SUORA.AI
Privacy Notice
Suora.ai — Services for UK Businesses
How we use your personal data
This privacy notice explains how Suora uses the personal data you provide when you visit suora.ai/uk, take our business assessment, book a discovery call, or otherwise interact with our UK services.
We've written this to be readable. If anything is unclear, please contact us using the details in section 10 — we'll explain in plain language.
1. Who we are
Suora LLC, trading as Suora.ai ("Suora", "we", "us", "our"), is the data controller responsible for the personal data we collect on suora.ai/uk and through our UK partnership programme.
How to contact us
For any privacy-related question or to exercise your rights:
- Email: milachou@suora.ai
- Postal address: Suora LLC, 2108 N St #12045, Sacramento, CA 95816, USA
We don't currently have a designated Data Protection Officer (DPO). All data protection queries should go to milachou@suora.ai.
2. What personal data we collect
We collect personal data in three main ways.
2.1 Information you give us directly
When you take the business assessment at suora.ai/uk, you provide:
- Your name.
- Your business name.
- Your email address.
- Information about your business — including your industry, size, location, current lead-handling setup, average job value, and estimates of missed enquiries.
When you book a discovery call, you additionally provide:
- Your phone number.
- Your preferred meeting time.
- Any notes you choose to include in the booking.
If you respond to email, phone, or LinkedIn outreach from us, we keep records of that correspondence (subject lines, dates, content of your replies).
2.2 Information from publicly available sources
If we contact you before you've engaged with us directly (for example, through cold email, LinkedIn outreach, or a phone call from our UK partner), the data we hold about you was sourced from publicly available business information. This typically includes:
- Companies House public records.
- Your business website's contact pages.
- Industry directories and trade association listings.
- LinkedIn public profiles where you have published your business affiliation.
This processing rests on legitimate interest under UK GDPR Article 6(1)(f), and is documented in a separate Legitimate Interest Assessment (LIA). You have the right to object to this processing at any time — see section 8.
2.3 Information we collect automatically
When you visit suora.ai/uk, our systems automatically collect:
- Standard server logs — your IP address, browser type, operating system, the pages you visit, the page that referred you, and timestamps.
- Cookies and similar tracking technologies — for site functionality, analytics, and (with your consent) marketing. Full details are in our Cookie Policy.
3. How we use your data and our lawful basis
UK data protection law requires us to have a specific lawful basis for each way we use your personal data. The table below shows the main purposes, the data involved, and the lawful basis we rely on.
| Purpose | Data used | Lawful basis |
|---|---|---|
| Operating and securing the website | Server logs, cookies (strictly necessary) | Legitimate interest under Article 6(1)(f) — running and protecting the site |
| Providing the business assessment and showing your results | Assessment inputs, business information, contact details | Article 6(1)(b) — taking steps you requested before entering into a contract; and consent (you chose to complete the assessment) |
| Booking and conducting discovery calls | Name, email, phone, calendar details, call notes | Article 6(1)(b) — taking steps you requested before entering into a contract |
| Outreach to UK service businesses (cold contact) | Business contact information from publicly available sources | Legitimate interest under Article 6(1)(f) — covered by our Legitimate Interest Assessment |
| Following up on your engagement (post-assessment, post-call communications) | Email, phone, name, prior interactions | Legitimate interest under Article 6(1)(f) and Article 6(1)(b) |
| Providing services to you as a client | All of the above, plus contracted account information | Article 6(1)(b) — performance of contract |
| Improving our services | Aggregated and anonymised usage data, feedback | Legitimate interest under Article 6(1)(f) |
| Complying with legal obligations | Whatever the law requires us to keep or share | Article 6(1)(c) — legal obligation |
| Analytics and (with your consent) marketing technologies | Cookies, device identifiers, usage patterns | Consent (Article 6(1)(a)) where required under PECR |
Where we rely on legitimate interest, we have weighed our interest against your rights and freedoms and concluded the processing is appropriate. You can ask for details of this assessment by contacting milachou@suora.ai.
4. Who we share your data with
We share your personal data only as needed to deliver our services. The categories of recipients are:
Independent contractors and partners
Our UK outreach and discovery calls are conducted on our behalf by independent contractors and partners. They access only the data required for their role (your business contact details and assessment results, where applicable), are contractually bound to follow our data protection requirements, and act solely on our instructions.
Our platform vendors
We use third-party service providers to deliver our services — including for customer relationship management, email and telephony infrastructure, AI voice systems, chatbot delivery, calendar synchronisation, and data storage. Each of these is bound by a Data Processing Agreement (DPA) and processes personal data only on our instructions. Vendors include UK and international providers; international transfers are covered in section 5.
Professional advisers
Our accountants, lawyers, auditors, and insurers may have access to personal data where strictly necessary for their professional services.
Public authorities
We may share data with regulators, law enforcement, or other public authorities where we are legally required to.
What we don't do
We do not sell your personal data to anyone. We do not share your personal data for advertising or marketing purposes by third parties. We do not enrich your data with information bought from data brokers.
5. International data transfers
Suora is a US-based company, and some of our platform vendors operate from outside the UK (typically the United States and the European Union). When we transfer your personal data outside the UK, we use one of the safeguards required by UK GDPR Chapter V:
- UK adequacy regulations — for transfers to countries the UK Government has designated as providing an adequate level of protection.
- UK International Data Transfer Agreement (IDTA) — for transfers to countries without adequacy.
- UK addendum to the EU Standard Contractual Clauses — where applicable.
You can request more details about the specific transfer mechanism applicable to a particular vendor by contacting milachou@suora.ai.
6. How long we keep your data
We keep your personal data only for as long as needed for the purposes described in section 3.
| Data category | How long we keep it |
|---|---|
| Outreach contact data (where you haven't engaged) | Up to 90 days from first contact |
| Nurture (where you've asked us to follow up later) | Up to 12 months from first contact, then deleted if no engagement |
| Disqualified or do-not-contact requests | Minimal data (email/phone with do-not-contact flag) retained indefinitely solely to prevent re-contact |
| Engaged prospects (took the assessment, booked a call) | Up to 24 months from your most recent engagement |
| Clients | For the duration of our business relationship and 6 years afterwards (for tax, accounting, and legal records) |
| Records of your data subject requests | Retained for 6 years to evidence regulatory compliance |
After the relevant retention period ends, we delete or fully anonymise the data.
7. Cookies and similar technologies
We use cookies and similar technologies on suora.ai/uk to make the site work, to understand how it's used, and (with your consent) to improve marketing.
Some cookies are strictly necessary and don't require your consent under UK PECR. Others — such as analytics, preference, and marketing cookies — are governed by the rules under the Privacy and Electronic Communications Regulations and the Data (Use and Access) Act 2025.
For full details of the cookies we use, what they do, how long they last, and how to manage your preferences, see our Cookie Policy. You can change your cookie preferences at any time using the "Manage cookies" link in the footer of any page on suora.ai/uk.
8. Your rights
UK data protection law gives you specific rights over your personal data. To exercise any of these, contact milachou@suora.ai. We respond within one month of receiving a verifiable request, and we don't charge for it (except in the limited circumstances permitted by law).
Right of access (Article 15)
You can ask us to confirm whether we hold personal data about you and request a copy of that data.
Right to rectification (Article 16)
You can ask us to correct personal data that's inaccurate or incomplete.
Right to erasure (Article 17)
Also known as the "right to be forgotten." You can ask us to delete your personal data where there is no compelling reason for us to continue processing it. We may need to keep a minimal record (your contact details with a do-not-contact flag) to make sure we don't accidentally re-contact you in future.
Right to restrict processing (Article 18)
You can ask us to limit how we use your data while we investigate a concern you've raised.
Right to data portability (Article 20)
You can ask us to provide a copy of your data in a structured, machine-readable format, or to transmit it directly to another data controller where technically feasible.
Right to object (Article 21)
You have an absolute right to object to your data being used for direct marketing — we honour these objections immediately. You can also object to other processing based on legitimate interest, and we'll stop unless we have compelling legitimate grounds that override your interests.
Right to withdraw consent
Where consent is the lawful basis we rely on (for example, certain cookies), you can withdraw it at any time. Withdrawing consent doesn't affect the lawfulness of any processing we did before you withdrew it.
Rights related to automated decision-making
We don't make decisions about you using purely automated means that produce legal or similarly significant effects. The business assessment shows you a calculated score, but it's an estimate for your own use — it doesn't determine whether we'll work with you, and any decisions about engagement involve human review.
9. How we protect your data
We take the security of your personal data seriously. We use technical and organisational measures appropriate to the risk, including:
- Access controls — only authorised people can access your data, and only the data they need for their role.
- Encryption — your data is encrypted in transit (TLS) and at rest where supported by our platform vendors.
- Vendor due diligence — we use established platform vendors with their own security certifications and Data Processing Agreements.
- Incident response — we have procedures for identifying, containing, and reporting data breaches, including notifying the ICO within 72 hours where the law requires.
No system is perfectly secure. If we ever experience a breach affecting your personal data and the law requires us to notify you, we will.
10. Contacting us
For any question about this notice, your personal data, or your rights:
- Email: milachou@suora.ai
- Postal address: Suora LLC, 2108 N St #12045, Sacramento, CA 95816, USA
We aim to acknowledge messages within 5 business days and respond substantively within 30 days, in line with UK GDPR.
11. How to complain
If you have a concern about how we handle your personal data, please contact us first at milachou@suora.ai. We'll acknowledge your complaint within 5 business days and aim to respond substantively within 30 days.
If you're not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) — the UK's independent regulator for data protection:
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Postal address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
You don't need to wait for our response before complaining to the ICO. You can also contact them directly at any time.
12. Changes to this notice
We may update this notice from time to time — for example, if we change the data we collect, the purposes we use it for, or the vendors we work with. The current version's effective date is shown at the top of this page.
If we make significant changes, we'll highlight them on suora.ai/uk for at least 30 days before they take effect. For minor changes (such as wording clarifications), we'll simply update the effective date.
Earlier versions of this notice are kept on file. If you'd like a copy of an earlier version, please contact us at milachou@suora.ai.
