Privacy Policy

DejaDo is a UK SME automation consultancy. We help small and medium-sized businesses reduce repeated work, improve operational processes, and make better use of their existing tools.

This Privacy Policy explains how we collect, use, store and share personal information when you visit our website, contact us, submit an enquiry, complete a Process Snapshot, or request a call through https://dejadoit.com.

This policy mainly covers website visitors, enquiry leads, and people who contact us before becoming a client. If you become a client, additional terms may apply through your Statement of Work, Master Service Agreement, and Data Processing Agreement.

Please do not submit information we do not need. In particular, please do not send us passwords, private access credentials, account credentials, payment details, exports, customer lists, files, uploads, production access details, sensitive records, customer personal data we have not asked for, or unnecessary personal data.

This website is operated by DejaDo. You can contact us at support@dejadoit.com.

For website enquiries, contact form submissions, and Process Snapshot submissions, DejaDo is the data controller. This means we decide why and how that enquiry data is used.

For client automation projects, DejaDo may act as a data processor for client data, depending on the signed agreement and Data Processing Agreement.

Contact, booking and Process Snapshot enquiry data

When you complete a contact form, booking request, or Process Snapshot form, we may collect:

• your name
• business name
• email address
• phone number
• service interest
• preferred next step
• summary of the problem, bottleneck or process you want help with
• current tools your business uses
• business type, role or title, and approximate team size
• structured Process Snapshot answers about the problem area, current process, volume, time cost, urgency, budget comfort, and desired outcome
• whether the process may involve sensitive or regulated data, as a triage flag
• preferred day for a call
• preferred time window for a call
• timezone
• source page or form submitted
• consent timestamp
• Process Snapshot consent timestamp, where you submit that form
• marketing consent timestamp, if you separately opt in

Process Snapshot submissions are structured pre-sale enquiries. The answers may be stored separately from basic contact enquiries and linked to a lightweight lead or contact record so DejaDo can review the enquiry, follow up, and manage the next step.

Sensitive or regulated data flags

The Process Snapshot may ask whether a process involves sensitive or regulated data. This is only a triage flag. Please do not paste detailed sensitive records, customer records, financial records, medical records, legal records, staff records, files, uploads, exports, or production access details into the form.

Technical and security data

When you use the website or submit a form, we may collect limited technical data needed to run the website safely, prevent spam, and keep audit records, such as:

• IP hash
• user agent
• browser and device information
• timestamps
• form submission metadata
• security and spam-prevention signals
• server logs and error logs

We aim to collect only what is needed for security, troubleshooting, spam prevention, and audit purposes.

Email communication data

If you email us or we email you, we may process:

• your email address
• your name and signature details
• the content of your message
• attachments you choose to send
• email delivery metadata

Please do not send passwords, private access credentials, payment details, customer data we have not asked for, or sensitive documents by email unless we specifically ask for them through an agreed secure process.

Optional marketing data

If we add an optional marketing sign-up or newsletter in the future, we may collect:

• your name
• email address
• business name
• consent timestamp
• marketing preferences
• unsubscribe or opt-out records

We will not send marketing emails unless you have separately opted in.

We collect information when:

• you submit a website contact or booking request form
• you complete a Process Snapshot form
• you email us directly
• you request a call or send a business enquiry
• you interact with our website
• hosting systems, technical logs or security tools record activity needed to run the site

If you do not want to complete the fuller Process Snapshot form, you can use the simpler /contact route instead.

We use your information to:

• respond to your enquiry
• acknowledge that we received your message
• send an acknowledgement email after a Process Snapshot submission
• send an internal notification to the DejaDo team so an enquiry can be reviewed
• arrange a call or next step
• understand your business problem or bottleneck
• review a Process Snapshot submission as a structured pre-sale assessment
• decide whether a Lite, Pro or no-build recommendation is the right fit
• manually review and classify enquiries
• confirm call times manually
• keep records of conversations and decisions
• protect the website from spam, misuse and security threats
• troubleshoot website or form issues
• improve the website and our services
• send optional marketing only where you have opted in

DejaDo does not use automated lead classification for website enquiries. Leads and Process Snapshots are manually reviewed by us.

A Process Snapshot does not generate an instant quote, final recommendation, or contract. Submitting one does not guarantee that DejaDo can help.

Under UK GDPR, we need a lawful basis to use personal information. The lawful bases we rely on are:

• Legitimate interests - for responding to business enquiries, reviewing Process Snapshot submissions, arranging calls, understanding your business problem, manually deciding whether Lite, Pro or no-build is the right fit, sending acknowledgement and internal notification emails, keeping records of enquiries, preventing spam and abuse, and maintaining audit logs.
• Pre-contract steps - where you are asking about our services with a view to a possible engagement.
• Consent - for optional marketing emails, where you have opted in.
• Legal obligation and/or contract - for keeping financial, tax or legal records if an engagement begins.

Our legitimate interests include running and improving our business, responding to B2B enquiries, managing sales follow-up, protecting our website, and keeping appropriate records. We only rely on legitimate interests where we believe the use is necessary, proportionate, and something a business enquirer would reasonably expect.

You can object to processing based on legitimate interests. We will consider your objection and respond in line with data protection law.

We may share personal information with trusted providers where needed to run the website, process enquiries, send emails, manage communications, or protect the service.

We may use the following providers or categories of providers:

• Vercel - website hosting and deployment.
• Supabase - lead intake, assessment storage, and related backend services.
• Resend - transactional acknowledgement emails and internal notification emails.
• Google Workspace - business email and internal communication.
• GoDaddy - domain registration and DNS services.
• Cloudflare Turnstile - spam and abuse protection, if enabled.
• Slack - internal notification, if enabled.
• Website analytics provider - if and when analytics are enabled.
• Professional advisers - accountants, lawyers, insurers or consultants where needed.
• Legal or regulatory authorities - where required by law or to protect our rights.

We do not sell enquiry data. We do not send marketing emails unless you have separately opted in. We do not provide public access to our internal systems or lead database.

Some of our providers may process personal information outside the UK or EEA.

Where this happens, we rely on appropriate safeguards where required, such as UK-approved Standard Contractual Clauses, provider contractual protections, security controls, and transfer safeguards.

We do not claim that all data always stays in the UK. Where possible and supported by the provider, we prefer UK or EU processing locations, but this can depend on the provider and service used.

We only keep personal information for as long as needed for the purpose it was collected, including business, legal, accounting, security, and audit reasons.

Indicative retention periods:

• General enquiry leads - up to 24 months from last meaningful contact, unless deletion is requested or a client relationship begins.
• Unconverted Process Snapshot submissions - up to 12 months from submission or last meaningful contact, unless deletion is requested or a client relationship begins.
• Unsuccessful or not-fit leads - up to 12 months from last meaningful contact.
• Booking request details - up to 24 months from last meaningful contact.
• Email correspondence - up to 6 years where needed for business, legal or accounting records.
• Optional marketing consent records - until consent is withdrawn, plus a reasonable suppression record so we do not contact you again by mistake.
• Technical and security logs - typically 30 to 180 days, depending on provider and security need.
• Spam and abuse records - as long as reasonably needed to prevent repeated misuse.
• Client project records - handled under the applicable client agreement, Statement of Work and Data Processing Agreement.

If you become a client, some information may need to be retained for longer under contract, accounting, legal or regulatory requirements.

We use practical security measures appropriate to the size and nature of our business and the information we process. These may include:

• access controls and least-privilege access
• secure credential storage
• server-side processing for sensitive operations
• no public access to the lead database
• spam prevention
• audit and activity logging
• masking or hashing where appropriate
• secure business email systems
• limiting access to people who need it

No website, database or email system can be guaranteed to be completely secure. We use reasonable technical and organisational measures and continue to review them.

Under UK data protection law, you may have the right to:

• access the personal information we hold about you
• correct inaccurate or incomplete information
• ask us to delete your information
• restrict how we use your information
• object to processing based on legitimate interests
• receive certain information in a portable format, where applicable
• withdraw consent for marketing at any time
• complain to the Information Commissioner's Office

To exercise your rights, email support@dejadoit.com. We may need to verify your identity before responding.

You can also complain to the ICO at https://ico.org.uk.

We will not send marketing emails unless you have opted in.

At present, email sending is limited to:

• acknowledgement emails after you submit an enquiry or Process Snapshot
• manual follow-up about your enquiry
• internal DejaDo notifications so enquiries can be reviewed

If you opt in to marketing in future, you can unsubscribe at any time using the unsubscribe link in any marketing email or by contacting support@dejadoit.com.

At the time this policy was drafted, the website is intended to operate without non-essential analytics cookies. If we add analytics, advertising, remarketing, heatmaps, session recording, or similar technologies later, we will update this policy and add any cookie notice or consent mechanism required.

This website and DejaDo's services are intended for businesses, not children. We do not knowingly collect personal information from children through this website. If you believe a child has submitted personal information to us, please contact support@dejadoit.com.

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. If the changes are significant, we may take additional steps to notify users or clients where appropriate.

For privacy questions, data requests, or concerns about how your information is handled, contact us at support@dejadoit.com.