Privacy Policy.

We are Colourhaus Decorating Ltd and we are doing business as Catapult AI.

catapultai.ai (the "Site") is owned and operated by Matthew Ramsden. Matthew Ramsden is the data controller and can be contacted at:

Purpose

The purpose of this privacy policy (this "Privacy Policy") is to inform users of our Site of the following:

• The personal data we will collect;
• Use of collected data;
• Who has access to the data collected;
• The rights of Site users; and
• The Site's cookie policy.

This Privacy Policy applies in addition to the terms and conditions of our Site.

GDPR

For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the "GDPR"). For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018.

We have not appointed a Data Protection Officer as we do not fall within the categories of controllers and processors required to appoint a Data Protection Officer under Article 37 of the GDPR.

Consent

By using our Site, users agree that they consent to the conditions set out in this Privacy Policy.

When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful.

You can withdraw your consent by contacting our support team at: [email protected]

Legal Basis for Processing

We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.

We rely on the following legal basis to collect and process the personal data of users in the EU:

• Users have provided their consent to the processing of their data for one or more specific purposes.

In some cases (for example, when you request a demo/call), we may also process your data as necessary to take steps at your request prior to entering into a contract and/or for our legitimate interests (such as responding to enquiries and improving our services), where permitted by applicable law.

Personal Data We Collect

We only collect data that helps us achieve the purpose set out in this Privacy Policy. We will not collect any additional data beyond the data listed below without notifying you first.

Data Collected Automatically

When you visit and use our Site, we may automatically collect and store the following information:

• Clicked links;
• Content viewed;
• Device and browser information (e.g., device type, browser type);
• Approximate location (derived from IP address); and
• General usage data (e.g., time on page, interactions).

Data Collected in a Non-Automatic Way

We may also collect the following data when you perform certain functions on our Site (for example, when you submit a demo request form or contact us):

• Name
• Email address
• Phone number (including mobile number, if provided)
• Company name
• Company website
• Message content (for example, information you choose to share through our forms or chat)

This data may be collected using the following methods:

• Demo request forms and other website forms; and
• Our on-site chat widget (where you choose to submit information).

How We Use Personal Data

Data collected on our Site will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our Site. We will not use your data beyond what we disclose in this Privacy Policy.

The data we collect is used for the following purposes:

• Statistics and analytics;
• Responding to demo requests and enquiries;
• Contacting you about your request and providing related service information; and
• Improving our Site and customer experience.

Who We Share Personal Data With

Employees

We may disclose user data to any member of our organisation who reasonably needs access to user data to achieve the purposes set out in this Privacy Policy.

Third Parties (Service Providers / Processors)

We may share limited information with trusted third-party providers only as needed to operate the Site and deliver the requested experience (for example, website infrastructure, analytics, and chat functionality). These providers are only permitted to use your data to perform services for us.

For example, our system is a white-label version of GoHighLevel (GHL) and may use GoHighLevel/LeadConnector infrastructure to store enquiries, manage conversations, and support communications.

Mobile Info Sharing Statement (Phone Numbers / SMS)

If you provide a phone number (including a mobile number) through our demo request forms, booking forms, or our chat widget, you may be offered the option to receive communications by SMS (text message) relating to your enquiry and/or requested demo.

1) How SMS Opt-In Works

We only send SMS messages when one of the following applies:

• You explicitly request that we contact you by text message; and/or
• You submit your mobile number through our forms or chat widget in connection with a demo request or enquiry, and SMS is reasonably necessary to respond to your request; and/or
• You provide consent through an opt-in checkbox, on-form notice, or similar consent language presented at the point you submit your details.

Where required, we include consent language at the point of collection (for example: "By providing your number, you agree to receive text messages regarding your enquiry. Reply STOP to opt out.").

2) How SMS Content Is Obtained

"SMS content" means the text of messages exchanged between you and Catapult AI. SMS content is obtained in the following ways:

• When you send a text message to a phone number we use for business communications;
• When we send a text message to the mobile number you provided after a demo request, enquiry, or booking; and
• When messages are exchanged through our communications systems supporting Catapult AI, including our white-label GoHighLevel/LeadConnector infrastructure.

3) How We Use SMS Content

We use SMS content for the following purposes:

• To respond to your enquiry and provide support;
• To confirm, schedule, reschedule, or coordinate demos/calls;
• To provide service-related updates you request;
• For internal record keeping and quality assurance; and
• To help detect and prevent spam, fraud, or abuse of our messaging systems.

We do not use SMS content to build marketing profiles for third parties, and we do not sell SMS content.

4) Mobile Number Sharing / Selling

We do not sell your mobile number.

We do not share your mobile number with third parties for their own marketing purposes.

We may share your number only with service providers who help us deliver SMS communications (for example, our messaging infrastructure providers connected to our white-label GoHighLevel/LeadConnector system). Those providers may only process the data to provide services for us.

5) Opt-Out and Help

You can opt out of SMS at any time by replying STOP (where applicable). You may also contact us at [email protected] to request removal or to ask for assistance. Message and data rates may apply depending on your mobile carrier and plan.

Other Disclosures

We will not sell or share your data with other third parties, except in the following cases:

• If the law requires it;
• If it is required for any legal proceeding;
• To prove or protect our legal rights; and
• To buyers or potential buyers of this company in the event that we seek to sell the company.

If you follow hyperlinks from our Site to another Site, please note that we are not responsible for and have no control over their privacy policies and practices.

How Long We Store Personal Data

User data will be stored until the purpose the data was collected for has been achieved, or for as long as needed to meet legal, accounting, or reporting requirements.

You will be notified if your data is kept for longer than this period.

How We Protect Your Personal Data

In order to protect your security, we use appropriate technical and organisational measures, including (where applicable):

• Encryption in transit (HTTPS/TLS) for data sent between your device and our Site;
• Access controls (limiting access to authorised users only);
• Authentication safeguards (e.g., strong passwords and/or multi-factor authentication where supported);
• Vendor security controls through our service providers (including our white-label GHL/LeadConnector systems); and
• Reasonable monitoring and administrative controls to reduce unauthorised access.

All data is only accessible to authorised personnel who reasonably need access to perform their duties. Where employees or contractors have access to personal data, they are expected to handle it confidentially.

While we take reasonable precautions to ensure that user data is secure, there always remains some risk of harm. The Internet can be insecure at times and therefore we are unable to guarantee absolute security. If a data breach occurs that creates a risk to your rights and freedoms, we will take appropriate steps in line with applicable law (including notifications where required).

Your Rights as a User

Under the GDPR, you have the following rights:

• Right to be informed;
• Right of access;
• Right to rectification;
• Right to erasure;
• Right to restrict processing;
• Right to data portability; and
• Right to object.

Children

We do not knowingly collect or use personal data from children under 18 years of age. If we learn that we have collected personal data from a child under 18 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data, their parent or guardian may contact our privacy officer.

How to Access, Modify, Delete, or Challenge the Data Collected

If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to who we disclosed your personal data, if you would like your data to be deleted or modified in any way, or if you would like to exercise any of your other rights under the GDPR, please contact our privacy officer here:

How to Opt-Out of Data Collection, Use, or Disclosure

In addition to the method(s) described in the How to Access, Modify, Delete, or Challenge the Data Collected section, we provide the following specific opt-out methods:

• You can opt out of marketing campaigns by clicking unsubscribe in our marketing communication messages.
• If you receive SMS messages and wish to stop, you can follow the opt-out instructions in the message (for example, replying STOP, where applicable) or email [email protected].

Cookie & Tracking Practices

A cookie is a small file, stored on a user's hard drive by a website. Its purpose is to collect data relating to the user's browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience.

We use cookies and similar tracking technologies (such as tags and event tracking) for site functionality, analytics, and performance measurement.

Types of Cookies We Use

Functional Cookies

Functional cookies are used to remember the selections you make on our Site so that your selections are saved for your next visits.

Analytical Cookies (Google Analytics)

We use Google Analytics to help us understand how visitors use our Site and to improve performance and user experience. Google Analytics may collect data such as pages visited, time spent, clicks/interactions, referral sources, device/browser type, and approximate location (derived from IP address). Google Analytics uses cookies/identifiers such as _ga and _ga_* (cookie names and durations may change as Google updates the service).

You can manage analytics cookies via your cookie settings (where available), your browser settings, or by using the Google Analytics Opt-out Browser Add-on.

Targeting Cookies

Targeting cookies collect data on how you use the Site and your preferences. This allows us to personalise the information you see on our Site for you.

Third-Party Cookies

Third-party cookies are created by a website other than ours. We may use third-party cookies to achieve the following purposes:

• Support essential site functionality and improve user experience; and
• Enable on-site messaging and lead capture via our embedded chat widget.

Chat widget provider: Our chat widget is powered by Catapult AI and may use cookies or similar technologies to enable chat functionality, remember user interactions, and support lead capture. Our chat and messaging workflow is supported by our white-label GoHighLevel/LeadConnector infrastructure.

Modifications

This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy we will update the "Effective Date" at the top of this Privacy Policy.

We recommend that our users periodically review our Privacy Policy to ensure that they are notified of any updates. If necessary, we may notify users by email of changes to this Privacy Policy.

Complaints

If you have any complaints about how we process your personal data, please contact us through the contact methods listed in the Contact Information section so that we can, where possible, resolve the issue.

If you feel we have not addressed your concern in a satisfactory manner, you may contact a supervisory authority. You also have the right to directly make a complaint to a supervisory authority. You can lodge a complaint with a supervisory authority by contacting the Information Commissioner's Office (ICO) in the UK.

Contact Information

If you have any questions, concerns, or complaints, you can contact our privacy officer: