//Legal

Legal

Last updated 18 July 2026

Who we are

KINTAL LTD is a private limited company registered in England and Wales and is the data controller for the personal data described on this page.

  • Company number 16657658
  • VAT number 511370729
  • ICO registration ZC050455
  • Registered office: 167-169 Great Portland Street, London, W1W 5PF
Cyber Essentials Plus certified. View the certificate in the Blockmark registry.

Privacy enquiries to hello@kintal.co.

What data we collect and why

  • Information given directly: name, email address and any details you provide in forms and enquiries, such as your organisation or the content of your message
  • Basic anonymised website analytics
  • Project materials shared during engagements, used only for the agreed work
  • A hashed version of your IP address is stored against contact form submissions, used only to prevent spam and abuse

No data lists are bought and no data is sold.

Contact form data is processed under our legitimate interest in responding to enquiries and protecting our systems from abuse.

How we use AI tools

  • A human consultant is always responsible for final judgements
  • Client data is never used to train public AI models
  • Client data is only sent to AI tools that meet privacy and security standards, and only when necessary
  • A record is kept of which tools are used on each project
  • Stricter client requirements are agreed in writing before work begins

Where data is stored

Business records and email are held on Google Cloud. Site and form data run on the kintal.co Supabase and Vercel stack. Data is stored in the EEA where possible.

  • Access is limited to those who need it
  • Strong passwords and 2FA protect key systems
  • PII is removed before AI processing where feasible

How long we keep data

Data is reviewed annually and deleted or archived when no longer needed. Contact form submissions are deleted after 90 days. Other business records are retained no longer than 6 years after last contact.

Your rights under UK GDPR

You have the right to access, correct, delete, restrict or object to processing, and to receive your data in a portable format.

Requests to hello@kintal.co. Identity verification may be required. Complaints can be raised with the ICO at ico.org.uk.

Third parties

No data is sold. Data may be shared with:

  • Service providers
  • Professional advisers
  • Regulators or courts where legally required
  • Stripe, for payment processing

All are bound by confidentiality and data protection terms.

Cookies

  • Strictly necessary cookies: required, cannot be switched off
  • Analytics cookies: anonymous

A consent banner appears on first visit. Preferences can be changed via your browser settings at any time.

Payments and refunds

  • SIGNAL is paid online via Stripe or by invoice, with 14-day invoice terms unless otherwise agreed
  • SIGNAL is non-refundable once assessment work has commenced
  • Cancellations within 48 hours of payment or invoice settlement are refunded, minus non-recoverable Stripe/Link processing fees. Refund requests to admin@kintal.co
  • No refunds after the 48-hour window

Groundwork by KINTAL

Groundwork is a digital product at groundwork.kintal.co. Its full terms, privacy and refund policy live at groundwork.kintal.co/terms, groundwork.kintal.co/privacy and groundwork.kintal.co/refunds.

  • Payments are processed via Stripe and the product is delivered digitally and immediately on payment
  • The right to cancel under the Consumer Contracts Regulations 2013 is waived on delivery, confirmed at checkout
  • Refund queries to admin@kintal.co

Governing law

This page and our services are governed by the laws of England and Wales, under the exclusive jurisdiction of the courts of England and Wales.

Responsible AI

At KINTAL, AI should support human creativity and judgement, not replace it. These five commitments apply to every client engagement, every day.

Transparency

We are always clear about when, where and how AI is used in your projects. Every workflow is open and easy to understand. No hidden tools, no mysterious decisions.

Human oversight

Every AI output is reviewed and approved by an experienced person before it goes anywhere. Our processes are human-first by design.

Fairness

We regularly review our tools and workflows to spot and address bias or unintended effects. If we see a risk, we act straight away.

Privacy

All data is handled securely under UK GDPR. We never use or share your data with AI providers unless it is clearly justified by contract and ethics.

Continuous learning

We keep up to date on responsible AI practice and adapt as technology, law and client needs change. We invite challenge, and this practice continues to evolve.

KINTAL has signed Clause 0, an international pledge for responsible, people-first AI. We are also a member of the Ethical AI Alliance.

ESG

ESG is not a checkbox for us. It is how we work and who we work for. We embed ethical, inclusive and transparent practices into every KINTAL project. That means practical policies, quarterly reviews, and public standards.

Environmental

  • We work remotely and asynchronously, with no fixed office. Travel is used only when essential for delivery.
  • Our AI toolchain and cloud platforms are selected for low emissions and efficient compute.
  • Higher-emission models are only used with clear justification, referenced against model safety cards and emissions data.

Social

  • Freelance rates, scopes and payment terms are clear, equitable and honoured promptly.
  • Async-first delivery, flexible formats, and low-pressure communication are standard. Neuroinclusive workflows are built in, not added later.
  • All templates and training materials follow plain language standards, mobile-first design and WCAG AA accessibility guidelines.
  • We exist to ensure AI supports people, not replaces them.

Governance

  • All AI-generated work is reviewed by a human before delivery or publication. No exceptions.
  • We are open with clients about which AI tools are used in their projects and why. Stricter requirements are agreed in writing before work begins.
  • Toolchain decisions, prompt practices and risk processes are reviewed and updated every quarter.
  • Personally identifiable data is pseudonymised or anonymised before any AI interaction.

This policy draws on ISO 26000, the UN Sustainable Development Goals (Goals 5, 8, 12 and 16) and the B Impact Framework. Policy version v2, last reviewed 1 March 2026. Questions to hello@kintal.co.

Updates to this page

This page is updated when our services, tools or legal obligations change. The date at the top reflects the most recent revision. Questions to hello@kintal.co.