Privacy Policy

Last updated: 1 June 2026

This Privacy Policy explains how Tech Brand Limited trading as Sales Triage (Company Number: 13495362), Suite 525, 5 The High St, Maidenhead, SL6 1JN (“Sales Triage”, “we”, “us”, “our”) collects, uses, shares, and protects personal data.

It applies to our website at https://salestriage.co.uk, our training and coaching services, our AI-powered coaching assistant, our Revenue Engine SaaS platform, our Chrome extension, and any related products and services (together, the “Services”).

We are committed to processing personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), and other applicable data protection law.

Note for business customers: Some of what we do makes us a data controller, and some makes us a data processor acting on your instructions. Section 3 explains the difference and which role applies to which activity. This distinction matters because it determines who is responsible for what.

1. Contact Details


Data controller	Tech Brand Limited t/a Sales Triage
Registered office	Suite 525, 5 The High St, Maidenhead, SL6 1JN, United Kingdom
Company number	13495362
ICO registration	ZC162861
Privacy contact	paul@salestriage.co.uk

If you have any questions about this Policy or wish to exercise your rights, please contact us using the details above. We have not appointed a statutory Data Protection Officer, but the privacy contact above is responsible for overseeing data protection matters.

2. Summary — What We Do With Data

In short:

We collect data you give us (e.g. when you enquire, buy training, create an account, or use our platform) and data we collect automatically (e.g. usage and device data).
We use it to deliver our Services, run our business, communicate with you, meet legal obligations, and improve what we offer.
When you use our AI Coach, your inputs are sent to one or more third-party AI providers to generate responses. Your data is not used to train AI models.
When you use our SaaS platform to store contacts/prospects or send tracked emails, you are the controller of that data and we are your processor — see Sections 3 and 11 and the Data Processing Terms in our Terms and Conditions.
We do not sell your personal data.

The rest of this Policy gives the detail UK GDPR requires.

3. Our Role: Controller vs Processor

Whether we are a “controller” (we decide why and how data is processed) or a “processor” (we process data on someone else’s instructions) depends on the activity:

We act as a CONTROLLER for:

Our website and visitor/enquiry data;
Account registration, administration, billing, and support;
Our own direct marketing and communications;
Training, coaching, consulting, and online learning we deliver directly to individuals;
Usage analytics and security/operational logs relating to the Services;
The account-level and usage metadata generated when individuals use the AI Coach.

We act as a PROCESSOR (on behalf of a client organisation, who is the controller) for:

Contact, prospect, customer, supplier, and stakeholder records that a client stores in the Revenue Engine platform;
Notes, activity history, opportunities, tasks, and other CRM content a client creates;
Emails sent through the platform on a client’s behalf, and the email engagement data generated by them;
Content a client’s users submit to the AI Coach about third parties (e.g. prospect or meeting information);
Meeting notes, transcripts, and AI-generated summaries created within the platform on a client’s instructions.

Where we act as a processor, our processing is governed by the Data Processing Terms set out in our Terms and Conditions (which constitute a UK GDPR Article 28 data processing agreement). In that role, the client organisation is responsible for having a lawful basis, providing privacy notices to data subjects, and responding to data subject requests; we assist them as required by law.

If you are an individual whose data a Sales Triage client has stored in our platform (for example, you are a prospect a client has added), Sales Triage is acting as a processor. Please direct your privacy requests to that client (the controller). If you do not know who they are, contact us and we will help identify them and route your request.

4. Personal Data We Collect

Depending on which Services you use, we may process the following categories of personal data.

4.1 Data you provide

Identity and contact data: name, email address, phone number, job title, employer/company, postal address.
Account data: username, account credentials (passwords are stored hashed), profile and preferences.
Billing data: billing name and address, and transaction records. Card payments are handled by our payment processor (Stripe); we do not store full card numbers.
Service content / coaching data: information you share during coaching, consulting, workshops, or online programmes; enquiries and correspondence.
AI Coach inputs: questions, business and sales information, prospect and client information, meeting notes, strategy documents, and uploaded files you submit to the AI Coach.
CRM / platform content: records and information you (or your organisation) enter into the Revenue Engine platform — see Section 11.

4.2 Data we collect automatically

Technical data: IP address, browser type and version, user-agent string, device information, operating system, time zone, and login records.
Usage data: pages and features used, actions taken, session duration, and similar analytics.
Cookie and similar technology data: see Section 13.
Email engagement data (where applicable): email opens, link clicks, open/click timestamps, device and browser information, user-agent information, and truncated or hashed IP-related metadata — see Section 12.

4.3 Data from third parties

Data enrichment / prospecting sources: where you or your organisation import or enrich records using third-party providers (e.g. Apollo, Lusha, CRM imports, CSV uploads), that data may include third-party personal data. Responsibility for the lawful sourcing and use of that data sits with the importing organisation — see Section 11.4.
Service providers and integrations you connect to the Services.

4.4 Special category data

We do not intend to collect special category data (e.g. health, biometric, racial/ethnic, political, religious, or criminal-offence data). Please do not submit such data to the AI Coach or store it in the platform unless we have expressly agreed this in writing.

5. How and Why We Use Your Data (Purposes and Lawful Bases)

We rely on the following lawful bases under Article 6 UK GDPR. (Where we act as a processor — Section 3 — the lawful basis is determined by the client controller, not by us.)

Purpose	Categories used	Lawful basis
Responding to enquiries and pre-contract requests	Identity, contact, content	Legitimate interests; steps prior to entering a contract
Providing training, coaching, consulting, and online programmes	Identity, contact, content, billing	Performance of a contract
Providing and administering AI Coach and platform accounts	Account, technical, usage, AI inputs	Performance of a contract
Processing payments and managing billing	Billing, identity	Performance of a contract; legal obligation
Keeping accounting/tax records	Billing, identity	Legal obligation (e.g. HMRC retention)
Securing the Services, preventing fraud/abuse, troubleshooting	Technical, usage, account	Legitimate interests
Sending service/operational messages	Contact, account	Performance of a contract; legitimate interests
Direct marketing to business contacts and customers	Identity, contact, usage	Legitimate interests and/or consent (see Section 12 and PECR)
Improving and developing our Services	Usage, technical (aggregated/de-identified where possible)	Legitimate interests
Establishing, exercising, or defending legal claims; complying with law	As relevant	Legal obligation; legitimate interests

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You can ask us for more detail about that assessment.

Where we rely on consent (for example, certain cookies or marketing in some circumstances), you may withdraw it at any time without affecting prior processing.

6. The AI Coach and AI Processing

When you use the AI Coach, the text you submit, your prompts/instructions, and any files you upload are transmitted to one or more third-party AI providers via their business/API services to generate a response. Our AI providers may include, for example, OpenAI, Anthropic, Microsoft, and Google, and the providers we use may change over time as we develop the Services. To support follow-up questions and document search, some content may be indexed into a vector store associated with your account.

You should be aware that:

No model training. We use AI providers’ business/API services under terms which mean the data you submit (including messages, prompts, uploaded files, and any indexed content) is not used to train the providers’ AI models.
Limited provider retention. A provider may retain inputs and outputs for a limited period (often up to around 30 days) for abuse and misuse monitoring, after which they are deleted, unless a shorter or zero-retention arrangement applies. Any content indexed into a vector store persists until it is deleted by us or by you.
International transfer. Some AI providers process data outside the UK (for example, in the United States). We rely on appropriate safeguards for such transfers — see Section 10.
AI outputs may be inaccurate. AI-generated responses can be incomplete, out of date, or wrong (“hallucinations”). You must not rely on them as professional, legal, financial, or other regulated advice, and you remain responsible for reviewing outputs before acting on them. This is reflected in our Terms and Conditions.
Do not submit sensitive or unlawful content. Please do not enter special category data, or data you are not entitled to share, into the AI Coach.

Where the content you submit to the AI Coach concerns third parties and is entered as part of your organisation’s use of the platform, your organisation is the controller and we are the processor (Section 3).

7. Chrome Extension: Sales Triage Coach

Our Chrome extension adds a floating launcher button to supported websites that opens our embedded AI assistant, and can request microphone access so you can interact with the assistant by voice.

The extension:

Does not track your browsing history or general web activity;
Does not read, collect, or transmit your emails or message content;
Requests microphone permission only so that you can speak to the AI assistant. Audio is captured only while you are actively using the voice feature and is processed to generate a response; it is not used for any other purpose;
Passes your interactions to the embedded AI assistant, which processes them as described in Section 6.

The extension itself does not independently log or transmit personal data beyond what is necessary to operate the embedded assistant.

8. The Revenue Engine Platform (CRM and Prospecting)

When your organisation uses the Revenue Engine platform, it may store and process contact, prospect, customer, supplier, and stakeholder records, together with notes, activity history, opportunities, tasks, communications history, and reporting data.

For this processing, your organisation is the controller and Sales Triage is the processor. See Section 11 for what this means in practice, and the Data Processing Terms in our Terms and Conditions for the full contractual position.

We share personal data with the following categories of recipient, under appropriate contracts:

Subprocessors and service providers who help us run the Services (see the list below);
Payment processors (Stripe) for billing;
Our professional advisers (lawyers, accountants, insurers) where necessary;
Authorities, regulators, or law enforcement where required by law, or to protect our rights, safety, or property;
A buyer or successor in the event of a merger, acquisition, or business reorganisation, subject to confidentiality.

We do not sell personal data, and we do not share it for third-party advertising.

Current subprocessors / key providers

Provider	Purpose	Location / transfer
AI provider(s) — OpenAI, Anthropic, Microsoft (Azure OpenAI), and Google	AI Coach / AI processing	UK / EEA / United States — appropriate safeguards (Section 10)
Stripe	Payment processing	UK/EEA/US — appropriate safeguards
UK cloud hosting provider	Cloud hosting and storage of platform and client data	United Kingdom
Google	Productivity, infrastructure, and sending platform emails via your own connected Gmail mailbox (OAuth)	UK / EEA / US — appropriate safeguards
Microsoft	Productivity, infrastructure, and sending platform emails via your own connected Outlook mailbox (OAuth)	UK / EEA / US — appropriate safeguards

Apollo, Lusha and similar prospecting/enrichment tools are generally used by clients as their own data sources, not as Sales Triage subprocessors. Where a client imports or enriches data using such tools, the client is responsible for the lawful sourcing and use of that data (Section 11.4).

We use, or may use, the AI providers listed above, and route personal data to a given provider only once it is engaged under an appropriate data processing agreement. We keep an up-to-date list of subprocessors and will inform platform clients of material changes as set out in our Data Processing Terms.

10. International Transfers

Some of our providers process data outside the UK (for example, in the United States). Where we transfer personal data outside the UK, we ensure an appropriate safeguard is in place, such as:

transfers to a country covered by UK adequacy regulations; or
the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with a transfer risk assessment where appropriate.

You can request more information about the safeguards that apply by contacting us.

11. Platform Data — Responsibilities (Controller/Processor Detail)

This section applies where your organisation uses the Revenue Engine platform.

11.1 Your organisation is the controller

You decide what data to store, why, and on what lawful basis. We process it on your documented instructions to provide the Services.

11.2 Your responsibilities

As controller, you are responsible for:

having and documenting a lawful basis for processing the personal data you store and for any marketing you send;
providing your own privacy notice to your contacts/prospects and keeping any privacy-notice URL configured in the platform accurate and accessible;
ensuring the accuracy and legality of the data you enter;
obtaining any consents required (including for cookies/tracking and certain marketing);
handling data subject requests relating to that data (we assist you).

11.3 Our responsibilities

As processor, we:

process the data only on your instructions and as needed to provide the Services;
apply appropriate technical and organisational security measures;
use only approved subprocessors under equivalent obligations;
assist you with security, breach notification, data subject requests, and (where applicable) impact assessments;
return or delete the data at the end of the relationship, subject to the export window in our Terms.

11.4 Prospecting and enrichment data

Where you import or enrich records (e.g. via CSV upload, CRM import, or providers such as Apollo or Lusha), you warrant that you have a lawful basis to obtain and use that data and that doing so complies with UK GDPR, PECR, and any applicable laws in the recipient’s jurisdiction. Sales Triage does not verify the lawfulness of data you import.

12. Email Sending and Engagement Tracking

Where the platform sends emails on a user’s behalf (including one-to-one, prospecting, follow-up, nurture, and workflow-generated emails) and tracks engagement, we may process:

email addresses and delivery status;
email open events and timestamps;
link click events, timestamps, and clicked URLs;
device, browser, and user-agent information;
truncated or hashed IP-related metadata;
opt-out, objection, suppression, and tracking-preference records.

How emails are sent. Emails are sent through each user’s own connected mailbox (Google/Gmail or Microsoft/Outlook) using a secure OAuth connection the user authorises. The platform adds tracking and compliance elements. The user’s mailbox provider processes the message under the user’s own agreement with that provider; Sales Triage does not operate a separate bulk-sending service.

Roles and lawful basis:

For emails our clients send through the platform, the client is the controller and is responsible for the lawful basis (typically legitimate interests supported by an assessment, or consent where required) and for PECR compliance. We are the processor.
For our own marketing emails, Sales Triage is the controller and relies on legitimate interests and/or consent, applying the PECR “soft opt-in” to existing customers where it is available, and always providing an unsubscribe option.

Controls. The platform can insert compliance disclosures, “why am I receiving this?” notices, unsubscribe/objection links, and preference mechanisms. These must not be removed or circumvented, and recorded opt-outs must be honoured (see our Terms and Conditions).

No cookie/consent banner is currently deployed on our website. Email open/click tracking and any non-essential website analytics or tracking technologies generally require valid consent or an appropriate lawful basis. We recommend deploying a compliant consent mechanism — see Section 13.

13. Cookies and Similar Technologies

Cookies are small files placed on your device. We use cookies and similar technologies (such as pixels and local storage) to operate the website, keep it secure, understand how it is used, and support embedded content.

When you first visit https://salestriage.co.uk you will see a cookie consent banner. Non-essential cookies are not set until you consent to them, and you can Accept, Reject, or choose by category. You can change or withdraw your choice at any time via the “Cookie settings” link in the website footer.

We use the following categories of cookies:

Category	Purpose	Examples	Consent needed?
Strictly necessary	Logging you in, maintaining your session, security, and remembering your cookie choices	Session, security, and consent-state cookies	No — always on
Analytics / performance	Understanding how visitors use the site so we can improve it	Google Analytics (e.g. `_ga`, `_gid`)	Yes
Functional / embedded media	Enabling embedded videos and remembering preferences	YouTube / Vimeo embeds	Yes

Analytics and functional cookies are activated only where you have consented. We do not use advertising or retargeting cookies on this website. The specific cookies in use, their providers, and their durations are listed in our cookie consent tool.

Embedded content (e.g. videos from YouTube or Vimeo) may set its own cookies and behaves as if you had visited the third-party site; it is governed by that third party’s privacy policy.

Email tracking uses pixels and tracked links within emails rather than website cookies — see Section 12.

You can also control or delete cookies through your browser settings, though blocking strictly necessary cookies may affect how the website works.

14. How Long We Keep Data (Retention)

We keep personal data only as long as necessary for the purposes set out in this Policy, then delete or anonymise it. Indicative periods (to be confirmed against your operational policy):

Data	Indicative retention
Account data	For the life of the account, then up to 6 years
Billing / accounting records	6 years (HMRC requirement)
Enquiries / support correspondence	Up to 24 months
Marketing contacts	Until you object/unsubscribe, reviewed periodically
Suppression / opt-out records	Retained as long as needed to honour the opt-out
Client platform data (as processor)	Per client instructions; exportable for 30 days after termination, then deleted (see Terms)
AI Coach inputs/outputs (provider side)	A limited period for abuse monitoring (often up to ~30 days); vector-store content until deleted
Website/usage analytics	Typically 14–26 months
Security/access logs	Typically up to 12 months

We may keep data longer where required to comply with law or to establish, exercise, or defend legal claims.

15. Your Rights

Under UK data protection law you have the right to:

Access the personal data we hold about you;
Request rectification of inaccurate or incomplete data;
Request erasure (“right to be forgotten”) in certain circumstances;
Request restriction of processing;
Object to processing based on legitimate interests, and to direct marketing at any time;
Request data portability for data you provided, where applicable;
Withdraw consent at any time where we rely on consent;
Not be subject to solely automated decisions producing legal or similarly significant effects (we do not currently make such decisions).

To exercise any right, contact us using the details in Section 1. We will respond within one month (extendable for complex requests). There is normally no charge. We may need to verify your identity.

Where the data is held by us as a processor on a client’s behalf, we will refer your request to that client (the controller) and assist them in responding.

Complaints. You can complain to us first, and we will try to resolve it. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at https://ico.org.uk or 0303 123 1113.

16. Security

We implement reasonable technical and organisational measures to protect personal data, including access controls, encryption in transit, hashed passwords, and the use of reputable infrastructure providers. However, no system can be guaranteed completely secure, and we cannot warrant that the Services will be free from unauthorised access or breach. We maintain procedures to detect, report, and respond to personal data breaches as required by law.

17. Children

The Services are intended for business and professional users and are not directed at children under 18. We do not knowingly collect data from children.

18. Changes to This Policy

We may update this Policy from time to time. We will post the updated version here with a revised “Last updated” date and, where changes are significant, take reasonable steps to notify you.

19. Contact

For any privacy question or to exercise your rights, contact:

Tech Brand Limited t/a Sales Triage — paul@salestriage.co.uk Suite 525, 5 The High St, Maidenhead, SL6 1JN, United Kingdom