Privacy Policy

Steer AI is an AI-powered property advisory platform operated by Hillway Property Consultants (“we”, “our”, or “us”), based in Sheffield, United Kingdom. Our platform provides property professionals with access to specialist AI advisors covering areas such as PropTech strategy, commercial analysis, financial planning, property law, and business development.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Steer AI platform at https://www.steerai.uk. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this policy, please contact us at matt@hillwayco.uk.

We use your data for the following purposes:

• Provide AI advisory services — delivering personalised advice from our specialist AI advisors based on your company context and queries
• Improve the platform — analysing usage patterns to enhance features, fix issues, and develop new capabilities
• Process billing — managing your subscription, processing payments, and handling invoices through Stripe
• Communicate with you — sending service updates, welcome emails, and important account notifications
• Maintain security — monitoring for suspicious activity, preventing fraud, and enforcing our terms of service
• Legal compliance — meeting our obligations under applicable laws and regulations

Steer AI uses multiple large language models to provide advisory services. When you interact with our platform, your conversation data is processed by the following AI providers:

• Anthropic (Claude) — primary AI model powering all seven specialist advisors
• OpenAI (GPT-4) — used for multi-model validation and cross-checking critical decisions
• Google (Gemini) — used for multi-perspective validation and response quality assurance

Steer AI integrates with the following third-party services. Core services are essential for platform operation. Optional integrations are entirely under your control — you choose which to connect and can disconnect at any time.

You control which optional integrations to connect via your Settings page. We only access data from connected integrations when required to fulfil your advisory requests. You can revoke access at any time.

Your data is stored securely using Supabase, which provides enterprise-grade PostgreSQL database hosting. We implement multiple layers of security:

• Encryption in transit — all connections use TLS/HTTPS encryption
• Encryption at rest — database storage is encrypted at rest
• OAuth token encryption — all third-party integration tokens (Xero, Google, Microsoft) are encrypted using AES-256-GCM before storage
• Row-level security — database-level access controls ensure users can only access their own data
• Security headers — Content Security Policy, X-Frame-Options, and other protective HTTP headers are enforced
• Error monitoring — Sentry provides real-time error tracking to detect and resolve security issues promptly

We retain your data according to the following principles:

• Account data — retained for as long as your account is active, and deleted upon request
• Conversations — you can delete individual conversations at any time from the platform. All conversations are deleted when your account is closed.
• Uploaded documents — you can delete documents at any time. All documents are removed when your account is closed.
• Billing records — retained as required by UK tax and accounting regulations (typically 6 years)
• Usage analytics — aggregated and anonymised data may be retained indefinitely for platform improvement

Under the UK General Data Protection Regulation, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your personal data (“right to be forgotten”)
• Right to data portability — receive your data in a structured, commonly used format
• Right to object — object to the processing of your personal data in certain circumstances
• Right to restrict processing — request that we limit how we use your data
• Right to withdraw consent — where processing is based on consent, withdraw at any time

To exercise any of these rights, please contact us at matt@hillwayco.uk. We will respond to your request within one month, as required by law.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Steer AI uses only essential cookies required for the platform to function. We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

• Authentication cookies — managed by Supabase Auth to maintain your login session securely
• Theme preference — stores your light/dark mode preference locally

No consent banner is required as we only use strictly necessary cookies as defined under the Privacy and Electronic Communications Regulations (PECR).

Steer AI is a professional business tool designed for property professionals and is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a person under 18, we will take steps to delete that data promptly.

SteerAI is operated from the United Kingdom. To provide our services, we transfer personal data to third-party processors located in the United States. These transfers are protected by the UK-US Data Bridge (the UK Extension to the EU-US Data Privacy Framework), Standard Contractual Clauses (SCCs) approved by the ICO, and Data Processing Agreements with each processor.

For a complete list of all third-party data processors, the data shared with each, and the specific safeguards in place, please see our International Data Transfers page.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you via the email address associated with your account before the changes take effect. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: