Privacy Policy

Last updated: 21 May 2026

Data Controller

The data controller responsible for your personal data is Onito Ltd. If you have any questions about this privacy policy or how we handle your data, please contact us at chris@onito.co.uk.

Company Details

Onito Ltd is registered in England and Wales. Company Registration Number: 17208835. Registered address: 15 Morello Way, Hitchin, SG5 3FT, United Kingdom.

Data We Collect

We collect different categories of data depending on how you interact with Onito:

• Business owners — name, email address, phone number, business details, payment information processed via Stripe, and knowledge base content you provide to power your AI assistant.
• End users — phone number from WhatsApp, message content, and conversation history when they communicate with a business through Onito.
• Website visitors — standard analytics data such as page views and general usage information.

How We Use Your Data

We use personal data to:

• Provide and operate the Onito platform and AI assistant services
• Process payments and manage subscriptions
• Respond to enquiries and provide customer support
• Improve and develop our services
• Comply with legal and regulatory obligations

Legal Basis for Processing

We process personal data on the following legal bases under UK GDPR:

• Contract — processing necessary to provide our services to business owners who have signed up for an account.
• Legitimate interests — processing end user messages to deliver AI-powered customer responses on behalf of the business.
• Legal obligation — processing required to comply with applicable laws, including financial record-keeping requirements.

Third-Party Services

We use trusted third-party providers to deliver our services. These include:

• Anthropic Claude — generates AI responses from your knowledge base content. Your data is not used to train Anthropic's models.
• Twilio — messaging infrastructure.
• Meta WhatsApp Business Platform — WhatsApp message delivery.
• Google Cloud Platform — hosting and data storage in the europe-west2 region (United Kingdom).
• Stripe — payment processing.
• Cloudflare — website hosting and DNS.

Data Storage and Security

Your data is stored on servers located in the United Kingdom, primarily via Google Cloud Platform in the europe-west2 region. We apply encryption in transit and at rest to protect your information.

Data Retention

• Business owner data — retained for up to 12 months after account closure, unless a longer period is required by law.
• Conversation data — retained for up to 12 months.
• Payment data — retained for up to 7 years in accordance with UK financial regulations.

Your Rights

Under UK data protection law, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data
• Restrict processing of your data
• Data portability
• Object to processing

To exercise any of these rights, contact us at chris@onito.co.uk. We will respond within one month.

Cookies

Our website uses essential cookies only. We do not use advertising or tracking cookies.

Children

Onito is not directed at anyone under the age of 18. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this privacy policy from time to time. We will notify business owners of any material changes by email.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Contact Us

Onito Ltd
15 Morello Way, Hitchin, SG5 3FT, United Kingdom
chris@onito.co.uk