This privacy policy explains how Insequa Limited collects, uses, and protects your personal information. We may update this policy from time to time by updating this page, so please check back periodically to ensure that you are happy with any changes.

This policy applies to visitors to insequa.co.uk, clients of Insequa Ltd (consulting), and customers of Insequa AI Solutions (our AI-assisted software for social care providers).

Who we are

Insequa Limited is a company registered in England and Wales under company number 08174453, with its registered office at 155 Wellingborough Road, Rushden, Northamptonshire, NN10 9TB. We trade as Insequa Ltd for our consulting services and Insequa AI Solutions for our software products.

We are the controller of personal information collected through this website and in connection with our services.

Our Data Protection Officer is Bill Watson, contactable at billwatson@insequa.co.uk. For general privacy queries, email enquiries@insequa.co.uk or call 0115 896 3999.

What we collect

We may collect the following information:

• Name and job title
• Contact information, including email address and phone number
• Demographic information such as postcode, preferences and interests
• Information relevant to enquiries, customer surveys or offers
• Account credentials if you sign up to Insequa AI Solutions (your email and a salted, hashed password)
• Information you enter into Insequa AI Solutions about your social care service, including details of staff and residents — see the section below for how this is handled
• Website usage data, such as pages visited and basic browser information
• Records of our communications with you

What we do with the information we gather

We use this information to understand your needs and provide you with a better service. In particular:

• To respond to enquiries and provide consulting services or software products
• For internal record keeping
• To improve our products, services, and website
• To send you promotional emails about new products, offers, or information we think you may find interesting — only where you have agreed to receive these
• To contact you occasionally for market research, where you have agreed to be contacted
• To tailor the website according to your interests
• To meet our legal and regulatory obligations

Our lawful basis for using your information

Under UK GDPR, we must have a lawful basis for processing your personal information. We rely on the following:

Contract — where we need to process your information to provide a service to you or your organisation, or to set up an account

Legitimate interests — for routine business operations such as responding to enquiries, improving our services, and securing our systems, balanced against your rights

Consent — for marketing emails and for non-essential cookies. You can withdraw consent at any time

Legal obligation — for example, where we are required to keep records for tax or regulatory purposes

Where Insequa AI Solutions processes information about residents and staff on behalf of a customer care provider, your organisation is the controller and Insequa is the processor. The legal basis for that processing is set by your organisation, typically the provision of health and social care under Article 9(2)(h) UK GDPR.

How long we keep your information

Contact information for active clients and prospective clients: for the duration of the relationship and up to 6 years afterwards for accounting and legal reasons

Until you withdraw consent, plus a reasonable suppression list retention period to ensure we do not contact you again

Insequa AI Solutions account data: for the life of your account, then retained for up to 30 days after account closure and permanently deleted thereafter, as set out in the Customer Data Processing Agreement

Insequa AI Solutions customer content: deleted on customer request, or up to 30 days after account closure, with up to 14 days remaining in backups thereafter

Website analytics data: per the cookies section below

Insequa AI Solutions

Insequa AI Solutions is our AI-assisted software product that helps social care providers prepare their Provider Information Return (PIR) and related regulatory documentation. If you are a customer of this product, this section explains how we handle data within it.

Your organisation (the customer care provider) is the data controller for information you enter into the product about your service, staff, and residents. Insequa acts as the data processor under a Customer Data Processing Agreement which you accept on sign-up.

To deliver Insequa AI Solutions we use a number of third-party sub-processors, including AI providers (Anthropic and OpenAI, based in the United States), cloud infrastructure providers (Supabase, Vercel, and n8n Cloud, based in the EU), and a text-to-speech provider (ElevenLabs, planned). Each sub-processor is engaged under a Data Processing Agreement requiring equivalent data protection terms. Our full sub-processor list, including regions and transfer safeguards, is available at insequa.co.uk/sub-processors. Where we appoint a material new sub-processor we will give active customers at least 5 working days notice by email.

All AI-generated content is presented as a draft requiring human review. Customer data sent through the Anthropic and OpenAI APIs is not used to train or improve the underlying AI models. The product does not make automated decisions about individuals with legal or similarly significant effects. A disclaimer in the product reminds users not to enter sensitive identifiable information about residents, staff, or other individuals where it is not strictly necessary.

International transfers of personal data

Most of your personal information is stored in the United Kingdom or the European Union. The exceptions, all relating to Insequa AI Solutions, are:

Anthropic and OpenAI process AI requests from servers in the United States

ElevenLabs (planned) may process text-to-speech requests from servers outside the UK or EU

Where we transfer personal data outside the UK, we use the UK Addendum to the Standard Contractual Clauses approved by the Information Commissioner’s Office. This provides a recognised legal mechanism for the transfer.

Security

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard the information we collect. These include encrypting personal data in transit and at rest, limiting access to people who need it, working with sub-processors who provide equivalent security, and operating an incident response process for any personal data breach.

Cookies

A cookie is a small file placed on your device that helps the website work properly and helps us understand how the site is used.

We use a cookie consent banner (CookieYes) to obtain your explicit consent before setting non-essential cookies. You can change your preferences at any time through the cookie settings in the website footer.

Strictly necessary cookies

These cookies are essential for the website and application to function and do not require your consent. They include our cookie consent record (CookieYes) and the session cookies that keep you signed in to the Pip application (Supabase Auth).

Analytics cookies

These cookies help us understand how visitors use our website so we can improve it. They are set only with your consent. We use Google Analytics and HubSpot for website analytics and session tracking, and Vimeo where video content is embedded on the site.

Advertising and marketing cookies

These cookies support our advertising and marketing activity and are set only with your consent. We use Google Ads and DoubleClick for conversion measurement and advertising attribution, YouTube where video embeds are used, and Lead Forensics for website visitor identification to help us understand which organisations are visiting our site.

Browser storage (not cookies)

The Pip application uses browser local storage for two small functional purposes that do not involve personal data and do not require consent: remembering your preferred voice mode (push-to-talk or hands-free), and temporarily recording which PIR topics are being processed so the dashboard can show a progress indicator.

Managing your cookie preferences

You can update your cookie preferences at any time using the cookie settings in the website footer. You can also manage cookies through your browser settings — most browsers let you block or delete cookies, though this may affect how the website functions.

For general guidance on managing cookies in popular browsers, visit www.aboutcookies.org or www.allaboutcookies.org.

Marketing emails and email tracking

If we send you marketing emails (such as a newsletter or product updates), we may include tracking that helps us understand whether the email was opened or any links were clicked. We use this information to improve our communications. You can opt out at any time by clicking “unsubscribe” at the bottom of any marketing email, or by emailing us at enquiries@insequa.co.uk.

Transactional emails relating to your account, support, or invoicing are not marketing and will continue to be sent on the basis of the contract between us.

Who we share information with

We share personal information only where there is a clear reason and a lawful basis. The categories of recipients we use are:

Sub-processors who help us deliver our services, including the AI and infrastructure providers named in the Insequa AI Solutions section above (full list at insequa.co.uk/sub-processors), and payment providers such as Stripe who process subscription payments and billing on our behalf

Professional advisers such as accountants, lawyers, and auditors

HMRC, regulators, and law enforcement where required by law

A buyer or successor in connection with the sale or restructuring of our business

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.

Links to other websites

Our website may contain links to other websites of interest. Once you have used these links to leave our site, we no longer have any control over the other website. We cannot be responsible for the protection and privacy of any information you provide while visiting such sites. You should exercise caution and look at the privacy policy applicable to the website in question.

Children’s information

Our website and Insequa AI Solutions are not directed at children. We do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact us and we will delete it.

Your rights

Under UK GDPR you have the following rights in relation to your personal information:

The right to be informed about how your information is being used

The right of access — to ask for a copy of the personal information we hold about you

The right to rectification — to ask us to correct inaccurate or incomplete information

The right to erasure — to ask us to delete your personal information in certain circumstances

The right to restrict processing — to limit how we use your information in certain circumstances

The right to data portability — to ask for a copy of your information in a structured, commonly used format

The right to object to processing based on legitimate interests, and to direct marketing at any time

Rights related to automated decision-making and profiling — we do not carry out automated decision-making with legal or similarly significant effects on you

To exercise any of these rights, please contact us at enquiries@insequa.co.uk or write to us at Insequa Limited, 155 Wellingborough Road, Rushden, Northamptonshire, NN10 9TB. We will respond within one month.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection. The ICO can be contacted at ico.org.uk or on 0303 123 1113.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

Wherever you are asked to fill in a form on the website, look for the option to indicate that you do not want the information to be used for direct marketing purposes

If you have previously agreed to us using your personal information for direct marketing, you may change your mind at any time by emailing enquiries@insequa.co.uk

We will not sell, distribute, or lease your personal information to third parties unless we have your permission or are required by law to do so.

You may request details of personal information we hold about you under UK GDPR. If you would like a copy, please email enquiries@insequa.co.uk. If you believe any information we hold is incorrect or incomplete, please write to us at the same address and we will promptly correct it.

Disclaimer

The material on our site is given for general information only and does not constitute professional advice. You should take specific advice before taking a course of action, as we do not accept directly or indirectly any responsibility for loss arising directly or indirectly from reliance on information on this site.

Given that the internet is an open system, we cannot warrant that the site and downloads reach you virus-free. You should take all appropriate precautions for your own safety.

Changes to this policy

We may update this privacy policy from time to time, for example if we change how we use personal information or to reflect changes in the law. When we make material changes we will post the updated notice on our website and, where you are an active customer, notify you by email.

Effective from

June 2026