HumanSpark Privacy Policy

Last Updated: 31st March, 2025

Who We Are

Hello! At HumanSpark (run by me, Alastair McDermott), everyone’s privacy is a priority.

Our website address is: https://humanspark.ai.

This policy explains how we handle your personal data respectfully and in line with the EU GDPR.

The Short Version:

We Collect Only What’s Needed: We collect information like your name and email if you sign up for our newsletter, register for an event, schedule a meeting, or become a client. We also gather some technical info to keep the website running smoothly and securely.
Purposeful Use: We use your data only for the reason we collected it – like sending you emails you asked for, delivering services you paid for, or responding to your enquiries.
Privacy-Focused Tools: We carefully choose the tools we use. For example, for website analytics, we use Koko Analytics, a privacy-respecting option hosted on our own server that focuses on aggregated data, not tracking individuals.
Necessary Sharing: We sometimes need to share data with trusted partners to run our business (like our email provider ConvertKit, scheduler Calendly/Book Like A Boss, payment processor Stripe, or web host Vultr). We ensure they protect your data too, including when data is processed outside the EU using required legal safeguards.
Your Rights: You have rights over your data, including accessing, correcting, or deleting it. Just email me (Alastair) if you have any requests.
Security: We take sensible steps to protect your information.

We encourage you to read the full policy below for all the details, but hopefully, this gives you a clear overview. We aim to be transparent and treat your data with the care it deserves.

Full version:

We are WebsiteDoctor Consulting Services Ltd trading as HumanSpark™, established in 2007. We are a limited company registered in Ireland (No. 441380) and registered for VAT (IE9677367E). The owner and principal consultant is Alastair McDermott.

WebsiteDoctor® is a Registered Trademark of WebsiteDoctor Consulting Services Ltd. HumanSpark™, AI-Powered™, The Recognized Authority™, and AuthorityPress™ are Registered Business Names of WebsiteDoctor Consulting Services Ltd registered with the Companies Registration Office in Ireland. HumanSpark™, AI-Powered™, The AI-Powered Business™, The AI-Powered Thought Leader™ and AIPowered.biz™ are trademarks of WebsiteDoctor.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you interact with our website, services, or communications.

We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and relevant Irish data protection laws. As a company registered in Ireland, we adhere to EU data protection standards. We process personal data lawfully, fairly, and transparently, only when we have a valid legal basis to do so.

Data Controller & Protection Contact

For the purposes of GDPR, the Data Controller is:

WebsiteDoctor Consulting Services Ltd (trading as HumanSpark)
Glenhest Road, Newport, Mayo, Ireland.
For any privacy-related queries, to exercise your rights under GDPR, or if you have any concerns about your data, please contact our Data Protection Officer:

Alastair McDermott

Email: alastair {AT} humanspark.ai
Address: WebsiteDoctor Consulting Services LTD, Glenhest Road, Newport, Mayo, Ireland.

What Personal Data We Collect and Why

We collect different types of personal data for various purposes, always aiming to collect only what is necessary. Here’s what we typically collect and why:

Contact Form / General Enquiries: If you contact us via email or a potential future contact form, we collect your name and email address, and any other information you provide.
- Purpose: To respond to your enquiries and communicate with you.
- Legal Basis: Legitimate Interest (responding to your requests).
Newsletter / Email List Signup (via ConvertKit): We collect your email address and potentially your name. We also tag your signup source.
- Purpose: To send you newsletters, marketing updates, course information, or other content you subscribed to.
- Legal Basis: Consent (you actively subscribed).
Webinar/Workshop Registration (via Google Forms): We collect your name and email address.
- Purpose: To register you for the event, send event details and reminders, and potentially follow up afterwards.
- Legal Basis: Consent (for event communication and related marketing) or Legitimate Interest (to manage the event you signed up for).
Meeting Scheduling (via Book Like a Boss / Calendly): We collect your name, email address, and optionally your phone number (for SMS reminders if you provide it).
- Purpose: To schedule discovery calls or meetings and send confirmations/reminders.
- Legal Basis: Taking steps necessary prior to entering into a Contract, or Legitimate Interest (to facilitate scheduling). Consent is the basis for optional SMS reminders.
Client Engagement & Service Delivery (via GSuite/Google Workspace, FreeAgent): When you become a client, we collect contact details (name, email, address, phone), business information, payment details (processed via Stripe, stored in FreeAgent), and project-related notes (which may contain personal data).
- Purpose: To manage our client relationship, deliver consulting services, manage projects, issue invoices, and comply with legal/financial obligations.
- Legal Basis: Performance of a Contract, Legal Obligation (e.g., accounting records), Legitimate Interest (client relationship management).
Meeting Recordings (usually with Fathom.video on Zoom, or Otter.ai): With permission, we record video/audio of calls and meetings, which includes voices, sometimes images/faces, participant names, and possibly emails.
- Purpose: To keep an accurate record of client discussions, for internal review/training, or to share with the client for their reference.
- Legal Basis: Consent (we always request explicit permission before recording).
AI Tool Processing: We may process personal data contained within client notes or call transcripts (potentially including names, contact details, conversation content) using third-party AI tools (such as Anthropic Claude, OpenAI ChatGPT, Google Gemini, Microsoft CoPilot).
- Purpose: To assist with summarising information, analysing content, and improving the efficiency of our service delivery related to the project or discussion.
- Legal Basis: We process this data based on our Legitimate Interest in efficiently processing information for service delivery and improvement, having carefully considered the necessity and balanced this against your rights and expectations, including by selecting providers with strong privacy commitments. However, depending on the sensitivity and context of specific client engagements, we may seek your explicit Consent before using AI tools on your data, or outline this processing in our Contract if it’s an integral part of the agreed service.
- Provider Selection: Given that this is our topic of expertise, we very carefully select our AI service providers, prioritising those who commit not to train their models on customer data and offer strong privacy and security commitments.
Website Analytics (via Koko Analytics): We collect aggregated, anonymised data about website usage (e.g., page views, session counts).
- Purpose: To understand website traffic patterns and improve site performance and content.
- Legal Basis: Legitimate Interest (monitoring and improving our website).
- Provider Selection: Koko Analytics is configured specifically to respect privacy and avoid collecting identifiable personal data.
Website Security & Operation (via Vultr Hosting): Our web server automatically logs technical information, potentially including IP addresses, browser type, access times etc.
- Purpose: To ensure website security, monitor for threats, troubleshoot technical issues, and maintain service availability.
- Legal Basis: Legitimate Interest (maintaining secure and functional website operations), potentially Legal Obligation (security incident logging).

Legal Bases for Processing Recap

We rely on the following legal bases under GDPR to process your personal data:

Consent: Where you have given us clear and specific permission (e.g., subscribing to our email list, agreeing to a call recording). You can withdraw consent at any time.
Contract: Where processing is necessary to perform a contract we have with you (e.g., providing consulting services) or to take steps you requested before entering into one (e.g., scheduling a discovery call).
Legitimate Interests: Where processing is necessary for our legitimate business interests (e.g., responding to enquiries, improving our website via privacy-respecting analytics, maintaining security, client relationship management), provided these interests are not overridden by your rights and freedoms.
Legal Obligation: Where we need to process your data to comply with the law (e.g., maintaining financial records for tax purposes).

Cookies and Tracking Technologies

Our website, https://humanspark.ai, uses cookies and similar technologies to ensure the site functions correctly, enhance your user experience, analyze site performance, and support our marketing efforts.

A cookie is a small text file stored on your device (computer, tablet, mobile phone) when you visit a website.

Here’s an overview of the types of cookies and technologies we may use:

1. Strictly Necessary / Functional Cookies

These are essential for the website to operate correctly and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as logging in, filling in forms, or maintaining session information.

Login: If you log into an account area, we use cookies to remember who you are.
Scheduling Tools: If you use embedded scheduling tools like Book Like a Boss or Calendly on our site, they may set cookies necessary for their function.
Payment Processing: If you make payments via our website using Stripe, Stripe will set cookies required for secure transaction processing.

You can set your browser to block or alert you about these cookies, but some parts of the site may not work then. These cookies do not store directly identifiable personal information.

2. Analytics Cookies

We use analytics tools to understand how visitors interact with our website, helping us improve our content and services.

Koko Analytics: We use Koko Analytics, a privacy-focused analytics tool hosted on our own server. It is configured to avoid collecting visitor-specific personal data like full IP addresses and focuses on aggregated counts (e.g., page views, visitor sessions). It may set minimal first-party cookies solely to help distinguish between browsing sessions for these aggregated statistical purposes. We use this data based on our legitimate interest in monitoring and improving our website performance while respecting user privacy.

3. Marketing and Tracking Cookies

These technologies help us understand the effectiveness of our marketing campaigns and communications.

ConvertKit: When you sign up for our email list via forms on our site, ConvertKit may set cookies to help track the source of the signup or manage your session if interacting with ConvertKit landing pages or forms. This helps us gauge interest and improve our email content and signup processes. These tracking technologies are used based on your consent.

4. Third-Party Cookies (e.g., from Embedded Content)

Articles or pages on this site may include embedded content (e.g., videos from YouTube, podcast players, social media feeds). This embedded content from other websites behaves in the exact same way as if you visited the other website directly.

These websites may collect data about you, use their own cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, especially if you have an account and are logged into that website. We do not control the cookies set by these third-party services.

Managing Your Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner where you can choose to accept or reject non-essential cookies (Analytics, Marketing, Third-Party). You can typically change your preferences at any time by revisiting the cookie settings link or icon available on our website [Assumption: You will add such a link/tool].

Additionally, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Questions?

If you have any questions about our use of cookies, please contact our Data Protection Officer, Alastair McDermott, using the contact details provided in this policy.

We do not sell your personal data. We only share it with trusted third-party service providers when necessary to operate our business, provide services to you, or comply with the law.

These include:

Website Hosting: Vultr (provides the infrastructure for our website).
Email & Productivity Suite: Google Workspace (used for email, document storage, CRM, and Google Forms).
Email Marketing: ConvertKit (manages our email list and communications).
Meeting Scheduling: Book Like a Boss, Calendly (facilitate booking meetings).
Call Recording: Fathom.video (records Zoom calls, with your consent).
Payment Processing: Stripe (handles online payments securely).
Accounting: FreeAgent (manages invoicing and financial records).
Security/Spam Prevention: Your data may be checked through automated systems for security and spam prevention purposes.

We have agreements with these providers where required, obligating them to protect your data and use it only for the purposes we specify.

International Data Transfers

Some of the third-party services we use are based outside the European Economic Area (EEA), primarily in the United States (US) and the United Kingdom (UK).

When your personal data is transferred outside the EEA, we ensure appropriate safeguards are in place as required by GDPR:

United States: For services based in the US (Vultr, Google Workspace, ConvertKit, Calendly, Book Like a Boss, Fathom.video, Stripe), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, along with supplementary measures where necessary, to ensure your data is protected.
United Kingdom: For services based in the UK (FreeAgent), we rely on the UK’s Adequacy Decision granted by the European Commission, which means the UK is considered to provide an adequate level of data protection comparable to the EEA.

How Long We Retain Your Data

We keep your personal data only for as long as necessary to fulfill the purposes we collected it for, or as required by law. Our general retention approach is:

Client Project Data (GSuite, FreeAgent): Kept for up to 5 years after the project completion, or longer if required for legal or accounting compliance in Ireland.
Webinar/Workshop Signups (Google Forms): Kept for up to 5 years unless you request deletion earlier.
Scheduling Data (BLAB/Calendly): Kept for up to 5 years unless you request deletion earlier.
Call Recordings (Fathom): Kept for up to 5 years unless you request deletion earlier or as agreed with the client.
Email List Subscribers (ConvertKit): Kept until you unsubscribe. We also perform an annual cleanup of inactive subscribers.
Website Server Logs (Vultr): Typically retained for around 30 days for security and troubleshooting purposes.
Enquiries: Kept for as long as necessary to handle the enquiry and for potential follow-up, generally up to 5 years.

We securely delete or anonymize personal data when it’s no longer needed.

Your Data Protection Rights

Under GDPR, you have several rights regarding your personal data. Subject to certain legal conditions, you have the right to:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure (‘Right to be Forgotten’): Request deletion of your personal data when it’s no longer necessary, you withdraw consent, or other specific grounds apply.
Restriction of Processing: Request that we limit how we process your data under certain circumstances.
Data Portability: Request your data in a structured, machine-readable format to transfer to another service (applies mainly to data processed based on consent or contract).
Object: Object to our processing of your data based on legitimate interests or for direct marketing purposes.
Withdraw Consent: Withdraw your consent at any time for any processing that relies on your consent (like newsletters). This won’t affect the lawfulness of processing before withdrawal.
Lodge a Complaint: If you believe your rights have been infringed, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC) – www.dataprotection.ie.

How to Exercise Your Rights:
To exercise any of these rights, please contact our Data Protection Officer, Alastair McDermott, via email at alastiar {AT} humanspark.ai. We will respond to your request in accordance with GDPR requirements, usually within one month. We may need to verify your identity before processing your request.

Data Security Measures

We take the security of your personal data seriously and have implemented appropriate technical and organizational measures to protect it against unauthorized access, loss, misuse, alteration, or destruction. These measures include:

Encryption of personal data where appropriate (e.g., HTTPS for website connections).
Regular security assessments of our systems.
Access controls and authentication procedures.
Regular training on data protection and security for relevant personnel.
Secure, encrypted connections (HTTPS) for all our web services.
Data minimization practices – collecting and retaining only necessary personal information.
Working with reputable third-party providers who commit to high security standards.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately.

Automated Decision-Making and Profiling

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will post any changes on this page and update the “Last Updated” date at the top. We encourage you to review this policy periodically to stay informed about how we protect your data.

Contact Us