
This Privacy Policy explains how I, Michael MacDonald, trading as Brains Before Bots ("Brains Before Bots", "I", "me", "my"), collect, use, and protect your personal information when you interact with my business.
I operate as a sole trader registered in England and Wales, providing Shadow AI Governance consultancy services to UK professional services agencies. I am committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
As a sole trader, I am personally responsible as the data controller for all data processing activities conducted under the Brains Before Bots trading name.
I collect and process the following categories of personal information:
When you visit www.brainsb4bots.com, I may collect:
When you subscribe to my newsletter "Craft with Command" via Beehiiv, I collect:
When you download resources (checklists, templates, frameworks) via my website or Systeme.io, I collect:
When you engage my consultancy services, I collect:
When you contact me via email, LinkedIn, or through website forms:
I use your personal information for the following purposes:
Legal Basis: Legitimate interests (improving my services and website security)
Legal Basis: Consent (you can unsubscribe at any time)
Legal Basis:
If you opt out of marketing communications, I will only use your email to deliver the resource you requested and for essential service communications.
Legal Basis: Contract performance and legitimate interests (service delivery and business operations)
Legal Basis: Legitimate interests (responding to communications)
Your information is stored using the following platforms:
Some of the platforms I use are based in the United States or other jurisdictions outside the UK/EU. Where I transfer your data internationally, I ensure appropriate safeguards are in place:
I conduct transfer risk assessments for all international data transfers to ensure:
If you have specific concerns about international data transfers or would like copies of transfer mechanism documentation, please contact me at hello@brainsb4bots.com.
I implement appropriate technical and organisational security measures to protect your personal information, including:
Important Note on Sole Trader Liability: As a sole trader, I bear personal unlimited liability for data protection compliance. I take this responsibility seriously and implement security measures appropriate to the sensitivity of the data I process.
I retain your personal information only for as long as necessary:
I use cookies and similar technologies on my website. Please see my separate Cookie Policy for comprehensive details.
In summary:
I do not currently use marketing or advertising cookies. If this changes in future, I will update this policy and request your consent.
As a data subject, you have the following rights regarding your personal information:
You can request confirmation of whether I process your personal data and obtain a copy of that data.
You can request correction of inaccurate or incomplete personal data.
You can request deletion of your personal data in certain circumstances, including:
Limitations: I may retain certain data where required by law (e.g., financial records for 7 years) or where I have overriding legitimate interests.
You can request restriction of processing in certain circumstances, such as when you contest the accuracy of data.
You can request to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller where:
You can object to processing based on legitimate interests or for direct marketing purposes. I will cease processing unless I can demonstrate compelling legitimate grounds.
Where processing is based on consent, you can withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.
I do not use automated decision-making or profiling that produces legal or similarly significant effects.
To exercise any of these rights, please contact me at:
Email: hello@brainsb4bots.com
Post: Michael MacDonald, Brains Before Bots, 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, W1T 6EB
I will respond to requests within one month. If your request is complex or numerous, I may extend this period by two months, notifying you of the extension.
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, I am committed to handling it responsibly and in accordance with UK GDPR requirements.
If a breach occurs:
If you believe your personal data has been compromised in relation to my services, please contact me immediately at hello@brainsb4bots.com so I can:
I maintain appropriate technical and organisational security measures to prevent breaches, including:
While I take data security very seriously, no system can be 100% secure. I continuously monitor and improve my security measures to protect your personal information.
I do not sell, rent, or trade your personal information to third parties.
I may share your information with:
I use trusted third-party service providers who process data on my behalf:
All service providers are bound by data processing agreements requiring them to:
I may disclose your information if required by law or if I believe disclosure is necessary to:
As a sole trader, if I were to sell or transfer my business, your personal data may be transferred to the acquiring party, subject to the same privacy protections outlined in this policy. You would be notified of any such transfer.
My services are intended for businesses and professionals. I do not knowingly collect personal information from individuals under 16 years of age. If I become aware that I have inadvertently collected such information, I will take steps to delete it promptly.
My website may contain links to third-party websites (including LinkedIn, Beehiiv subdomain, external research sources). I am not responsible for the privacy practices of these external sites. I encourage you to read the privacy policies of any third-party sites you visit.
I may update this Privacy Policy from time to time to reflect changes in my practices, legal requirements, or service offerings. The "Last Updated" date at the top indicates when the policy was last revised.
Significant changes will be communicated via:
Your continued use of my services after changes indicates acceptance of the updated policy.
If you have questions about this Privacy Policy or how I handle your personal data:
Michael MacDonald, Trading as Brains Before Bots
Email: hello@brainsb4bots.com
Post: 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, W1T 6EB, United Kingdom
I aim to resolve all privacy concerns promptly and transparently.
You have the right to lodge a complaint with the UK supervisory authority for data protection:
Information Commissioner's Office (ICO)
However, I would appreciate the opportunity to address your concerns before you contact the ICO, so please contact me first if possible.
Important: Michael MacDonald operates as a sole trader, not a limited company. This means:
This structure means I take data protection compliance very seriously, as I bear full personal responsibility for any breaches or non-compliance issues.
© 2026 Michael MacDonald trading as Brains Before Bots. All rights reserved.
Last Updated: 21 January 2026