Privacy Policy

1. Introduction

Aedeum ("we", "us", "our") operates aedeum.comand related digital properties (collectively, the "Site"). We provide studio services including website design, AI integration, brand identity, mobile products, and digital consulting, and we develop our own software ventures.

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit the Site, submit an enquiry, engage us for services, or otherwise interact with us. We aim to handle data lawfully, fairly, and transparently in line with applicable privacy laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 where they apply to our processing.

By using the Site, you acknowledge that you have read this policy. If you do not agree, please do not use the Site or submit personal information to us.

2. Data controller

For the purposes of applicable data protection law, the data controller is Aedeum. You can contact us about privacy matters at contact@aedeum.com.

We do not currently appoint a Data Protection Officer. For privacy enquiries, use the contact address above and include "Privacy" in the subject line.

3. Scope

This policy applies to:

• Visitors to aedeum.com and subpages;
• Prospective and current clients who contact us or enter into a project agreement;
• Recipients of our marketing or operational communications, where permitted;
• Users of contact forms, audit request forms, and similar tools on the Site.

This policy does not apply to third-party websites, apps, or services linked from our Site (including client projects, venture products, or social platforms). Those services have their own privacy policies.

4. Information we collect

4.1 Information you provide

We may collect information you voluntarily submit, including:

• Contact and enquiry data: name, email address, business location or region, service interest, project description, referral source, and any other details you include in messages;
• Audit requests: website URL and related details you submit for a complimentary review;
• Project and commercial data: billing contact details, company name, scope documents, correspondence, files you share for delivery, and feedback during engagements;
• Communications: content of emails and messages with our team.

4.2 Information collected automatically

When you use the Site, we and our service providers may automatically collect:

• Usage and device data: pages viewed, referring URLs, approximate location derived from IP address, browser type, device type, operating system, and timestamps;
• Technical logs: server logs used for security, debugging, and performance on our hosting platform;
• Analytics data: aggregated, pseudonymous usage statistics via Vercel Analytics and Vercel Speed Insights (where enabled).

We do not intentionally collect special category data (such as health, biometric, or political opinions) through the Site. Please do not submit sensitive personal information unless we have agreed in writing that it is necessary for your project.

5. How we use your information

We use personal information for the following purposes:

• To respond to enquiries, audit requests, and discovery conversations;
• To prepare proposals, statements of work, and deliver contracted services;
• To administer billing, contracts, and project communication;
• To improve the Site, fix errors, and understand aggregate usage patterns;
• To maintain security, prevent abuse, and enforce our terms;
• To comply with legal obligations and defend legal claims;
• To send service-related messages (for example, replies to your enquiry or project updates). We do not sell your personal information.

5.1 Lawful bases (UK / EEA visitors)

Where UK GDPR or EU GDPR applies, we rely on the following lawful bases:

• Contract: processing necessary to take steps at your request before entering a contract, or to perform a contract with you;
• Legitimate interests: operating and improving our business, securing the Site, and communicating about services, balanced against your rights (you may object as described below);
• Consent: where required for optional cookies or marketing you have explicitly opted into;
• Legal obligation: where we must retain or disclose information to comply with law.

6. Cookies and similar technologies

Cookies are small text files stored on your device. We use cookies and similar technologies as follows:

• Strictly necessary: required for basic Site operation and security (typically session or preference cookies from our host);
• Analytics: Vercel Analytics helps us understand traffic and performance in aggregated form without identifying you by name in our dashboards.

You can control cookies through your browser settings. Blocking cookies may affect Site functionality. Where non-essential cookies require consent in your region, we will request consent before placing them.

7. How we share information

We may share personal information with:

• Service providers (processors): hosting (Vercel), form delivery (FormSubmit.co), email infrastructure (Zoho Mail and related providers), analytics (Vercel), and tools we use to deliver your project (for example design, development, or AI APIs under contract). These providers process data only on our instructions and for specified purposes;
• Professional advisers: lawyers, accountants, or insurers where reasonably necessary;
• Legal and safety: regulators, courts, or law enforcement when required by law or to protect rights, safety, and security;
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to appropriate confidentiality safeguards.

We do not sell or rent personal information to third parties for their marketing.

8. International transfers

We are remote-first and may use providers located outside your country, including the United States and the European Economic Area. Where personal information is transferred from the UK or EEA to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses or UK International Data Transfer Agreements, where applicable.

You may request further information about transfer safeguards by contacting contact@aedeum.com.

9. Data retention

We retain personal information only as long as necessary for the purposes above:

• Enquiries: typically up to 24 months after last contact, unless a project proceeds;
• Client project records: for the duration of the engagement and up to 7 years thereafter for contractual, tax, and legal purposes;
• Server and security logs: typically up to 90 days, unless longer retention is required for incident investigation;
• Analytics:according to our analytics provider's retention settings, generally in aggregated form.

When data is no longer needed, we delete or anonymise it where reasonably practicable.

10. Security

We implement appropriate technical and organisational measures to protect personal information, including HTTPS encryption, access controls, and careful selection of subprocessors. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

If you believe your interaction with us is no longer secure, contact us promptly at contact@aedeum.com.

11. Your rights

Depending on your location, you may have rights including access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent (where processing is based on consent). UK and EEA residents may also lodge a complaint with the Information Commissioner's Office (ICO) or their local supervisory authority.

To exercise your rights, email contact@aedeum.com with sufficient detail to verify your identity. We will respond within the timeframe required by applicable law (typically one month under UK GDPR).

12. Children

The Site and our services are directed at businesses and adults. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us data, contact us and we will delete it where appropriate.

13. Third-party links

The Site may link to external websites (for example LinkedIn, client sites, or venture products). We are not responsible for their privacy practices. Review their policies before providing personal information.

14. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will change when we do. Material changes may be highlighted on the Site. Continued use after changes constitutes acceptance of the updated policy.

15. Contact

For privacy questions, requests, or complaints, contact: contact@aedeum.com

Postal correspondence, if required for a formal request, may be provided on request by email. We operate as a remote-first studio without a public walk-in office.