Privacy Policy
Last updated: 24 February 2026
In short
- We only collect data you give us (email, name, quiz answers).
- We use it to deliver your AI Readiness Report, respond to enquiries, and send occasional tips (with your consent).
- We use PostHog and Facebook Pixel to understand how visitors use our site (only with your consent).
- When delivering AI services, we use trusted sub-processors (Anthropic, n8n Cloud, Supabase) — always under a signed Data Processing Agreement.
- We never sell your data. Ever.
- You can delete your data at any time by emailing us.
1. Who we are
Fortnight AI is a sole trader business operated by Jaroslaw Macioszek, based in Southampton, United Kingdom (UTR: 3671460986).
We are the data controller for the personal data collected through this website (https://fortnightai.com). We are registered with the Information Commissioner's Office (ICO).
When we deliver AI services to business clients, we act as a data processor under Article 28 of UK GDPR. A Data Processing Agreement (DPA) is signed before every engagement.
For any privacy-related questions, contact us at jarek@fortnightai.com.
2. What data we collect
We collect only what is necessary:
Data you provide directly
- AI Readiness Quiz: your email address, quiz answers, and resulting score.
- Newsletter sign-up: your email address.
- Booking / email enquiries: your name, email address, and any information you include in your message or Calendly booking.
- Blog comments: if we enable comments in the future, your name, email, and comment content.
Data collected automatically (with your consent)
- PostHog: page views, referral source, country, device type, browser, and user interactions (clicks, scrolls, form submissions). PostHog is hosted in the EU (Frankfurt).
- Facebook Pixel (Meta): page views, button clicks, and quiz completions for the purpose of measuring advertising effectiveness and creating retargeting audiences. This data is linked to your Facebook profile by Meta.
- Cookies: small text files stored on your device. See section 8 for details.
3. Why we collect it and our legal basis
Under UK GDPR, we must have a lawful basis for processing your personal data. Here is how each purpose maps to a legal basis:
| Purpose | Legal basis |
|---|---|
| Deliver your AI Readiness Report | Legitimate interest |
| Send newsletter, AI tips and updates | Consent (opt-in) |
| Respond to booking or email enquiries | Legitimate interest |
| Website analytics (PostHog) | Consent |
| Advertising measurement and retargeting (Facebook Pixel) | Consent |
| Appointment scheduling (Calendly) | Legitimate interest |
You can withdraw consent at any time by updating your cookie preferences, clicking "unsubscribe" in any email, or contacting us directly.
4. Who has access to your data
We share your data only with trusted third-party services that help us run our business. We have reviewed each provider's data protection practices:
- Brevo (formerly Sendinblue) — email delivery, newsletter, and contact management. EU-hosted. Their privacy policy.
- Vercel — website hosting. Their privacy policy.
- PostHog — website analytics, session replays, and user behaviour tracking. EU-hosted (Frankfurt). Their privacy policy.
- Calendly — appointment scheduling. Their privacy policy.
- Meta (Facebook Pixel) — advertising measurement and retargeting. Data is processed by Meta Platforms Ireland Ltd. Their privacy policy.
Sub-processors used during AI service delivery
When you engage us for an AI Sprint or retainer, your business data may be processed by the following tools under a signed Data Processing Agreement (DPA):
- Anthropic (Claude API) — AI model provider. Per Anthropic's policy, client data sent via the API is not used to train AI models. Their privacy policy.
- n8n Cloud — workflow automation platform. EU-hosted. Their privacy policy.
- Supabase — database and backend infrastructure (if applicable to your project). Their privacy policy.
A full list of sub-processors is disclosed before each engagement. We do not sell, rent, or share your personal data with anyone else.
5. International data transfers
Some of our third-party providers (Vercel, Meta, Calendly, Anthropic) process data outside the UK. Where this happens, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO, or the provider being certified under the UK Extension to the EU-US Data Privacy Framework.
6. How long we keep your data
| Data type | Retention period |
|---|---|
| Quiz results and email | 24 months from submission |
| Newsletter subscribers | Until you unsubscribe, then deleted within 30 days |
| Booking and enquiry data | 24 months from last interaction |
| Analytics data (PostHog) | Managed by PostHog per their retention policy (EU-hosted) |
| Facebook Pixel data | Managed by Meta per their retention policy |
| Client project data (AI Sprint / retainer) | Deleted within 30 days of project completion (unless otherwise agreed) |
You can request earlier deletion at any time by emailing us.
7. Your rights
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:
- Access — request a copy of the data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — ask us to delete your data ("right to be forgotten").
- Restrict processing — ask us to limit how we use your data.
- Data portability — receive your data in a structured, machine-readable format.
- Object — opt out of marketing or processing based on legitimate interest at any time.
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
- Complaint — lodge a complaint with the Information Commissioner's Office (ICO).
To exercise any of these rights, email jarek@fortnightai.com. We will respond within 30 days.
8. Cookies
Cookies are small text files placed on your device when you visit our website. We use a cookie consent banner that lets you choose which cookies to accept.
Strictly necessary cookies
These are always active. They remember your cookie consent choice and are essential for the website to function. They do not track you or collect personal data.
Analytics cookies (optional)
PostHog — helps us understand which pages are visited, how people find our site, and how they interact with it (clicks, scrolls, form submissions). PostHog also provides session replays so we can see how visitors navigate the site. Data is hosted in the EU (Frankfurt).
Marketing cookies (optional)
Facebook Pixel (Meta) — tracks page views and interactions to measure the effectiveness of our Facebook ads and build retargeting audiences. This cookie is set by Meta and may link activity on our site to your Facebook profile.
You can change your cookie preferences at any time via the "Cookie Settings" link in the footer.
9. Newsletter and email marketing
If you sign up for our newsletter or AI tips via Brevo, we store your email address until you unsubscribe. Every email includes a one-click unsubscribe link. We do not share your email address with any third party for their own marketing purposes.
10. Children's privacy
Our services are aimed at business owners and professionals. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have collected data from a child, please contact us and we will delete it immediately.
11. How we protect your data
We take reasonable technical and organisational measures to protect your personal data, including:
- HTTPS encryption on all pages (TLS 1.2+).
- Data encrypted in transit (TLS 1.2+) and at rest (AES-256) across all infrastructure.
- Hosting on Vercel with enterprise-grade security and DDoS protection.
- Access to personal data limited to the data controller only.
- Regular review of third-party providers and their security practices.
- Professional Indemnity Insurance covering errors and omissions.
- Working files from client engagements are deleted within 30 days of project completion unless otherwise agreed in writing.
12. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top will reflect the most recent revision. If we make significant changes, we will notify subscribers by email. We encourage you to review this page periodically.
13. Contact us
If you have any questions about this Privacy Policy, contact:
Jaroslaw Macioszek
Fortnight AI (Sole Trader)
Southampton, United Kingdom
UTR: 3671460986
Email: jarek@fortnightai.com
You also have the right to contact the Information Commissioner's Office (ICO) if you have concerns about how we handle your data.