Privacy Policy
Who we are
Code Powder Ltd. is a company registered in England and Wales (Company No. 08018930). Our registered office is at 7 Bell Yard, London, WC2A 2JR.
We are the data controller for personal information collected through this website and in connection with the Hermes AI Setup Service. This policy explains what we collect, why, and what we do with it.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
If you have any questions about this policy or how we handle your data, contact us at hello@codepowder.com.
What we collect
We collect only what we need to process your booking and deliver the Hermes AI Setup Service. We do not collect data speculatively or for marketing purposes.
| Data | When collected | Why |
|---|---|---|
| Full name | At booking | To address you correctly and personalise your confirmation email and handover document |
| Email address | At booking | To send your booking confirmation, onboarding instructions, and communicate about your setup |
| What you do | At booking | A brief description of your work, used to inform how we configure your assistant |
| Chosen start slot | At booking | To schedule and manage your setup in our queue |
| Payment information | At checkout | Processed directly by Stripe. We do not see or store your card details. |
| Stripe session ID | On payment | For reconciliation and to confirm your payment against your booking record |
We do not collect data about your browsing behaviour, device, or location. We do not use analytics tools. We do not set tracking cookies.
How we use it
We use your personal data for the following purposes only:
- —To process your booking and confirm payment
- —To send you a booking confirmation and onboarding instructions by email
- —To communicate with you about your setup via email and, after handover, via Telegram
- —To deliver the Hermes AI Setup Service you have paid for
- —To maintain a record of your transaction for legal and accounting purposes during the retention period
We do not use your data for marketing. We do not send newsletters or promotional emails. We do not share your data with third parties for advertising purposes.
Our legal basis for processing your personal data is performance of a contract — you have purchased a service from us and we need this data to deliver it. For retention of transaction records, our legal basis is compliance with a legal obligation.
Third-party processors
We use a small number of carefully chosen third-party services to operate the booking flow. Each acts as a data processor on our behalf and is subject to appropriate data processing agreements.
| Processor | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Name, email, payment details. Stripe processes payment independently and is subject to its own privacy policy. We receive only a session ID and payment confirmation. |
| Airtable | Booking records | Name, email, what you do, chosen slot, Stripe session ID, and a unique token for your onboarding link. Records are deleted within 30 days of setup completion. |
| Resend | Transactional email | Name and email address, used solely to send your booking confirmation and onboarding instructions. No marketing emails are sent via Resend. |
We do not use Google Analytics, Facebook Pixel, or any other advertising or behavioural tracking tools. No other third-party services receive your personal data.
Credentials
To complete your setup, you will share access credentials with us — specifically your hosting provider details, LLM API key, and Telegram bot token. These are not personal data in the conventional sense, but we treat them with the same care.
We use your credentials solely to complete your setup.We do not store them beyond the period required to do so. We do not share them with any third party. Once your setup is complete and handed over, you should rotate any credentials you shared with us.
Credentials are shared with us via a secure one-time link generated using Bitwarden Send — an end-to-end encrypted, self-destructing link that expires immediately after one view. You do not need a Bitwarden account to use it. The link is sent to you personally via Telegram or email once you have completed the three onboarding steps.
Credentials handled this way are never written to Airtable or any other persistent system. Once we have used them to complete your setup, they are gone.
Data retention
We retain your booking record (name, email, slot, Stripe session ID) in Airtable for a maximum of 30 days following the completion of your setup.
After 30 days your record is permanently deleted from Airtable. Stripe retains its own records of the transaction independently, in accordance with its own privacy policy and applicable financial regulations.
Transactional emails sent via Resend are subject to Resend's own data retention policy. We do not store copies of emails sent.
We do not keep your data "just in case". When the purpose is served, the data is deleted.
Your rights
Under UK GDPR you have the following rights in relation to your personal data:
- —Right of access — you can request a copy of the personal data we hold about you.
- —Right to rectification — you can ask us to correct inaccurate data.
- —Right to erasure — you can ask us to delete your data. Given our 30-day retention policy, most data will already be deleted by the time a request is made. We will action any remaining data promptly.
- —Right to restriction — you can ask us to restrict processing of your data in certain circumstances.
- —Right to data portability — you can ask us to provide your data in a portable format.
- —Right to object — you can object to processing based on legitimate interests.
To exercise any of these rights, contact us at hello@codepowder.com. We will respond within one calendar month.
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Cookies and tracking
We do not use cookies. We do not use analytics tools. We do not track your behaviour on this website.
The only data processed when you visit this site is standard server log data (IP address, browser type, page visited, timestamp) retained briefly by our hosting provider (Netlify) for operational purposes. This is not linked to your identity and is not accessible to us in any personally identifiable form.
Children
The Hermes AI Setup Service is intended for adults operating in a professional or business context. We do not knowingly collect personal data from anyone under the age of 18.
If you believe a minor has submitted personal data through this site, please contact us at hello@codepowder.com and we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time. The date at the top of this page reflects when it was last revised. We will not retroactively change how we handle data already collected without notifying you.
We recommend checking this page periodically if you are a returning customer or have an ongoing relationship with us.
Contact
For any questions, data requests, or concerns regarding this Privacy Policy:
- —Email: hello@codepowder.com
- —Post: Code Powder Ltd., 7 Bell Yard, London, WC2A 2JR
- —ICO: ico.org.uk — for complaints about data handling