Privacy Policy

Graham Stow Consulting (“we”, “us”, “our”) is a small UK consultancy providing onboarding review, design and people-enablement services. We are the data controller for the personal information described in this policy.

Contact: me@grahamstow.co.uk

• Contact form: your name, email, organisation (optional), area of interest and the message you send.
• Onboarding Health Check: your name, email, organisation, role (optional), your answers, any optional free-text reflection and consent record.
• Coaching Self-Assessment: your name, email, organisation (optional), role (optional), your answers, any optional reflection text and consent record. If you opt in, your reflection text may also be processed by an AI provider to generate a personalised written summary.
• Other assessments: the same general categories as above where relevant.
• CRM records: contact details and notes about our professional relationship (contacts, organisations, enquiries, assessment responses, activity logs and internal notes).
• Account data (admin only): email address and authentication metadata for the private admin area. The public site does not offer self-service accounts.

• To reply to enquiries and follow up on conversations you started with us.
• To generate the results of any assessment you complete and, where appropriate, to discuss them with you.
• To run and improve our consultancy services and keep simple internal records of our relationships.
• To meet our legal and regulatory obligations.

• Consent — when you submit a contact form or assessment, you give consent for us to use that information to respond and generate your results. You can withdraw consent at any time.
• Legitimate interests — for keeping minimal CRM records to maintain professional relationships and run a small consultancy, in a way you would reasonably expect.
• Legal obligation — where we must retain limited records (for example, for tax or to respond to a regulator).

We use a small number of trusted providers:

• Lovable — hosting and application platform.
• Supabase — database, authentication and storage (used via Lovable Cloud).
• AI Gateway (Google Gemini via Lovable AI) — only when you opt in on the Coaching Self-Assessment, your reflection text and your scores are sent to generate a written summary. AI is never used to calculate your scores, band, lowest area or profile.

We do not sell your personal data.

By default, your assessment results are calculated by deterministic, rule-based scoring on our server. AI is only used as an optional written interpretation layer on the Coaching Self-Assessment, and only if you tick the opt-in box. If you do not opt in, your reflection text is not sent to any AI provider and you still receive your full results.

• Enquiries: up to 24 months from last contact.
• Inactive leads: reviewed after 24 months and deleted if no longer relevant.
• Onboarding Health Check responses: up to 36 months.
• Coaching Self-Assessment reflections: up to 12 months unless there is an ongoing coaching relationship.
• Internal notes: kept only while relevant to the relationship or service.

You can ask us to delete your data sooner — see your rights below.

Under UK GDPR you have the right to:

• Ask for a copy of the personal data we hold about you.
• Ask us to correct information that is wrong or incomplete.
• Ask us to delete your data (the “right to be forgotten”).
• Object to or restrict certain uses of your data.
• Withdraw consent at any time, where consent is the basis we rely on.

To exercise any of these rights, email me@grahamstow.co.uk. We will normally respond within one month.

This site does not currently use analytics, advertising or non-essential tracking cookies. If that changes, we will update this page and present an appropriate cookie notice.

Automated email summaries of assessment results are not currently configured. If we enable them later, we will tell you when you submit and update this policy.

If you are unhappy with how we have handled your data, please contact us first so we can try to put things right. You also have the right to complain to the Information Commissioner's Office (ICO) — ico.org.uk.

We may update this policy from time to time. The “last updated” date at the top of the page shows the most recent change.