1. Who we are

Blunt Logic Ltd operates the Blunt Logic website, private customer workspaces, onboarding flows, billing controls, operator console, and managed deployment namespace. Contact: hello@bluntlogic.ai. Privacy contact: privacy@bluntlogic.ai.

Registered number: PENDING_COMPANY_NUMBER. Registered in England and Wales.

Registered office: PENDING_REGISTERED_OFFICE_ADDRESS

2. Personal data we collect

We may collect business contact details, owner login details, billing contacts, company details, support messages, onboarding acceptance records, Stripe customer and subscription identifiers, deployment configuration, audit logs, security events, usage telemetry, and redacted monitoring summaries.

Customer workspaces may also contain customer-provided business records such as organisations, contacts, prompts, documents, notes, replies, research material, and workflow history. The customer controls what it uploads or asks the service to process.

3. How we use personal data

We use personal data to provide and secure the service, create and manage workspaces, authenticate owners, process onboarding, record legal acceptance, administer billing and subscriptions, provide support, monitor service health, investigate faults or abuse, maintain auditability, comply with law, and communicate about the service.

4. Lawful bases

Depending on the context, we rely on contract performance, legitimate interests, legal obligation, and consent where required. Our legitimate interests include running secure private deployments, preventing misuse, supporting customers, improving reliability, and keeping appropriate audit records.

5. AI providers and subprocessors

Some workspace features may send prompts, context, usage data, or outputs to approved AI, hosting, database, email, billing, monitoring, and support providers. We aim to keep secrets server-side, use redacted monitoring where possible, and avoid centralising raw customer CRM, prompt, reply, or document data in the operator console unless needed to provide support or as otherwise agreed.

The customer should review the Data Processing Addendum and any provider list or order form before live use.

6. Monitoring and audit records

The operator console may poll deployment status endpoints to collect redacted health, workflow, usage, billing, and delivery summaries. The service may also keep audit records for login, legal acceptance, billing, AI usage, approvals, sends, support actions, webhook activity, and security-relevant events.

7. Cookies and similar technologies

We use essential cookies and similar storage for authentication, session security, preferences, and service operation. We do not need non-essential marketing cookies for private workspace access unless a separate cookie banner or consent flow says otherwise.

8. Retention

We keep personal data only for as long as needed for the purposes described above, including providing the service, meeting legal or accounting obligations, resolving disputes, maintaining backups, and preserving necessary security and audit records. Customer workspace data deletion or export follows the applicable customer agreement and Data Processing Addendum.

9. International transfers

Some providers may process data outside the UK or EEA. Where required, we rely on appropriate safeguards such as adequacy decisions, UK international data transfer terms, standard contractual clauses, or equivalent provider commitments. Specific provider details should be confirmed before live production use.

10. Your rights

Depending on your location and role, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data about you. You may also have the right to complain to the UK Information Commissioner's Office or another relevant regulator. Contact privacy@bluntlogic.ai to exercise privacy rights.

Where processing is based on consent, you may withdraw consent at any time by contacting privacy@bluntlogic.ai. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

11. Customer-controlled records

Where we process personal data inside a customer workspace on the customer's instructions, the customer is usually the controller and we act as processor. Individuals should normally contact the customer first about records the customer controls. We will support reasonable customer instructions under the Data Processing Addendum.

12. Updates

We may update this notice as the service, providers, or legal requirements change. Material changes for logged-in customers may require renewed in-product acceptance where appropriate.