Last updated: 23 June 2026

Your data, handled honestly

We help businesses see themselves more clearly. That principle applies to how we treat your information too: so here, in plain English, is what we collect, why, and what you can do about it.

1. Who we are

This privacy policy explains how Twenty10 collects and uses your personal data when you visit twenty10.io, use one of our online tools (such as the Clarity Score or Clarity Survey), get in touch with us, or work with us as a client.

For the purposes of UK data protection law: the UK GDPR and the Data Protection Act 2018: the data controller is:

Twenty10 [LEGAL ENTITY NAME: e.g. Twenty10 Ltd], registered in England and Wales, company number [COMPANY NUMBER]. Registered office: [REGISTERED ADDRESS]. Email: info@twenty10.io.

We are registered with the Information Commissioner's Office (ICO), registration number [ICO REGISTRATION NUMBER].

If you have any questions about this policy or how we handle your data, the quickest route is info@twenty10.io.

2. What information we collect

We only collect what we need to be useful to you and to run our business properly. Depending on how you interact with us, that can include:

Information you give us directly:

  • When you use our online tools (for example the Clarity Score diagnostic or the Clarity Survey): your name, work email address, job role or seniority, your company, and the answers you provide as part of the assessment.
  • When you contact us or book a discovery call: your name, work email, company, phone number where you provide it, and the content of your message.
  • When you correspond with us by email or other channels: whatever you choose to share in those messages.
  • When you become a client: the business, commercial and marketing information needed to deliver the engagement, plus contact and billing details for the people we work with.

Information about meetings:

For calls and meetings, we sometimes take notes or capture a transcript to help us follow up accurately. Where a meeting is recorded or transcribed, we'll make that clear at the time and you can ask us not to.

Information we collect automatically:

Technical and usage data when you visit our site: IP address, browser and device type, the pages you view and how you arrived. This is largely handled through cookies and similar technologies (see the Cookies section).

We don't intentionally collect special category data (such as health, ethnicity or political opinions), and we'd ask you not to include it when you fill in our forms or contact us.

3. Why we use your data, and our lawful basis

Under UK GDPR we need a lawful basis for everything we do with your data.

What we doData involvedLawful basis
Run our diagnostic tools and return your results (Clarity Score, Clarity Survey and similar)Name, email, role, company, your answersLegitimate interests
Respond to your enquiry and arrange a discovery callContact details, your messagePre-contract steps
Deliver an engagement we've agreed with youContact, commercial and project dataContract
Send relevant updates and marketing to business contactsName, work email, companyLegitimate interests / Consent
Take meeting notes or transcripts to follow up wellMeeting content, attendee namesLegitimate interests / Consent
Keep our site secure, working and improvingTechnical and usage dataLegitimate interests
Meet our legal, accounting and tax obligationsRecords of transactions and contractsLegal obligation

Where we rely on legitimate interests, that interest is running and growing a measurement consultancy and giving prospective clients a genuinely useful diagnostic. We've considered your interests and rights, and you can object at any time (see Your rights). Where we rely on consent, you can withdraw it whenever you like.

4. The tools and providers we rely on

We're a small team, so we use trusted third-party software to run the business. These providers process personal data on our behalf, under contracts that require them to protect it and only use it on our instructions. The main ones are:

  • Google Workspace (Gmail, Drive, Docs, Sheets, Calendar): email, file storage and scheduling.
  • Lovable and Supabase: the platform and database behind our web applications and tools.
  • Netlify / GitHub Pages: website hosting.
  • Anthropic (Claude): the AI that helps generate the written output in some of our tools (see How we use AI).
  • Granola: meeting notes and transcription.
  • Notion: internal project management.
  • Stripe: payments and invoicing, where applicable.
  • Cloudflare: security and content delivery, where applicable.

We never sell your personal data. We only share it with these providers, with professional advisers (such as our accountant and lawyers) where needed, and with authorities where the law requires it.

5. How we use AI

Some of our tools use artificial intelligence to turn your answers into a written assessment or report: for example, the Clarity Score generates tailored feedback based on what you tell it.

When that happens, the information you enter is sent to our AI provider (Anthropic) purely to generate your output, and is processed on our instructions. It is not used to train their models. We don't use AI to make decisions that have a legal or similarly significant effect on you without human involvement: the output is there to inform a conversation, not to decide anything about you automatically.

6. Marketing and email

If you've shown interest in what we do: by using a tool, enquiring, or working with us: we may send occasional, relevant updates to your work email. Every marketing email includes a one-click way to unsubscribe, and we'll act on it promptly. You can also tell us at any time to stop, by emailing info@twenty10.io. Opting out of marketing won't stop essential messages about a service you're actively using.

7. Cookies

Cookies are small files stored on your device. We use a small number of them:

  • Essential cookies that make the site and tools work. These don't need your consent.
  • Analytics cookies that help us understand, in aggregate, how the site is used so we can improve it. We only set these with your consent.

You can manage or block cookies through your browser settings, and through any cookie banner shown on the site. Blocking essential cookies may stop parts of the site working.

[TODO: If you add a cookie banner or analytics (e.g. Google Analytics, Plausible, Fathom), name the specific cookies and providers here. If the site sets no non-essential cookies at all, say that plainly instead.]

8. International data transfers

Some of our providers are based outside the UK, including in the United States. Where your data is transferred outside the UK, we make sure it's protected to UK standards: using mechanisms such as the UK's International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the UK extension to the EU–US Data Privacy Framework, as appropriate.

9. How long we keep your data

We keep personal data only as long as we genuinely need it:

  • Enquiries and tool responses from people who don't become clients: kept while there's an active conversation and for up to [24 months] after our last contact, then deleted.
  • Client records: kept for the life of the relationship and afterwards as needed for legal, accounting and tax purposes: generally at least six years.
  • Marketing contacts: kept until you unsubscribe or ask us to remove you.

When we no longer need data, we delete it securely or anonymise it.

10. Keeping your data secure

We take sensible, proportionate steps to protect your data: including access controls, reputable providers with strong security practices, and limiting who in the team can see what. No system is ever completely secure, but if a breach affects your rights we'll act quickly and tell you and the ICO where the law requires it.

11. Your rights

Under UK data protection law you have the right to: be informed about how we use your data; access the personal data we hold about you; rectify data that's wrong or incomplete; erase your data in certain circumstances; restrict how we use your data in certain circumstances; object to processing based on legitimate interests, and to direct marketing at any time; data portability; and withdraw consent at any time where we relied on it.

To exercise any of these, email info@twenty10.io. We'll respond within one month and it's free in nearly all cases.

If you're unhappy with how we've handled your data, we'd like the chance to put it right: but you also have the right to complain to the ICO at ico.org.uk or on 0303 123 1113.

12. Children

Our services are aimed at businesses and the people who run them. They aren't directed at children, and we don't knowingly collect data from anyone under 18.

13. Changes to this policy

We may update this policy from time to time as our business and tools evolve. When we do, we'll change the "last updated" date at the top, and for significant changes we'll take reasonable steps to let you know.

14. How to contact us

For anything to do with your data or this policy: Twenty10, email info@twenty10.io, post [REGISTERED ADDRESS].