Privacy Policy
Plain English, like everything else we do. This explains what data we collect, why, where it goes, and your rights over it.
Last updated: 16 July 2026
1. Who we are
OtiumLab is a trading name of Marcin Lewandowski trading as Depthia, a sole trader registered in the United Kingdom. We are the "data controller" for the personal data described in this policy.
- Address: 66 Paul Street, London EC2A 4NA
- Email: hello@otiumlab.com
- ICO registration number: ZC164548
2. What we collect, and why
The free scan
The free Otium Score scan is anonymous by design. Your answers, score, business type and team size are recorded as anonymous statistics with no name, email, phone number, cookie or other identifier attached — we cannot link them to you, so they are not personal data.
If you choose to enter your email at the end of the scan, we collect that email together with your score, answers and business details, and use it to send you the written breakdown you asked for. Legal basis: consent. We will only send you marketing (occasional tips) if you separately tick the box for it, and every such email includes an unsubscribe link.
Paid services (Diagnostic, Otium Audit, The Build)
When you book a paid service we collect your name, contact details, business information, your answers to intake questions, and payment confirmation. Payments are processed by Stripe — we never see or store your card details. Legal basis: performance of a contract.
Phone calls with Ellie (our AI assistant)
When you book a paid service, our AI assistant Ellie calls you. These calls are made using AI voice technology and are recorded and transcribed so we can prepare your deliverables accurately. You will be told at the start of the call that you are speaking with an AI assistant and that the call is recorded. Recordings are kept for up to 120 days after your deliverables are completed — long enough to give us context if you upgrade within your 90-day credit window — then deleted. Legal basis: performance of a contract and our legitimate interest in delivering accurate work.
Website analytics (only with your consent)
With your consent via our cookie banner — and only then — we use Google Analytics 4 (visitor statistics) and Microsoft Clarity (anonymised session recordings and heatmaps) to understand how the site is used and improve it. If you decline, these tools are never loaded. Legal basis: consent. See our Cookie Policy for details.
Email and general correspondence
If you email us, we keep the correspondence for as long as needed to deal with your enquiry and for our records. Legal basis: legitimate interest.
3. What we never do
- We never sell your data.
- We never share your data with third parties for their marketing.
- We never send marketing without an explicit opt-in.
- We never use your business's data (from calls or audits) for anything other than delivering your service.
4. Who processes data on our behalf
Like nearly every modern business, we use established service providers to run our operations. Each acts as a "processor" under our instructions:
- Vercel (website hosting)
- Google (Analytics — with consent; Workspace and Sheets for business records)
- Microsoft (Clarity analytics — with consent)
- Tally (booking and intake forms)
- Stripe (payment processing)
- Retell AI (AI phone calls)
- Loom (video walkthroughs prepared for you)
Some of these providers store data in the United States. Where they do, transfers are safeguarded by the UK Extension to the EU-US Data Privacy Framework or by the UK International Data Transfer Agreement / Addendum (IDTA), as applicable.
5. How long we keep things
- Scan breakdown emails: your email is deleted, or moved to our marketing list only if you opted in, once the breakdown is sent and any follow-up concluded.
- Marketing list: until you unsubscribe (one click, every email).
- Client records and deliverables: 6 years, as required for UK tax purposes.
- Call recordings and transcripts: up to 120 days after delivery, then deleted.
- Anonymous scan statistics: indefinitely (they contain no personal data).
6. Your rights
Under UK GDPR you have the right to:
- Access a copy of the personal data we hold about you
- Have inaccurate data corrected
- Have your data erased ("right to be forgotten")
- Restrict or object to our processing
- Receive your data in a portable format
- Withdraw consent at any time, where consent is the legal basis
To exercise any of these, email hello@otiumlab.com — we respond within one month. If you're unhappy with how we handle your data, you can complain to the Information Commissioner's Office at ico.org.uk — though we'd appreciate the chance to put it right first.
7. Security
Data is encrypted in transit (HTTPS everywhere), access to systems holding personal data is restricted and protected by strong authentication, and we collect the minimum we need in the first place — the free scan being the clearest example: it works with no personal data at all.
8. Children
Our services are for businesses and are not directed at anyone under 18. We do not knowingly collect data from children.
9. Changes to this policy
If we make material changes, we'll update the date at the top and, where we hold your email for an active purpose, tell you directly. Minor clarifications may be made without notice.
10. Contact
Questions about this policy or your data: hello@otiumlab.com.