This privacy policy applies to JMAC ANSWER, an AI-powered business communication platform for tradespeople provided by JMAC Partners Ltd, and to the JMAC ANSWER website at jmacanswer.co.uk.
If you use other JMAC Partners services, those services have their own privacy policies. This document covers JMAC ANSWER only.
The service is operated by JMAC Partners Ltd, a limited company registered in England and Wales.
| Company number | 16602051 |
| VAT number | 498 6009 45 |
| Registered office | 20 Wenlock Road, London, N1 7GU |
| ICO registration | ZC100217 |
| Data protection contact | [email protected] |
In this document, "we", "us", and "our" refer to JMAC Partners Ltd. "You" refers to the person using the service. "The service" refers to the specific product covered by this document, identified at the top of the page.
You have the following rights in relation to personal data we hold about you. You can exercise any of these rights at any time by contacting us at [email protected].
We will respond to any request within one calendar month. We will not charge you for exercising any of these rights, except in rare cases where requests are manifestly unfounded or excessive.
If you are unhappy with how we have handled your personal data, please contact us first at [email protected] so we can try to resolve the matter directly.
If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
You are not required to contact us before contacting the ICO, but we would appreciate the opportunity to address your concerns directly.
We take the security of your data seriously. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
The service is not directed at, or intended for use by, children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided personal data to us, please contact [email protected] and we will delete it.
We may update this policy from time to time.
A full version history is shown at the foot of this document.
This privacy policy applies to all personal data we collect and process when you:
A note on customer data. When traders use JMAC ANSWER, their customers' personal data is processed through the service. In that context, the trader is the data controller and we act as the trader's data processor. The processing of customer data is governed by the Data Processing Agreement that forms part of our JMAC ANSWER Terms and Conditions. This privacy policy does not apply to that processing, except as described in the "Customer data" section below.
When you visit our website, we may collect technical data including your IP address, browser type and version, device type and operating system, screen resolution, referring URL, pages visited and duration of visit, and approximate geographic location (derived from IP address). This data is collected automatically through cookies and server logs.
If you contact us via email or a contact form, we collect your name, email address, telephone number (if provided), and the content of your message. We use this information solely to respond to your enquiry.
If you subscribe to our mailing list or newsletter, we collect your name and email address. We will only send you marketing communications with your explicit consent, and you can unsubscribe at any time.
When you register for JMAC ANSWER as a trader, we collect your name and business name, email address, telephone number, trading address, business type and trade description, and payment information (processed and stored by Stripe — we do not store full card details).
When you use JMAC ANSWER, we automatically collect information about your interactions with the service, including session timestamps and duration, features used and actions taken, messages sent and received, and AI interaction logs (message content processed through AI models for response generation).
Through the operation of JMAC ANSWER, we process personal data belonging to traders' customers, including names, telephone numbers, email addresses, postal addresses, booking and appointment details, job descriptions and notes, quotes and invoice details, and message content. As stated above, this data is processed by us as a data processor on the trader's behalf.
We process personal data on the following lawful bases under UK GDPR:
| Lawful basis | Application |
|---|---|
| Legitimate interests (Article 6(1)(f)) | Website visitor data (IP addresses, browsing data) for maintaining website security and performance, understanding visitor patterns, and improving our services. We have assessed that these interests are not overridden by your rights. |
| Contract (Article 6(1)(b)) | Trader account data, where necessary for the performance of our contract with you (providing JMAC ANSWER). Contact enquiry data, to take steps at your request prior to entering a contract. |
| Consent (Article 6(1)(a)) | Mailing list data and non-essential cookies, only with your explicit consent. You may withdraw consent at any time by unsubscribing or adjusting your cookie preferences. |
| Legal obligation (Article 6(1)(c)) | Where necessary to comply with our legal obligations, including tax, accounting, and regulatory requirements. |
| Data category | Purpose |
|---|---|
| Website visitor data | Maintaining website security, analysing site performance, understanding visitor patterns, improving our services |
| Contact enquiry data | Responding to your enquiry, following up where appropriate, improving our customer service |
| Mailing list data | Sending marketing communications and newsletters (with your consent) |
| Trader account data | Providing JMAC ANSWER, managing your subscription, processing payments, communicating about your account |
| Usage and technical data | Monitoring and improving JMAC ANSWER, detecting and addressing technical issues, analysing usage patterns |
| AI interaction logs | Quality assurance and improvement of AI response accuracy |
| Payment records | Processing transactions, fraud prevention, compliance with tax and accounting obligations |
We do not sell your personal data to any third party. We do not use your data, or trader customer data, to train AI models.
We share personal data with the following third-party service providers, who process data on our behalf. We have a written data processing agreement with each.
| Provider | Role | Data shared | Headquartered | Transfer safeguard |
|---|---|---|---|---|
| Anthropic | AI language model — generates draft responses | Message content (JMAC ANSWER only) | United States | UK International Data Transfer Agreement / Standard Contractual Clauses |
| OpenAI | AI language model — generates draft responses | Message content (JMAC ANSWER only) | United States | UK International Data Transfer Agreement / Standard Contractual Clauses |
| Stripe | Payment processing | Payment details, billing information (traders only) | United States (with UK and EEA infrastructure) | UK International Data Transfer Agreement |
| SMTP2GO (Sand Dune Mail Ltd) | Transactional email | Email addresses, email content | New Zealand (which has UK adequacy status) | UK adequacy decision; UK International Data Transfer Agreement for any transfers outside that scope |
| Cloudflare, Inc. | Infrastructure, DDoS protection, web application firewall | Traffic metadata, IP addresses (all visitors) | United States | UK International Data Transfer Agreement |
| IONOS SE | Hosting infrastructure | All data stored on our servers | Germany | UK adequacy decision (EEA) |
| Google Ireland Ltd | Workspace email and document tooling for our internal operations | Inbound and outbound email correspondence | Republic of Ireland | UK adequacy decision (EEA) |
We may also disclose personal data where required by law, regulation, or court order, or to protect our rights, property, or safety.
We will update this list and notify you in advance if we add or change a sub-processor — see "Changes to this policy" in the preamble above.
When traders use JMAC ANSWER, their customers' personal data (names, contact details, booking information, message content) is processed through our systems. In that context:
If you are a customer of a trader who uses JMAC ANSWER and you wish to exercise your data subject rights (access, rectification, erasure, etc.), please contact the trader directly in the first instance. As the data controller, the trader is responsible for responding to your request. If you are unable to resolve your concern with the trader, you may contact us at [email protected] and we will assist where we can.
JMAC ANSWER uses large language models (provided by Anthropic and OpenAI) to draft responses to customer messages on the trader's behalf. The trader reviews and decides whether to send each draft. Because a human is in the loop on every outbound message, JMAC ANSWER does not make decisions based solely on automated processing that have legal or similarly significant effects on data subjects.
You can ask us for human review of any aspect of how the service has handled your data by contacting [email protected].
Some of our sub-processors are located outside the United Kingdom (as set out above). Where personal data is transferred internationally, we ensure appropriate safeguards are in place as required by UK GDPR — including the UK International Data Transfer Agreement, EU Standard Contractual Clauses incorporated by the UK addendum, and reliance on adequacy decisions where available.
| Data category | Retention period |
|---|---|
| Website visitor logs | 12 months from collection |
| Contact enquiry data | 12 months from last correspondence |
| Mailing list data | Until you unsubscribe, then deleted within 30 days |
| Trader account data | Duration of subscription, then deleted within 90 days of subscription ending |
| JMAC ANSWER usage data | Duration of subscription, then deleted within 90 days of subscription ending |
| AI interaction logs | Duration of subscription, then deleted within 90 days of subscription ending |
| Customer data (on trader's behalf) | Duration of trader's subscription, then deleted within 90 days, except where the trader has separately exported or migrated the data |
| Payment records | 7 years (HMRC requirement) |
| Backups | Encrypted backups are retained for 35 days on a rolling basis. Data deleted from the live system is removed from backups on the next backup cycle in which a full snapshot rolls over. |
Upon expiry of the relevant retention period, data is securely deleted or anonymised.
Your full statutory rights under UK GDPR are described in the preamble above. The following notes are specific to JMAC ANSWER:
Right of access. You can see most of your account information directly in the JMAC ANSWER trader dashboard. For a comprehensive export including service logs and AI interaction history, contact [email protected] or use the JMAC Data Portal at data.jmacpartners.co.uk.
Right to data portability. Trader account data, message history, and customer data you have entered into JMAC ANSWER are exportable in a structured, machine-readable format. The JMAC Data Portal provides a one-click export of your data.
Right to erasure. To close your account and have your data deleted, use the Close account option in your trader dashboard, or contact [email protected]. We complete account deletions within 90 days; the longer period (compared with some other data) reflects the need to ensure orderly handover of any active customer-facing communications.
Requests from your customers. If you are a customer of a trader who uses JMAC ANSWER, please direct requests about your data to the trader. The DPA gives the trader the technical means to respond. If you cannot resolve your concern with the trader, contact us at [email protected] and we will assist where we can.
Cookies are small text files placed on your device when you visit a website. They help us provide you with a better experience by remembering your preferences, understanding how you use our site, and improving our services.
| Category | Status | Description |
|---|---|---|
| Necessary | Always active | Essential for the website to function. Includes session management, security, and load balancing. Cannot be disabled. |
| Analytics | With your consent | Help us understand how visitors interact with our website, which pages are most popular, and how we can improve. |
| Functionality | With your consent | Remember your preferences (such as cookie consent choices) to enhance your experience. |
When you first visit our website, a cookie banner allows you to accept all cookies, reject non-essential cookies, or customise your preferences. You can change your cookie preferences at any time. You can also control cookies through your browser settings, though disabling necessary cookies may affect website functionality.
We do not use third-party advertising or tracking cookies. We do not participate in any advertising networks. Cloudflare may set security-related cookies as part of its DDoS protection and CDN services.
No security measure is absolute. If we suffer a breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as described in the preamble above.
| Version | Effective date | Summary |
|---|---|---|
| 1.4 | TBD | Refactored to use the JMAC Partners shared privacy preamble; added JMAC Data Portal references; refined sub-processor table to align with estate-wide framing; restructured rights section to defer common rights to the preamble. No substantive change to data practices. |
| 1.3 | 3 March 2026 | Previous published version. |