Skip to content
SLM-Works

Privacy policy

Last updated:

Draft for legal review: This page is an English v1 draft with marked placeholders. Do not treat as final legal advice. Counsel must approve text, subprocessors, retention, and contact details before production reliance.

Who we are

SLM-Works (“we”, “us”, or “our”) operates the website at slm-works.ai ( the “Site”).

For the purposes of the EU/UK General Data Protection Regulation (GDPR), we act as the controller of personal data processed through the Site as described in this policy, unless we state otherwise (for example, where we process solely on behalf of a customer).

Registered entity details and representative information will be published here upon completion of legal registration.

Privacy requests: see Contact (privacy requests).

Data we collect

We may collect the following categories of information:

  • Information you provide: e.g. name, work email, company, role, use case, and other fields when you submit lead, contact, or newsletter forms on the Site.
  • Communications: content of messages you send us (including support or sales enquiries).
  • Technical & usage data: e.g. IP address, device/browser type, general location (derived from IP), pages viewed, referring URLs, and timestamps, collected via server logs and/or analytics tools.

We do not use this policy to describe processing of customer production workloads or models, which is governed by separate agreements where applicable.

Purposes and lawful bases (GDPR)

We process personal data for purposes that may include:

  • Responding to enquiries and delivering the Site , lawful basis: legitimate interests (operating our business and the Site) and/or contract (steps prior to a contract).
  • Sending transactional messages (e.g. form confirmations), lawful basis: contract or legitimate interests.
  • Marketing communications (only where permitted), lawful basis: consent and/or legitimate interests as applicable under local law. You can opt out at any time.
  • Analytics and improvement: lawful basis: legitimate interests (understanding use of the Site, security, product improvement) or consent where required (e.g. non-essential cookies).
  • Security, fraud prevention, and legal compliance , lawful basis: legitimate interests and/or legal obligation.

Subprocessors and third parties

We use service providers who process personal data on our behalf (processors) or who host infrastructure we use. Depending on how you use the Site, this may include:

  • Supabase: for application data storage (e.g. insights content, lead records if configured). Data may be processed in the regions supported by our Supabase project.
  • Resend: for transactional email delivery (e.g. form notifications and confirmations) when enabled.
  • Analytics: we may use a privacy-oriented analytics product (e.g. Plausible) or Google Analytics 4: The active tool(s), data collected, and retention will be listed here once production configuration is fixed.
  • Hosting / CDN: e.g. Vercel or equivalent for serving the Site.

Retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer period is required by law.

  • Form submissions: retained for the period needed to evaluate and respond to the request, plus a reasonable statutory limitation period unless erased earlier on request.
  • Marketing: until you withdraw consent or object (where applicable), or we delete it in line with our retention schedule.
  • Logs & analytics: typically aggregated or deleted on a rolling basis per vendor configuration (to be stated explicitly after production setup).

Your rights

Depending on your location, you may have the following rights under GDPR (and similar laws):

  • Access to your personal data.
  • Rectification of inaccurate data.
  • Erasure (“right to be forgotten”) in certain cases.
  • Restriction of processing in certain cases.
  • Data portability for data you provided where processing is based on contract or consent and automated means are used.
  • Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent where processing is consent-based (without affecting prior lawful processing).
  • Lodge a complaint with a supervisory authority in your country/region.

To exercise your rights, contact us using the details in Contact (privacy requests). We may need to verify your identity before responding.

Cookies and similar technologies

We may use cookies and similar technologies (including local storage) for essential operation of the Site, preferences, and analytics. Non-essential cookies are only set with your consent where required by applicable law. You can manage cookie preferences through your browser settings.

International transfers

If we transfer personal data outside the UK/EEA, we will implement appropriate safeguards (such as Standard Contractual Clauses) and complete any required assessments.

Changes to this notice

We may update this privacy policy from time to time. The “Last updated” date at the top of the page reflects the latest revision. Material changes will be communicated as required by law.

Contact (privacy requests)

For privacy enquiries and requests, email: hello@slm-works.ai

For general business contact (not specifically privacy-related), use the contact options on the Contact page when available.