Skip to content

Legal

Privacy Policy

Last updated:

This Privacy Notice for The Human Collab (doing business as The Human Co.) describes how and why we access, collect, store, use, and share your personal information when you use this website at thehumanco.org, subscribe to our insights list, use the AI Embedding Diagnostic, or contact us in related ways.

Summary of key points

What personal information do we process? When you use this site we process a limited set of personal information, depending on how you interact with us. If you subscribe to our insights list, that is your email address (and, optionally, a tag identifying which form you signed up through). If you use the AI Embedding Diagnostic, that is your email address and the answers and conversation input you provide to the tool.

Do we process sensitive personal information? No. We ask you not to submit special-category data through the diagnostic or any form.

Do we collect information from third parties? No.

How do we process your information? To send the insights and updates you signed up for, to generate and deliver your tailored diagnostic result, to respond to consultancy enquiries, and to keep the site secure.

With whom do we share personal information? Only with the service providers who operate parts of this site on our behalf: our hosting and analytics provider (Vercel), the AI provider behind the diagnostic and chat (Anthropic), our email provider (Kit), and our productivity tools (Google Workspace). They are contractually bound to process data only as we instruct.

How do we keep your information safe? We use appropriate technical and organisational security measures, though no system is 100% secure.

What are your rights? Depending on your location, you may have rights over your personal information, including access, correction, and deletion.

How do you exercise your rights? Contact us at paul@thehumanco.org.

Table of contents

  1. What information do we collect?
  2. How do we process your information?
  3. What legal bases do we rely on?
  4. When and with whom do we share your personal information?
  5. International data transfers
  6. The AI Embedding Diagnostic
  7. The chat
  8. What is our stance on third-party websites?
  9. Do we use cookies and other tracking technologies?
  10. How long do we keep your information?
  11. How do we keep your information safe?
  12. Do we collect information from minors?
  13. What are your privacy rights?
  14. Controls for Do-Not-Track features
  15. Do we make updates to this notice?
  16. How can you contact us about this notice?
  17. How can you review, update, or delete the data we collect?

1. What information do we collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you subscribe to our insights list, use the AI Embedding Diagnostic, or otherwise contact us.

Personal information provided by you. Specifically:

  • Your email address, when you submit the subscribe form or the diagnostic;
  • Optionally, a tag identifying which form you signed up through, so we can send you the right content;
  • The answers and conversation input you provide to the AI Embedding Diagnostic, which the tool uses to generate a tailored result for you;
  • Any information you choose to include when you contact us about a consultancy enquiry (for example, by email).

We do not ask for names, phone numbers, postal addresses, payment details, or any other personal information beyond what is listed above. Please do not include sensitive or special-category information in the diagnostic or any message to us.

Payment data. This website does not sell anything and does not process payments. We do not collect or store payment card details through this site.

Information automatically collected

We automatically collect certain information when you visit the site. This information does not reveal your specific identity but may include device and usage information, and is primarily needed to maintain the security and operation of the site.

The information collected automatically through Vercel, our hosting provider, includes:

  • Log data. IP address, browser type, timestamps, pages visited, and referrer URL, recorded as standard server logs for security and performance purposes.
  • Device data. Basic information about the device you use to access the site (operating system, browser version) as it appears in the User-Agent string.

We do not use behavioural advertising or third-party ad-tracking services on this site. We use Vercel Web Analytics, a privacy-friendly, cookieless analytics service, to understand aggregate traffic: which pages are visited, roughly where visitors come from, and the kind of device used. It does not set cookies, does not build a persistent profile of you, and does not track you across other websites. It does not collect your name, email, or any data that identifies you personally.

2. How do we process your information?

We process your personal information for a limited set of reasons:

  • To send you the insights and updates you signed up for. Your email is passed to our email provider (Kit), which stores it and delivers our communications. You can unsubscribe at any time.
  • To run the AI Embedding Diagnostic. We use the answers and conversation input you provide to generate a tailored result, and your email to send that result to you.
  • To respond to consultancy enquiries. If you contact us about working together, we use your message to reply and to discuss a possible engagement.
  • To maintain the security of the site. Standard server logs help us detect and prevent abuse.
  • To comply with law. Where we are legally required to retain or disclose information.

We do not use your information for advertising, profiling, or automated decision-making that produces legal or similarly significant effects.

3. What legal bases do we rely on to process your information?

We only process your personal information when we believe it is necessary and we have a valid legal reason (legal basis) to do so under applicable law.

If you are located in the UK, the EU, or the EEA, this section applies to you.

The UK GDPR and the General Data Protection Regulation (GDPR) require us to explain the valid legal bases we rely on in order to process your personal information. We rely on the following:

  • Consent. We process your email for our insights list, and the input you submit to the AI Embedding Diagnostic, on the basis of your consent, given when you submit the relevant form. You can withdraw your consent at any time.
  • Legitimate interests. We process basic server logs under our legitimate interest in maintaining a secure and reliable service, and we process consultancy-enquiry correspondence under our legitimate interest in responding to people who contact us about our services.
  • Legal obligations. We may process your information where necessary for compliance with legal obligations, such as cooperating with a regulatory authority or defending our legal rights.

4. When and with whom do we share your personal information?

We share your data only with the service providers who perform services for us on our behalf. These third parties are contractually required to process data only as instructed by us and to protect the security of that data.

The third parties we share personal information with are:

  • Vercel hosts this website and the diagnostic, logs standard request data (IP, user agent, timestamps) for security and performance, and provides the cookieless Web Analytics described above. Vercel privacy policy.
  • Anthropicprovides the AI model that powers the AI Embedding Diagnostic and the site chat. The input you submit is sent to Anthropic solely to generate your result or reply. It is not used by us to build a profile of you and, under Anthropic’s commercial terms, is not used to train its models. Anthropic privacy policy.
  • Kit is our email service provider. When you subscribe, your email and optional tag are sent to Kit, which stores them and delivers our communications. Kit privacy policy.
  • Google Workspace receives a copy of your diagnostic result or chat enquiry, delivered into our workspace by an automated webhook, so Paul can follow up. Google processes it on our behalf as our business productivity provider. Google privacy policy.

The AI Embedding Diagnostic uses Anthropic’s AI model to generate your result. The input you submit is sent to Anthropic solely to generate your result. It is not used by us to build a profile of you, and it is not sold to anyone.

We do not sell or license your personal information to any third party.

Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

4b. International data transfers

The providers above are based in, and process data in, the United States. Where personal information is transferred outside the UK, we rely on appropriate safeguards recognised under UK data protection law: the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, incorporated into each provider’s data processing agreement, and, where a provider is certified, the UK extension to the EU-US Data Privacy Framework. You can ask us for more detail about the safeguards that apply to a particular transfer using the contact details below.

5. The AI Embedding Diagnostic

The AI Embedding Diagnostic is a free, interactive tool on this site. It asks you a series of questions and may invite free-text or conversational input, then uses your responses to generate a tailored, written result about embedding AI in your context. We use the email address you provide to send that result to you.

Please provide only information you are comfortable sharing. Do not submit confidential third-party information, personal data about other people, or special-category data. The result is generated automatically to help you think through your situation; it is general information, not professional, legal, or financial advice, and no consultancy relationship is created by using the tool.

When you complete the diagnostic, your answers are sent to Anthropic, our AI model provider, to generate your read-out, which we then show you on this site and email to the address you provided. A copy of the read-out is also delivered into our Google Workspace so we can follow up if you ask us to.

Conversation content is not stored on our servers after your session ends. Your email address and a short summary of the read-out are kept with our email provider (Kit) on our “Diagnostic leads” list, and a record of the read-out is retained by The Human Co. for follow-up. You can ask us to delete your diagnostic data at any time by emailing us.

5b. The chat

The chat on this site lets you ask questions about The Human Co. and Paul’s consultancy. The conversation runs through an AI assistant powered by Anthropic. At a natural point you may be offered the option to share your email (and optionally your name) so Paul can follow up directly. This is opt-in: you can skip the offer and keep chatting without sharing anything. If you do share your email, it goes to our “Chat leads” list with our email provider (Kit), and a record of the conversation is delivered into our Google Workspace for follow-up. You can ask us to delete your chat data at any time by emailing us.

6. What is our stance on third-party websites?

This site may link to third-party websites that we do not own or control. We do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites. The inclusion of a link does not imply an endorsement by us. Any data collected by third parties is not covered by this Privacy Notice. You should review the policies of such third parties directly.

7. Do we use cookies and other tracking technologies?

We do not use tracking or advertising cookies on this site. Our hosting provider may set essential cookies required to operate the website — for example, to protect against abuse or maintain session state. These essential cookies do not identify you and are not shared with advertisers.

We do not use behavioural ad-tracking services. We use Vercel Web Analytics, which is cookieless: it does not store or read any identifier on your device for analytics, so it does not rely on the consent rules that apply to tracking cookies. The essential cookies our hosting provider may set to keep the site secure are unaffected.

8. How long do we keep your information?

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. In practice, we keep your email on our insights list until you unsubscribe or request deletion; if you unsubscribe, Kit retains a suppression record (your email, marked unsubscribed) to prevent accidental re-subscription, which you can also ask us to delete. We keep consultancy-enquiry correspondence only as long as needed to handle your enquiry and any resulting relationship.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it, or, if this is not possible (for example, because the information is held in backup archives), we will securely store your personal information and isolate it from further processing until deletion is possible.

9. How do we keep your information safe?

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Transmission of personal information to and from the site is at your own risk.

10. Do we collect information from minors?

We do not knowingly collect, solicit data from, or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction. By submitting your email, you represent that you are at least 18 or the equivalent age as specified by law in your jurisdiction. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the record and take reasonable measures to promptly delete such data. If you become aware of any data we may have collected from children under age 18, please contact us at paul@thehumanco.org.

11. What are your privacy rights?

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include:

  • The right to request access and obtain a copy of your personal information;
  • The right to request rectification or erasure;
  • The right to restrict the processing of your personal information;
  • If applicable, the right to data portability;
  • The right not to be subject to automated decision-making;
  • The right to object to processing.

You can make such a request by contacting us using the details in the “How can you contact us about this notice?” section below. We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your data protection authority. In the UK, this is the Information Commissioner’s Office.

Withdrawing your consent. Where we rely on your consent, you can withdraw it at any time by clicking the unsubscribe link in any email we send you, or by emailing us. Withdrawal does not affect the lawfulness of processing done before withdrawal.

12. Controls for Do-Not-Track features

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals. Since we do not track visitors across websites or use advertising networks, this has limited practical effect.

13. Do we make updates to this notice?

Yes, we will update this notice as necessary to stay compliant with relevant laws. The updated version will be indicated by an updated “Last updated” date at the top of this Privacy Notice. If we make material changes, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently.

14. How can you contact us about this notice?

If you have questions or comments about this notice, you may email us at paul@thehumanco.org or contact us by post at:

The Human Collab
80 Stradbroke Road
Sheffield, South Yorkshire S13 8SQ
United Kingdom

15. How can you review, update, or delete the data we collect from you?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect, details about how we have processed it, correction of any inaccuracies, or deletion of your personal information. You may also have the right to withdraw your consent to our processing. To request any of these, email paul@thehumanco.orgwith the subject line “Data request” and we will respond within 30 days (usually much sooner).

This Privacy Notice is adapted from The Human Co.’s master privacy policy and scoped to this website, its insights list, and the AI Embedding Diagnostic.