SteerAI
SteerAI

International Data Transfers

Last updated: February 2026

Overview

SteerAI is operated by Hillway Property Consultants from the United Kingdom. To provide our AI-powered property advisory services, we transfer personal data to third-party processors located outside the UK. This page documents each processor, the data shared, and the legal safeguards in place.

All transfers are conducted in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Legal Basis for Transfers

International transfers from the UK to the United States are primarily protected by the following mechanisms:

  • UK-US Data Bridge — The UK Extension to the EU-US Data Privacy Framework, effective 12 October 2023, provides an adequacy mechanism for certified US organisations.
  • Standard Contractual Clauses (SCCs) — Where the UK-US Data Bridge does not apply, we rely on the International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs approved by the ICO.
  • Data Processing Agreements (DPAs) — Each processor has a signed DPA governing data handling, security measures, breach notification, and sub-processor management.

Third-Party Data Processors

Anthropic (Claude)

United States
Purpose:Primary AI model powering specialist advisors
Data shared:Conversation content, uploaded document text
Safeguards:UK-US Data Bridge, DPA in place, zero data retention for training

OpenAI (GPT-4)

United States
Purpose:Multi-model validation and AI Council cross-checking
Data shared:Conversation content (Professional tier)
Safeguards:UK-US Data Bridge, DPA in place, zero data retention for training

Google (Gemini)

United States
Purpose:Multi-perspective validation and response quality assurance
Data shared:Conversation content (Professional tier)
Safeguards:UK-US Data Bridge, Standard Contractual Clauses, DPA in place

Supabase

United States
Purpose:Database hosting, authentication, and file storage
Data shared:All account data, conversations, documents, files
Safeguards:UK-US Data Bridge, SOC 2 Type II, encryption at rest and in transit

Vercel

United States
Purpose:Application hosting and deployment (edge network)
Data shared:Request logs, IP addresses, performance metrics
Safeguards:UK-US Data Bridge, SOC 2 Type II, edge functions in EU available

Stripe

United States
Purpose:Payment processing and subscription management
Data shared:Name, email, payment method tokens (no card numbers stored by SteerAI)
Safeguards:UK-US Data Bridge, PCI-DSS Level 1, Standard Contractual Clauses

Resend

United States
Purpose:Transactional email delivery
Data shared:Email addresses, email content (welcome sequence, notifications)
Safeguards:UK-US Data Bridge, DPA in place

Upstash

United States
Purpose:Distributed rate limiting (Redis)
Data shared:Anonymised request counters (no personal data stored)
Safeguards:UK-US Data Bridge, SOC 2 Type II, data encrypted at rest

Sentry

United States
Purpose:Error monitoring and performance tracking
Data shared:Error stack traces, request metadata, IP addresses
Safeguards:UK-US Data Bridge, SOC 2 Type II, DPA in place, PII scrubbing enabled

Your Rights

You have the right to obtain a copy of the safeguards we have in place for any international transfer. To exercise this right, or to raise any concerns about how your data is transferred, please contact us at matt@hillwayco.uk.

You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Related Documents

Privacy PolicyTerms of Service
International Data Transfers - SteerAI | SteerAI