Automation Street

Governance

Privacy and Responsible AI

How we handle personal data, govern AI systems, and align to the NIST AI Risk Management Framework. Our commitment to transparency, human oversight, and minimum-necessary data.

Abstract representation of secure data flows and AI governance frameworks

Last updated: May 2026. Applies to automationstreet.com and all Automation Street client engagement data processing activities.

Privacy policy

How we handle your data

Automation Street collects only the information necessary to respond to your enquiry, deliver contracted services, and improve this website. We do not sell, rent, or trade personal information to third parties.

What we collect

  • Business contact information submitted through forms on this Site (name, email, company, phone, message)
  • Usage data collected through analytics tools, including pages visited, session duration, and device type
  • Information you provide during discovery calls, assessments, and service engagements under separate agreement
  • Technical information such as IP address, browser type, and referring URL for security and fraud prevention

How we use it

  • To respond to your enquiries and schedule consultations
  • To deliver contracted services and communicate programme progress
  • To send relevant insights and content where you have opted in
  • To analyse and improve the performance and accessibility of this Site
  • To comply with applicable legal obligations
Secure server room representing data protection and privacy infrastructure

Third-party processors

We use a limited set of vetted subprocessors, including Google Analytics (with consent), HubSpot CRM (for active prospects and clients), and cloud infrastructure providers under data processing agreements. For healthcare engagements, we execute Business Associate Agreements (BAAs) with all subprocessors handling PHI.

Data retention

Enquiry data is retained for up to 24 months from last interaction. Active client data is retained for the duration of the engagement plus seven years for audit purposes. Analytics data is anonymised after 14 months. You may request earlier deletion by contacting us.

Your rights

You have the right to access, correct, or request deletion of your personal information. You may opt out of marketing communications at any time. Texas residents have rights under the Texas Data Privacy and Security Act. Contact us through our contact form to exercise any of these rights.

Data transfers

We process data in the United States. Where data from non-US persons is processed, we rely on appropriate transfer mechanisms. We do not transfer personal data to jurisdictions lacking adequate data protection standards without appropriate safeguards.

Security

We implement technical and organisational measures to protect personal data, including encryption in transit (TLS 1.3) and at rest, multi-factor authentication for all systems with access to personal data, and annual security assessments. See our Security page for more detail.

Contact

For privacy enquiries, data access requests, or to exercise your rights, use our contact form and note "Privacy" in your message. We respond within 30 days. For urgent matters, escalate to our principal contact listed in your engagement agreement.

AI governance framework

Responsible AI aligned to NIST AI RMF

We structure AI governance around the four functions of the NIST AI Risk Management Framework (AI RMF 1.0): Govern, Map, Measure, and Manage. Every client AI programme receives a documented risk register, a human oversight plan, and a monitoring runbook before any AI system touches production data.

01

Govern

Policies, roles, and accountability structures are established before AI is deployed. Every AI system in client programmes has a named business owner responsible for monitoring and override authority.

02

Map

We identify the context, intended use, and risk profile of each AI component at the discovery phase. Known limitations, potential for bias, and regulatory obligations are documented in a risk register before any build begins.

03

Measure

AI systems are evaluated against agreed performance metrics, fairness criteria, and data quality standards before production deployment. Minimum performance thresholds are negotiated with the client sponsor and finance team.

04

Manage

Human override paths are built into every AI-assisted decision in regulated contexts. Monitoring dashboards, drift detection, and escalation runbooks are delivered as part of each engagement close.

Visualisation of AI neural network with human oversight controls

Our commitments

AI principles in every engagement

Human oversight on regulated decisions

No AI system in a regulated context makes final decisions without a documented human review step. Override authority is assigned to a named individual and tested before go-live.

Minimum-necessary data

We identify the minimum data required to achieve stated accuracy goals before any model is built. We do not collect, store, or process data beyond what the use case requires.

Explainability and auditability

Features, decision thresholds, and confidence scores are documented for every model in production. Clients receive an explainability report as part of programme close.

Bias review and fairness

Where models make decisions affecting individuals (hiring, lending, claims), we conduct a bias review against protected attributes. Results are disclosed to client sponsors before deployment.

Rollback and incident response

Every AI deployment includes a tested rollback plan, a model performance monitoring dashboard, and a documented incident response procedure aligned to the client's change management process.

Cookie notice

Cookies and analytics

This Site uses cookies and similar technologies to deliver core functionality and, where you consent, to collect analytics data. We categorise cookies as follows:

Essential

Required

Required for the Site to function. These include session management and security tokens. They cannot be disabled.

Analytics

Consent required

Google Analytics (GA4) collects anonymised usage data to help us understand how visitors use the Site. Analytics cookies are only set after you consent. You may withdraw consent at any time.

Marketing and CRM

Consent required

HubSpot tracking is used for active prospects and clients to personalise follow-up communications. These are only enabled for users who have submitted a contact form or engaged in active business discussions.

Questions about data governance?

Our team is happy to discuss how we handle data in specific engagement types, including healthcare, financial services, and regulated manufacturing.

Contact usView our security practices