trust

our trust statement

Last updated: May 2026

We're an AI consultancy. We talk about data for a living. So you have every right to expect us to be straight with you about what happens to yours when you use this site.

This page is plain English. It sits alongside — and in tension with, on purpose — our formal privacy policy. If anything here disagrees with the privacy policy, the privacy policy wins. But this is the spirit of how we operate.

the two categories of data we hold

category 1 — your account data

the things that identify you

Your name, email, business name, phone number (if you give it), the answers to our Snapshot, anything you tell us in contact forms or on calls.

This is yours. We use it to personalise your report, follow up if you've asked us to, and run our consultancy. We do not sell it, swap it, or hand it to a third party for marketing. You can ask us to delete the lot at any time and we'll do it within 30 days.

category 2 — anonymised benchmark scores

the four numbers — only if you opt in

If you tick the “include me in the benchmark” box on the Snapshot, we add four numbers to a separate, aggregated pool: your scores for People, Documents, Data and Strategy, plus your sector, size band and region.

That's it. Not your name, not your business name, not your contact details, not your free-text answers, not your industry-specific question — just the four scores and the cohort labels. We never publish a cohort with fewer than five respondents, so no one can be identified.

If you don't tick the box, none of your data goes into this pool — your Snapshot is just for you.

our principles for your data

  • Active consent. If we ever want to use your data in a way you haven't already agreed to, we ask. No pre-ticked boxes. No buried clauses.
  • Plain English. If we need to use legal language to comply with the law, we'll translate it. The privacy policy stays formal; this page stays human.
  • No sales of your data. Ever. Not to advertisers, not to other consultants, not to AI training partners. Your information is for the relationship between you and us, full stop.
  • UK-hosted where it matters. Our consultancy systems and Snapshot data are held in the UK or EU. We use named subprocessors (Supabase, Resend, Google Cloud Run for our infrastructure; Plausible for cookie-free analytics) — happy to list them in writing if you ask.
  • Models we don't train. We use Gemini and Claude through their APIs to draft your Snapshot report. We do not opt into model-training pathways. Your responses are not used to train anyone's foundation model.
  • Right to leave. If you ever want everything we hold on you erased, email hello@nura.solutions. We confirm in 48 hours and complete within 30 days. UK GDPR gives you that right anyway — we'd rather you didn't have to invoke it to be heard.

the benchmark, in detail

When we publish UK SME AI-readiness benchmarks (on the Snapshot result page, in reports, on stage), they come from people who actively opted in. Each cohort cell — sector × size band × region — has to have at least five respondents before we'll show a number. Below five, we say so. Above five, the numbers are means and medians of the four pillar scores; we don't share individual rows, ever.

You can withdraw from the benchmark in future. The opt-in flow isn't a one-way door. Email us and we'll remove your anonymised scores from the cohort.

questions

Anything unclear, anything that feels off, anything you'd like us to put in writing — email hello@nura.solutions. A real human reads it. Our formal privacy and DSAR processes live in our privacy policy.