Privacy Policy

Last updated: 25 May 2025

YourBDM (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This policy explains what data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

YourBDM is an AI-assisted sales coaching platform for UK recruitment agencies, operated by YourBDM Ltd (company details available on request). For data protection enquiries, contact us at privacy@yourbdm.co.uk.

2. Data we collect

We collect and process the following categories of personal data:

• Account data: name, work email address, role, and branch.
• Usage data: AI feature usage, token consumption, and activity timestamps.
• Prospect data: company names, contact details, and call notes you enter as part of your business development workflow. This data belongs to your agency.
• Call content: notes and analysis from calls you log within the platform. We do not currently record or transcribe audio calls.
• Persona assessment responses: responses to our personality and communication style assessment, used to generate your AI coaching profile.
• Technical data: IP address, browser type, and request identifiers for security and debugging purposes.

3. How we use your data

We use your personal data to:

• Provide, operate and improve the YourBDM platform.
• Generate AI-powered coaching, briefs, and insights tailored to you.
• Authenticate your identity and keep your account secure.
• Maintain immutable audit logs for security, compliance, and dispute resolution.
• Respond to support requests and improve our service.
• Comply with our legal obligations under UK law.

Our lawful basis for processing is primarily legitimate interests (delivering the contracted service to your employer) and, where required, consent(persona assessment data).

4. AI processing

YourBDM uses the Anthropic Claude API to generate coaching content. Prompts sent to the AI include contextual data from your account (prospect names, call notes, persona profile) to produce relevant outputs. Anthropic’s data processing terms apply to that processing. We do not use your data to train AI models.

5. Data sharing

We share data only with:

• Your employer / agency admin: managers in your agency can see performance data for their team.
• Supabase: our database and authentication provider, hosted in the EU.
• Anthropic: AI inference only; see their privacy policy for details.
• Legal authorities: where required by applicable law.

We do not sell personal data to third parties.

6. Data retention

We retain account and usage data for as long as your agency holds an active subscription, plus 90 days after termination to allow for data export requests. Audit logs are retained for 7 years for compliance purposes. You may request deletion at any time (see Section 8).

7. International transfers

Your data is stored in EU data centres. AI inference requests are processed by Anthropic, which operates in the United States under Standard Contractual Clauses approved by the UK Information Commissioner’s Office.

8. Your rights

Under UK GDPR you have the right to:

• Access a copy of the personal data we hold about you (Subject Access Request).
• Rectify inaccurate data.
• Erase your personal data (“right to be forgotten”).
• Restrict or object to certain processing.
• Data portability — receive your data in a machine-readable format.
• Withdraw consent at any time (where consent is the lawful basis).

To exercise these rights, use the in-app GDPR tools under Settings, or email us at privacy@yourbdm.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

9. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, row-level security in our database, role-based access controls, and immutable audit logging. We conduct regular security reviews.

10. Cookies

YourBDM uses essential cookies only — session authentication cookies managed by Supabase. We do not use advertising or analytics cookies.

11. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the change takes effect. Continued use of the platform constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions: privacy@yourbdm.co.uk