Privacy Policy

Privacy Policy
Last Updated January 2026

(For cleverthinkingtech.com and growthgateway.uk)
Clever Thinking Technologies & Growth Gateway AI Ltd

This privacy policy applies to your use of cleverthinkingtech.com and any services supplied by Clever Thinking Technologies & Clever Thinking Tech (“we”, “us”, “our”). 

Clever Thinking Technologies & Clever Thinking Tech are trading names of Growth Gateway AI Ltd, a company registered in England and Wales. All references to “Clever Thinking Technologies, Clever Thinking Tech”, “we”, “us” or “our” refer to Growth Gateway AI Ltd unless stated otherwise.

Growth Gateway AI Ltd is registered in England and Wales.
Company Number: 15964518
Business Registered Address:
Unit A, 82 James Carter Road, Mildenhall, IP28 7DE
Telephone number: 01202 030384

You may contact Clever Thinking Technologies using the contact details published on our website, including via our contact form or telephone. Electronic communication is the preferred method of contact.

We are committed to protecting your privacy and handling personal data transparently and lawfully in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Growth Gateway AI Ltd is registered in England and Wales.
Company Number: 15964518
Business Registered Address:
Unit A, 82 James Carter Road, Mildenhall, IP28 7DE
Telephone number: 01202 03038

For the purposes of data protection law, Clever Thinking Technologies acts as a data controller in respect of personal data collected through our website and client communications.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Information You Provide Directly

• Name

• Business name

• Email address

• Telephone number

• Billing and invoicing details

• Messages submitted via contact forms, email, or messaging platforms

• Information provided during enquiries, proposals, onboarding, or support requests

2.2 Website and Technical Data

• IP address

• Browser type and version

• Operating system

• Referring URLs

• Pages visited and interaction data

• Date and time of visits

This data is collected through cookies, analytics tools, server logs, and similar technologies.

2.3 Client and Project Data

When you engage our services, we may process:

• Website access credentials (where provided)

• Hosting or domain information

• Content supplied by you

• Business contact details of your staff or contractors

3. How We Use Personal Data

We use personal data for the following purposes:

• Responding to enquiries and communications

• Providing and managing our services

• Preparing quotes, proposals, and invoices

• Client onboarding and project delivery

• Website hosting, maintenance, and support

• Improving our website and services

• Security monitoring and fraud prevention

• Legal, accounting, and compliance obligations

We do not sell personal data to third parties.

4. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

• Contract – where processing is necessary to provide services you have requested

• Legitimate interests – for business administration, service improvement, and security

• Consent – where you have given clear permission (for example marketing emails)

• Legal obligation – where required by law (for example tax and accounting records)

Where consent is required, you may withdraw it at any time.

5. Cookies and Analytics

Our website uses cookies and similar technologies to improve functionality and analyse usage.

These may include:

• Essential cookies required for website operation

• Analytics cookies (such as Google Analytics or equivalent)

• Performance and security cookies

You can manage cookie preferences through your browser settings or any cookie consent banner provided.
Please find our cookie policy here.

6. Marketing Communications

We may send marketing communications where:

• You have opted in

• You are an existing client and communications relate to similar services

You can opt out at any time by following the unsubscribe link or contacting us directly.

We do not engage in unsolicited bulk marketing.

7. Third-Party Services and Processors

We may share personal data with trusted third-party service providers where necessary to deliver our services, including:

• Hosting providers

• Email and communication platforms

• Accounting and invoicing software

• Analytics providers

• CRM systems

• Payment processors (for billing only, not card data)

• AI and automation platforms (where applicable)

These third parties act as data processors or independent controllers and are contractually required to process data securely and lawfully.

We are not responsible for the privacy practices of third-party websites or platforms you access via links from our site.

8. AI Tools and Automated Systems

Where AI tools or chatbot systems are used on our website or client websites:

• AI outputs may be generated automatically

• AI systems may process user-submitted information

• AI tools are provided by third-party platforms

We do not guarantee the accuracy of AI-generated content. Users should not rely on AI outputs as legal, financial, medical, or professional advice.

Where required, clients are responsible for ensuring appropriate disclosures and consent for AI usage on their own websites.

9. Payment and Financial Data

We do not process or store payment card details.

Payments are handled by third-party payment providers such as Stripe, PayPal, Square, Klarna, or similar. These providers act as independent data controllers and are responsible for PCI DSS compliance and payment security.

We may retain limited billing information for accounting and legal purposes.

10. Data Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or disclosure.

However, no website, system, or transmission method can be guaranteed to be completely secure. We do not guarantee absolute security and are not responsible for breaches arising from events outside our reasonable control.

11. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

• The duration of our business relationship

• Compliance with legal and accounting obligations

• Resolving disputes or enforcing agreements

When data is no longer required, it is securely deleted or anonymised.

12. Your Data Protection Rights

Under UK GDPR, you have the right to:

• Access your personal data

• Request correction of inaccurate data

• Request erasure of your data (where applicable)

• Restrict or object to processing

• Request data portability

• Withdraw consent at any time

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

13. Client Data and Controller Responsibilities

Where we process personal data on behalf of clients (for example website hosting or technical support), the client remains the data controller and is responsible for compliance with data protection law.

We act only on documented instructions and do not use client data for our own purposes.

14. International Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

15. Children’s Data

Our services are not directed at children, and we do not knowingly collect personal data from individuals under the age of 16.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes.

The latest version will always be published on our website.

17. Contact Us

If you have questions about this Privacy Policy or how we handle personal data, please use our contact form or telephone 01202 030384 to contact us.