Privacy and Data Security Policy
Upstage Consulting Ltd
Last updated: 15 February 2026
1. Introduction
Upstage Consulting Ltd (“Upstage”, “we”, “us”, “our”) provides consultancy, training, digital tools, and related services in communications, storytelling, media engagement, and presentation skills. This includes online platforms such as StoryDraft AI, as well as in-person and remote consultancy and training services.
Some of our services are provided under the trading name “Upstage Training”.
We are committed to protecting personal data and handling it responsibly and securely. This policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller
Upstage Consulting Ltd is the data controller for personal data processed in connection with our services.
Contact details:
Upstage Consulting Ltd
509 Lexington Building
Fairfield Road
London E3 2UF
3. The Data We Process
3.1 Contact and Account Information
- Name
- Email address
- Organisation
- Job title
- Login credentials for online platforms
3.2 Service and Content Data
- Materials shared for consultancy, editing, or training purposes
- Narrative inputs and draft content entered into online tools (including StoryDraft AI)
- Notes relating to training sessions or consultancy engagements
- Email correspondence and communications
3.3 Technical Information
When users access our online platforms, basic technical information may be generated automatically (such as connection logs). This is processed solely for security, system integrity, and operational purposes.
We do not intentionally collect or process special category personal data (e.g. health data, political opinions). Individuals should avoid submitting such data unless strictly necessary and lawful.
4. How We Use Personal Data
- Provide consultancy and training services
- Provide access to and operate our online platforms (including StoryDraft AI)
- Generate AI-assisted draft materials where requested
- Communicate with clients and users
- Maintain system security and functionality
- Comply with legal obligations
We do not sell personal data. We do not use client materials for marketing without explicit permission.
5. Lawful Basis for Processing
- Performance of a contract
- Legitimate interests (such as operating and improving our services)
- Compliance with legal obligations
- Consent (where applicable)
6. Third-Party Providers and Infrastructure
We use reputable third-party providers to support our operations. These may include:
- Cloud hosting and application infrastructure providers (including Replit, Inc.)
- AI service providers used to generate draft content (for example, OpenAI, Anthropic, and Google)
- Industry-standard productivity and collaboration platforms (for example, iCloud, Microsoft 365, and Google Docs)
These providers may act as data processors or sub-processors, depending on the context in which they are used. We take reasonable steps to ensure appropriate contractual and technical safeguards are in place where required.
Where personal data is transferred outside the UK, appropriate safeguards are implemented in accordance with UK GDPR requirements.
7. Data Security
- Encrypted connections (HTTPS)
- Secure authentication for online accounts
- Role-based access controls
- Restricted internal access to client materials
- Use of established, industry-standard hosting and productivity systems
Basic connection logs may be processed for security and operational monitoring.
While no system can be guaranteed completely secure, we take reasonable steps to protect personal data from unauthorised access, loss, or misuse.
8. Data Retention
We retain personal data only for as long as necessary to provide services, maintain ongoing client relationships, and fulfil contractual or legal obligations.
Online platform accounts may be deleted upon request, subject to any contractual requirements.
9. Individual Rights
- Access to personal data
- Correction of inaccurate information
- Deletion of personal data (where applicable)
- Restriction of processing in certain circumstances
Requests can be sent to privacy@upstagetraining.com.
Individuals also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
10. Confidentiality
Client materials shared with Upstage, including narrative drafts and training content, are treated as confidential. We do not disclose or reuse client materials without explicit permission.
11. Updates to This Policy
We may update this policy from time to time. The most recent version will be made available on request or via our website or online platforms.