REGSMATE™ – PRIVACY NOTICE

(Do Lab Ltd – “we”, “us”, “our”)

Effective date: 27 May 2025

This notice explains how we collect, use, and protect any personal data you give us when you use the RegsMate™ WhatsApp / image-upload bot (the “Service”) for information about UK construction regulations.

1. WHO WE ARE

Controller: Do Lab Ltd (trading as RegsMate™)
Registered office: 128 City Road, London EC1V 2NX, United Kingdom
Email: privacy@regsmate.com
Website: https://regsmate.com/privacy

2. THE DATA WE COLLECT

a. Identity & Contact Data – Your mobile number; WhatsApp profile name/picture (if visible).
b. Query Data – The text of any message you send us.
c. Image Data – Photos or other images you voluntarily submit. (Do not include personal data about third parties unless you have their consent.)
d. Service Interaction Data – Message timestamps, delivery/read receipts, confirmation that you accepted our Terms of Service, and internal logs of requests and responses.
e. Website Technical Data – IP address, browser details, and cookies (when you visit our website).

We do not intentionally collect special-category data (e.g., health, biometric, racial or ethnic origin). Please avoid sending it.

3. HOW & WHY WE USE YOUR DATA (LAWFUL BASES)

Purpose	Data	Lawful Basis
Provide the Service and answer your queries	a – d	Contract (performance of our Terms of Service)
Improve, debug, and secure the Service	b – d (anonymised / pseudonymised where possible)	Legitimate Interests – To ensure the ongoing integrity, accuracy, and security of our AI-driven services.
Customer support & account administration	a, b, d	Contract; Legitimate Interests
Enforce Terms, prevent misuse or fraud	all relevant	Legitimate Interests; Legal Obligation
Comply with legal / regulatory duties	all relevant	Legal Obligation
Operate our website (analytics, cookies)	e	Consent (for non-essential cookies); Legitimate Interests (for basic site operation and security)

We never use your data to build unrelated, general-purpose AI models.

4. AUTOMATED PROCESSING & AI

The Service uses a large-language-model with retrieval-augmented generation (RAG). Your query (and any image) is algorithmically analysed to retrieve relevant publicly available regulation text and to generate a summarised answer. The system is overseen by humans; no decision producing legal or similarly significant effects on you is made solely by automated means.

5. SHARING YOUR DATA

We only share personal data when necessary and under written contracts that require high levels of protection. Typical recipients:

WhatsApp (Meta) (to deliver messages).
UK-based and EU-based cloud-hosting providers that run our AI system and store data.
Professional advisers (lawyers, accountants, insurers).
Regulators, courts, or law-enforcement agencies where we are legally obliged.
Potential acquirers if we sell or restructure the business (they must honour this notice).

We do not sell or rent your personal data.

6. INTERNATIONAL TRANSFERS

Some suppliers (e.g., Meta Platforms) operate outside the UK/EEA. Where transfers occur, we rely on UK Government-approved transfer mechanisms, such as “adequacy regulations” or the UK’s International Data Transfer Agreement / Standard Contractual Clauses, plus additional safeguards.

7. SECURITY

Measures include TLS encryption in transit, at-rest database encryption, access-control lists, least-privilege staff access, regular security testing, and incident-response procedures. If a breach risks your rights or freedoms, we will notify you and the ICO as required by law.

8. RETENTION

Chat Logs (messages, images, AI responses): Kept for 24 months from the date of the last interaction in a conversation, then deleted or fully anonymised.
Website Analytics: Kept for 26 months.
Legal/Financial Records: Kept for up to 7 years to comply with statutory obligations.
Anonymised data used for service improvement may be retained indefinitely as it is no longer personal data.

9. YOUR RIGHTS

Under UK GDPR you can:

Ask for a copy of your data (right of access).
Correct inaccurate data (rectification).
Ask us to delete it (erasure) or restrict processing.
Object to processing based on legitimate interests.
Ask for portability of data you provided.
Complain to the Information Commissioner’s Office (www.ico.org.uk).

We normally respond within one month. To exercise a right, please email privacy@regsmate.com.

10. CHILDREN

The Service is for users 18+. We do not knowingly collect data from children. If you believe we hold such data, contact us and we will delete it.

11. COOKIES (WEBSITE)

Essential cookies keep our site functioning. Analytics cookies (e.g., Google Analytics) help us understand traffic; we obtain your consent for these via our cookie banner. For details, see https://regsmate.com/cookies.

12. CHANGES TO THIS NOTICE

Material changes will be posted at https://regsmate.com/privacy and, where appropriate, notified via the channel you use (e.g., WhatsApp). Continued use after the “effective date” means you accept the revised notice.

13. CONTACT & COMPLAINTS

Email: privacy@regsmate.com
Post: Do Lab Ltd, 128 City Road, London EC1V 2NX, UK
ICO Helpline: 0303 123 1113 – but please give us a chance to resolve any issue first.