller” (when we decide how and why personal data is processed) and, where indicated, to our activities as a “processor” when we handle personal data on behalf of customers.

This document is for general informational purposes and does not constitute legal advice. Our services and practices may evolve over time and we may update this policy accordingly. When we make material changes, we will notify you and indicate the effective date at the top.

Personal Data We Collect

We collect different types of personal data depending on how you interact with us:

  • Contact and account information.If you contact us, sign up to receive updates or create an account, we collect information such as your name, company, email address, telephone number and any other information you choose to provide.
  • Service usage information. When you visit our websites or use our applications, we collect technical information, including IP address, browser type, device identifiers and pages visited. We may also collect information about how you interact with our emails or marketing materials.
  • Customer data.When we provide consulting services or operate AI/ML models for customers, we may process personal data contained in the datasets you provide.In those circumstances you act as the “controller” and we act as the “processor.”Our obligations when acting as a processor are set out in our Data Processing Agreement.
  • Cookies and similar technologies.Our website uses cookies, pixels and scripts to help it function and analyse traffic.Cookies are small text files placed on your device.They allow the website to recognise your browser and remember settings or preferences .For more details see our separate Cookie Policy.

How We Use Personal Data

We only process personal data where we have a valid legal basis and a business need.Under the UK GDPR and EU GDPR, data controllers must explain the lawful grounds on which they rely .Depending on the context, we may process your personal data:

  • With your consent.For example, if you opt in to receive marketing emails, we use your contact details to send them.You can withdraw your consent at any time.
  • To perform a contract.We use personal data to deliver services, respond to enquiries and carry out our contractual obligations .
  • For legitimate interests.We process data to run and improve our business, develop new services, analyse website usage and market our offerings, provided that these interests do not override your rights .
  • To comply with legal obligations.We may process data to meet our responsibilities under the law (for example, to maintain financial records or respond to requests from regulators) .
  • To protect vital interests.In rare cases we may process data to prevent harm or protect the safety of individuals .


When we process customer data on your behalf, we do so only on documented instructions and in accordance with our Data Processing Agreement .


How We Share Personal Data


We do not sell personal data.We share data only as necessary for the purposes described in this policy:

  • Service providers.We use third‑party providers for functions such as cloud hosting, analytics, email delivery and billing.They may access your personal data only to perform services on our behalf and under contractual obligations to protect it .
  • Business transfers.If we engage in a merger, acquisition, restructuring or sale of assets, your data may be transferred as part of that transaction, subject to confidentiality obligations .
  • Legal requirements.We may disclose data to law enforcement or regulators where required by law or to protect the rights and safety of us or others .


We do not use customer data to train our machine‑learning models without your explicit authorisation .


International Data Transfers


We are based in the United Kingdom but work with clients and vendors around the world.Consequently, your personal data may be transferred to countries outside the UK or European Economic Area.When we do so, we ensure appropriate safeguards are in place.For example, we may rely on adequacy decisions, the UK international data transfer addendum to the Standard Contractual Clauses or the Data Privacy Framework .We remain responsible for protecting personal data and will take reasonable steps to ensure it is handled securely.


Data Retention


We retain personal data only as long as necessary to fulfil the purposes for which it was collected or to comply with legal and accounting obligations.If we process personal data on behalf of a customer, we will delete or return it upon termination of the services, unless retention is required by law or agreed otherwise.Our Data Processing Agreement sets out specific retention periods and deletion procedures .


Security Measures


We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse or alteration.Measures include encryption of data in transit, access controls, role‑based permissions, secure software development practices and incident response procedures .While we strive to protect your information, no system can be guaranteed 100 % secure.If we experience a personal data breach we will notify affected individuals and authorities as required by law .


Your Rights


Depending on where you are located, you may have rights under applicable data‑protection laws, such as the UK GDPR and the Data Protection Act 2018.These rights may include:

  • Access.You can request confirmation of whether we process your personal data and obtain a copy.
  • Rectification.You may ask us to correct inaccurate or incomplete personal data.
  • Erasure.You can request deletion of your personal data, subject to certain exceptions.
  • Restriction.You may request that we restrict processing of your data in certain circumstances.
  • Objection.You can object to our processing where we rely on legitimate interests.
  • Portability.You can request that we transfer personal data you provided to another organisation.
  • Withdraw consent.Where we process data on the basis of consent, you may withdraw it at any time.


We will consider all requests and respond in accordance with applicable laws .To exercise your rights, please contact us using the details below.


Children’s Privacy


Our services are intended for business users.We do not knowingly collect personal data from children under 13 years of age.If you believe we have collected information from a child, please contact us and we will take appropriate steps to remove it.


Changes to this Policy


Privacy law in the UK continues to evolve.For example, the Information Commissioner’s Office is updating guidance following the Data (Use and Access) Act 2025 .We may update this Privacy Policy from time to time to reflect legal or operational changes.If we make material changes we will notify you by posting the updated policy and, where appropriate, sending you a direct communication.


Contact Us


If you have any questions or requests regarding this Privacy Policy or our data‑handling practices, please contact:


Thrive AI/ML Consultancy
Long Eaton, England, United Kingdom
Email: privacy@thrive‑ai.co.uk

Start a project

Practical AI systems for teams shipping in production.

Strategy, implementation, and enablement from one partner. We help teams move faster with less risk.

Book intro call View services
Thrive.

AI and machine learning solutions for enterprise teams.

chat@thrivegroup.ai +442045386635

© Thrive 2026. All rights reserved.