Back to Home

    Privacy Policy for Deep Purple AI Consulting

    Last updated: 30th March 2026

    At Deep Purple AI Consulting, we take your privacy seriously. This policy explains how we collect, use, and protect your personal data when you interact with us, whether through our website, our online tools, booking a call, or working with us as a client.

    We are a registered business in Ireland and follow all relevant privacy laws, including the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.

    1. Who We Are

    Purpledecks Ltd (trading as Deep Purple AI Consulting) is the data controller for the personal data described in this policy.

    Company number: 513907

    Business address:

    23 Redleaf House
    Townspark Industrial Estate
    Athlone Road, Longford
    N39 KV60, Ireland

    Email: hello@deeppurple.ai

    Data protection contact: Brian Egan, hello@deeppurple.ai

    We are not required to appoint a Data Protection Officer under GDPR due to the nature and scale of our data processing activities.

    2. What Data We Collect

    We may collect the following types of personal information:

    Information you provide directly

    • Name and contact details (email address, phone number)
    • Company name and job title
    • Information shared during consultations, calls, or meetings
    • Messages sent via our website contact form, email, or LinkedIn
    • Booking details when you schedule a call through Calendly
    • Billing information for invoicing purposes
    • Responses to our online tools (such as the machine vision feasibility assessment, services finder, and grant eligibility checker), including your industry, company size, grant awareness, and assessment scores
    • Your email address, if you choose to receive a report from one of our tools
    • Your marketing preferences, if you opt in to receive updates from us

    Information from publicly available sources

    We may collect publicly available business information from LinkedIn profiles or company websites for B2B outreach purposes. Where we do this, we rely on our legitimate interest in promoting our services to businesses that may benefit from them. You have the right to object to this processing at any time by contacting us.

    Information collected automatically

    • Website usage data through cookies and analytics tools, only where you have given consent via our cookie banner (see our Cookie Policy)
    • IP address and browser information
    • Pages visited and time spent on our website
    • Pseudonymised visitor identifiers for analytics

    3. Our Online Tools

    Our website includes interactive tools such as the machine vision feasibility assessment, services finder, and grant eligibility checker. We may add further tools in the future that work in a similar way.

    When you use one of these tools, your answers and results are processed in your browser. No login or account is required. If you close the page, your answers are not saved.

    After seeing your results, you may be offered the option to receive a report by email. This is entirely optional. If you choose to provide your email address:

    • Your email address, along with your assessment data (such as industry, scores, company size, and grant awareness), is sent to a serverless function hosted on our Netlify infrastructure.
    • That function sends your data to Loops (operated by Astrodon Inc.), our email platform, which sends you a transactional email containing your personalised report.
    • A contact record is created in Loops with your email address and assessment data. You are marked as unsubscribed from marketing by default.
    • If you separately tick the opt-in checkbox to receive occasional updates, you will be marked as subscribed in Loops and may receive marketing emails from us. You can unsubscribe at any time using the link in any email or by contacting us.

    We may use aggregated and anonymised data from our online tools for research, content, and marketing purposes. For example, we might report that a certain percentage of respondents in a given industry scored below a particular threshold. This anonymisation is irreversible. No individual can be identified from this data, and GDPR does not apply to it.

    4. How We Use Your Data

    We use your personal data for the following purposes:

    • To respond to enquiries when you contact us through our website, email, or LinkedIn
    • To provide our services, including managing client engagements, scheduling meetings, and delivering AI consulting services
    • To send you a report or results from one of our online tools, where you have requested this
    • To send you marketing emails about grants, AI, and our services, where you have opted in
    • To send invoices and manage payments for our services
    • To improve our website by understanding how visitors use it (only with your consent)
    • To measure the performance of our email communications (such as whether emails are opened or links are clicked)
    • To record client video meetings for reference purposes, where participants are notified
    • To comply with legal obligations such as tax and accounting requirements

    5. Legal Basis for Processing

    Under GDPR, we process your data based on the following legal grounds:

    Processing activityLegal basis
    Sending you a report you requested from one of our online toolsNecessary to take steps at your request (Article 6(1)(b)). You asked us to send you the report.
    Providing consulting services under an Engagement AgreementContractual necessity (Article 6(1)(b))
    Sending marketing emailsConsent (Article 6(1)(a)). You ticked the opt-in checkbox. You can withdraw consent at any time.
    Setting analytics cookiesConsent (Article 6(1)(a)), via our cookie banner
    Responding to enquiriesLegitimate interest (Article 6(1)(f)). Our interest: responding to businesses that contact us.
    B2B outreach using publicly available informationLegitimate interest (Article 6(1)(f)). Our interest: promoting our services to businesses that may benefit from them. You can object at any time.
    Measuring email performance (open and click tracking)Legitimate interest (Article 6(1)(f)). Our interest: understanding whether our communications are useful and improving them.
    Recording client video meetingsLegitimate interest (Article 6(1)(f)). Our interest: maintaining an accurate record of discussions for project delivery. Participants are notified before recording begins via Zoom's built-in recording notification.
    Invoicing and financial record-keepingLegal obligation (Article 6(1)(c)). Irish tax and accounting requirements.
    Managing client and prospect recordsLegitimate interest (Article 6(1)(f)). Our interest: administering and improving our service delivery.

    Where we rely on legitimate interest, we have considered whether your rights override our interests and have concluded that they do not, given the limited nature of the data, the business context, and the availability of your right to object.

    6. Information Required to Work With Us

    To engage our consulting services, we require certain information as a contractual necessity:

    • Contact name and email address (to communicate with you)
    • Company name and address (for contracts and invoicing)
    • Billing contact details (for payment processing)

    If you do not provide this information, we may not be able to enter into a contract or provide our services to you.

    7. How We Store Your Data

    Your personal data is stored securely using the following services:

    ServicePurposeLocation
    Netlify (Netlify Inc.)Website hosting, serverless functions that process assessment dataUS
    Loops (Astrodon Inc.)Transactional and marketing email, contact recordsUS
    Google Workspace (Google LLC)Business email, cloud storage (Google Drive), video callsUS
    Google Analytics 4 (Google LLC)Website analytics (with consent only)US
    Google Tag Manager (Google LLC)Tag management for analytics and trackingUS
    Calendly (Calendly LLC)Meeting schedulingUS
    Cloudflare (Cloudflare Inc.)CDN, security, and bot protection (via Netlify and Calendly)US
    Zoom (Zoom Video Communications Inc.)Client video meetings, which may be recorded with noticeUS
    Harvest (Iridesco LLC)Time tracking and invoicingUS
    Xero (Xero Ltd)Accounting and financial recordsNZ/US

    We plan to introduce the following services. When implemented, they will process personal data as described:

    • Attio (Attio Ltd): CRM for managing client and prospect relationships. Contact data from Loops and other sources may be synced to Attio. Located in the UK.
    • LinkedIn Insight Tag: If implemented, this advertising cookie would only be activated with your explicit consent via our cookie banner. It would allow us to measure the effectiveness of LinkedIn advertising.

    We have data processing agreements in place with the processors listed above. We may update our systems and tools from time to time. Where a change affects how we process personal data, we will update this policy.

    Internal tools that do not process customer personal data

    We use the following tools internally. They do not currently hold customer personal data, but we list them here for transparency:

    • Linear: Task and project tracking.
    • Slack: Internal team communications.

    If we begin storing customer personal data in these tools, we will update this policy.

    8. Who We Share Your Data With

    We do not sell your personal data. We may share it with:

    • Subcontractors and associates who help us deliver services to you. All subcontractors are engaged under written agreements that include confidentiality and data protection obligations equivalent to those required by GDPR, including 24-hour breach notification, security requirements, and restrictions on the use of client data in AI tools. Subcontractors act as sub-processors and process personal data only on our documented instructions.
    • Service providers listed in Section 7 above.
    • Professional advisors such as accountants, where required.
    • Legal authorities if required by law.

    9. International Data Transfers

    Several of our service providers are based in the United States. Where personal data is transferred outside the European Economic Area (EEA), we rely on the following safeguards:

    Transfer mechanismProcessors
    EU-US Data Privacy Framework (DPF)Loops (Astrodon Inc.), Google, Calendly, Cloudflare
    Standard Contractual Clauses (SCCs)Used as a fallback alongside DPF where available, and as the primary mechanism for any processor not certified under the DPF
    UK adequacy decisionAttio (when implemented)

    Where a processor is certified under the DPF, we also seek to have Standard Contractual Clauses in place as a fallback mechanism.

    For non-EU based contractors, our contractor agreements incorporate Standard Contractual Clauses.

    10. How Long We Keep Your Data

    We retain personal data only for as long as necessary:

    Data typeRetention period
    Enquiries that do not become clientsUp to 2 years, then deleted
    Online tool contacts (email provided, did not become a client)Up to 2 years, then deleted from Loops. This reflects the length of typical B2B sales cycles in AI consulting.
    Marketing subscribers who are not clientsUntil they unsubscribe, then deleted within 30 days
    Client records (including financial records)7 years after the end of our business relationship (Irish tax requirements)
    Website analytics data14 months (GA4 default)
    Zoom meeting recordingsDeleted within 12 months of the recording, unless the client requests earlier deletion

    11. Your Rights

    Under GDPR, you have the following rights:

    • Right of access: Request a copy of the personal data we hold about you.
    • Right to rectification: Ask us to correct inaccurate or incomplete data.
    • Right to erasure: Ask us to delete your data where you withdraw consent, where the data is no longer necessary for the purpose it was collected, or where you successfully exercise your right to object.
    • Right to restrict processing: Ask us to limit how we use your data.
    • Right to data portability: Request your data in a machine-readable format.
    • Right to object: Object to our processing of your data where we rely on legitimate interest, including direct marketing. We will stop processing unless we can demonstrate compelling legitimate grounds.
    • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

    To exercise any of these rights, contact us at hello@deeppurple.ai. We will verify your identity and respond within 30 days.

    12. Automated Decision-Making

    We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

    The scores generated by our online tools are indicative only and do not result in any automated decision about you. No legal or similarly significant effects are produced solely by automated processing without human involvement.

    13. Cookies and Analytics

    Our website uses cookies and analytics tools to understand how visitors use the site. We only use non-essential cookies, including analytics cookies (Google Analytics), where you have given your consent via our cookie banner.

    For full details on the cookies we use and how to manage your preferences, see our Cookie Policy.

    14. Email Communications

    We use Loops (operated by Astrodon Inc.) as our email platform for both transactional and marketing emails.

    • Transactional emails (such as assessment reports) are sent when you request them. The legal basis is that processing is necessary to provide the service you asked for (Article 6(1)(b)).
    • Marketing emails (such as grant updates or newsletters) are only sent where you have given explicit consent by ticking an opt-in checkbox. The legal basis is consent (Article 6(1)(a)). Your consent is recorded with a timestamp and the specific consent text.

    Loops tracks whether emails are opened and whether links are clicked, for both transactional and marketing emails. This data is stored against your contact record in Loops and is used to measure email performance and improve our communications. The legal basis for this tracking is legitimate interest. Loops does not set cookies on our website.

    You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email or by contacting us at hello@deeppurple.ai.

    15. Children's Data

    Our website and services are not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have collected data from a child, please contact us at hello@deeppurple.ai and we will delete it promptly.

    16. Third-Party Links

    Our website may contain links to external sites (such as LinkedIn, Calendly, or other resources). We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

    17. Data Security

    We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or damage. This includes:

    • Secure email systems and encrypted storage
    • Strong passwords and two-factor authentication
    • Limiting access to personal data to those who need it
    • Written data protection agreements with all subcontractors, including specific security requirements (two-factor authentication, encrypted storage, no local downloads of client data)

    No method of transmission over the internet is 100% secure. While we work to protect your data, we cannot guarantee absolute security.

    18. Changes to This Policy

    We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we may notify you directly.

    19. How to Complain

    If you are unhappy with how we have handled your data, please contact us first at hello@deeppurple.ai and we will do our best to resolve the issue.

    You also have the right to lodge a complaint with your relevant supervisory authority:

    Ireland:

    Data Protection Commission
    21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
    Website: www.dataprotection.ie

    United Kingdom:

    Information Commissioner's Office (ICO)
    Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
    Website: www.ico.org.uk

    20. Contact Us

    If you have any questions about this Privacy Policy or how we handle your data, contact us at:

    Email: hello@deeppurple.ai

    Deep Purple AI Consulting
    23 Redleaf House
    Townspark Industrial Estate
    Athlone Road, Longford
    N39 KV60, Ireland
    Exit to Home

    We use cookies to ensure our website works properly and to help us improve it. You can accept all cookies or customise your preferences. See our Cookie Policy for details.