Legal
Privacy Policy
Last updated: 30 April 2026
This privacy policy explains what personal data Eighty8 collects, why we collect it, how we store it, and what your rights are. If anything is unclear, email chris@agency88.ai and we'll walk you through it.
1. Who we are
Eighty8 is a sole trader business operating in the UK. The data controller is Christopher Julian Djuric trading as Eighty8. The website you're reading this on is www.agency88.ai.
- Trading name: Eighty8
- Contact: chris@agency88.ai
- ICO registration number: ZC103001
2. What we collect
We collect the minimum we need to do our job. That's it.
Information you give us
- Contact form submissions — your name, email address, and the message you send us via the form on the homepage.
- Direct correspondence — anything you email us, plus your email address and signature contents.
- Client onboarding data — if you become a client, we'll collect what we need to deliver work (business details, brand assets, account access where you've authorised it). We'll always tell you what we need and why.
Information collected automatically
- Server logs — our hosting provider (Vercel) records standard web server logs: IP address, user agent, page requested, timestamp. These are kept for security and abuse prevention and rotate within 30 days.
- Cookies — this site does not currently set marketing or tracking cookies. Vercel may set a small number of strictly-necessary cookies for performance and security. If we add analytics or marketing cookies in the future, we'll update this policy and add a cookie banner.
3. Why we collect it
We use your data only for:
- Replying to your enquiry and arranging a conversation
- Delivering the work you've engaged us to do
- Sending you occasional follow-ups about projects you've already discussed with us (legitimate interest — we won't add you to a marketing list without your explicit opt-in)
- Keeping accurate records for tax and accounting purposes (legal obligation)
Our legal bases under UK GDPR: legitimate interest for responding to enquiries and managing client work, contract for delivering services you've engaged us for, legal obligation for record-keeping, and consent where required (e.g. marketing emails).
4. Who we share it with
We don't sell your data. Ever. We do use a small number of third-party tools to run the business — these are our data processors:
- Vercel Inc. — website hosting (US-based, with data processing agreement and EU-US Data Privacy Framework certification)
- Google Workspace — business email at chris@agency88.ai
- HighLevel (GoHighLevel) — CRM and form processing where applicable
- HMRC and our accountant — for tax and accounting purposes
We may also share data when legally required (e.g. court order, fraud investigation).
5. How long we keep it
- Contact form submissions — kept for up to 24 months after last contact, then deleted unless you've become a client.
- Client records — kept for 7 years after the end of our working relationship to comply with HMRC requirements, then deleted.
- Server logs — rotated within 30 days by our host.
6. Your rights
Under UK GDPR you have the right to:
- Ask what data we hold about you (right of access)
- Ask us to correct anything that's wrong (right to rectification)
- Ask us to delete your data (right to erasure, where applicable)
- Ask us to stop using your data for certain purposes (right to object)
- Get a copy of your data in a portable format (right to data portability)
- Withdraw consent at any time, where consent was the legal basis
To exercise any of these, email chris@agency88.ai. We'll respond within 30 days.
If you're not happy with our response, you have the right to complain to the Information Commissioner's Office at ico.org.uk.
7. Security
Your data is held on systems protected by industry-standard security (HTTPS in transit, encryption at rest where the provider supports it, access controls, two-factor authentication on all admin accounts). No system is 100% secure, but we take it seriously and we'll tell you immediately if there's ever a breach affecting your data.
8. International transfers
Some of our processors (Vercel, Google) are based in the United States. Where data is transferred outside the UK, we rely on the EU-US Data Privacy Framework, UK Standard Contractual Clauses, or another approved safeguard.
9. Children
Our services are aimed at businesses, not individuals under 18. We do not knowingly collect data from children. If you believe a child has submitted information, contact us and we'll delete it.
10. Changes to this policy
If we change this policy, we'll update the "Last updated" date at the top. Significant changes will be flagged on the homepage or by email if we have your address.
11. Contact
Questions about this policy, your data, or anything else covered here?