Last Updated: 28/04/2026
Introduction
This Privacy Policy explains how New Gradient ("we", "us", or "our") collects, uses, and protects information when you visit our website at newgradient.com (the "Website"). We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).
Data Controller Information
New Gradient is the data controller for the personal data we process. You can contact us at:Email: services@newgradient.co.uk
Website: newgradient.com
Information We Collect
Information You Provide Directly
We collect information you voluntarily provide through:
Contact forms and enquiries
AI assessment form submissions (including your name, work email, position, company name, and company website)
Email communications with us
Technical Information
When you submit a form, limited technical information (such as your IP address at the time of submission) may be processed to protect against spam and abuse via Cloudflare Turnstile.
Visit Analytics (Cookie-Based, With Consent)
If you accept cookies via our consent banner, when you browse the Website we process your IP address transiently — only during the handling of your request — to identify the organisation associated with that IP via our enrichment partner ipapi.is. We do not store your IP address. If your IP cannot be linked to a business organisation (for example, residential connections, VPNs, or anonymising networks), the request is discarded and nothing is recorded.
Where an organisation can be identified, we record: the page visited, the referring URL, your browser's user agent, a first-party cookie identifier (a random UUID we set on your browser), the timestamp of the visit, and the identified organisation. We do not record your name, email, or any other directly identifying information through this process. The cookie identifier allows us to link multiple visits from the same browser without identifying you personally.
How We Use Your Information
We process your information under the following legal bases:
Consent / Legitimate Interests
Where you submit an enquiry or request our AI assessment, we use the information you provide to:
Deliver the service you requested: For example, preparing and sending your AI assessment report
Respond to your enquiry: Answering questions and providing follow-up information
Business Development: Contacting you about our services where we reasonably believe they are relevant to your enquiry. You can opt out at any time.
Contractual Necessity
We may process your information when necessary to fulfil our contractual obligations or in preparation for entering into a contract with you.
Data Retention
We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specifically:
Direct Communications: Information from contact forms, AI assessment submissions, or emails is retained for 3 years or until you request deletion
Marketing Data: If you've expressed interest in our services, we retain your information for up to 3 years from last interaction.
Visit Analytics Data: Page-view records linked to identified organisations are retained for up to 3 years from the date of the visit, after which they are deleted or aggregated. IP addresses are never retained. We regularly review our data retention practices and delete information that is no longer necessary for our business purposes.
Cookies
What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They help the website remember your actions and preferences.
How We Use Cookies
We use the following cookies on this website:
Essential Cookies: Required for the website to function properly (for example, to maintain an authenticated session in the site admin area, and to record your cookie consent choice).
Analytics / Visit Identification Cookies: Set only after you accept the cookie banner. These consist of: (a) a consent record cookie storing your choice, and (b) a first-party visitor cookie containing a random identifier (UUID) that lets us link page views from the same browser to an identified organisation as described in the Visit Analytics section above. Both cookies are set for up to 12 months. We do not use third-party advertising or cross-site tracking cookies.
Lawful basis: Consent (UK GDPR Article 6(1)(a) / PECR Regulation 6) for analytics cookies. Strictly necessary cookies do not require consent.
Withdrawing consent: You can withdraw consent at any time by clearing cookies for this site in your browser; on your next visit you will be prompted again. To request erasure of the visit data already associated with your visitor cookie, email services@newgradient.co.uk with the visitor cookie value (visible in your browser's developer tools as "ng_visitor").
Managing Cookies
You can control and delete cookies through your browser settings. You can delete all cookies that are already on your computer and set most browsers to prevent them from being placed. However, if you do this, some services and functionalities of the site may not work as expected.
Your Rights
Under UK GDPR you have the following rights regarding your personal data:
Right to AccessYou can request a copy of the personal data we hold about you.
Right to RectificationYou can request that we correct any inaccurate or incomplete personal data.
Right to ErasureYou can request that we delete your personal data in certain circumstances.
Right to Restrict ProcessingYou can request that we limit how we use your personal data.
Right to Data PortabilityYou can request to receive your personal data in a structured, commonly used format.
Right to ObjectYou can object to our processing of your personal data for direct marketing purposes or based on legitimate interests.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that significantly affects you.To exercise any of these rights, please contact us at services@newgradient.co.uk. We will respond to your request within one month.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:
Secure data transmission
Regular security assessments
Limited access to personal data
Employee training on data protection
Third-Party Processors
We share limited personal data with the following processors:
Cloudflare Turnstile: anti-spam protection on forms (processes IP at submission time).
Resend: transactional email delivery for form submissions and assessment reports.
ipapi.is: IP address enrichment for the visit analytics described above. Your IP is sent to ipapi.is at the moment you load a page (after consent) and is not retained by us.
Frappe CRM (self-hosted): stores the organisation-linked visit records and enquiry data. Hosted on infrastructure under our control.
International Data Transfers
We primarily store and process personal data within the UK and EEA. Where a service provider processes data outside the UK, we ensure appropriate safeguards are in place to protect your information in accordance with UK GDPR requirements.
Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.
Children's Privacy
Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a new "Last Updated" date.
Complaints
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: https://ico.org.uk/
Phone: 0800 433 2057
Email: services@newgradient.co.uk
Website: newgradient.com