← Back to sample deliverables

Sample privacy notice update

Most businesses say “we use AI” somewhere in the footer and call it done. This shows the difference between a generic privacy notice and one that actually reflects AI processing, vendor use, and retention.

Download exampleStart with a £500 scoping review

Before

Generic notice language

  • “We collect your name, email address, and account details to provide our services.”
  • “We may use third-party processors.”
  • No reference to AI decision-support, prompts, transcripts, or model providers.
  • No retention rule for AI conversation data or generated outputs.

After

AI-aware notice language

  • States that customer queries are processed through an AI assistant to answer routine requests.
  • Names the processor categories involved: hosting, analytics, and AI model provider.
  • Explains where data goes, including any international transfer safeguards.
  • Specifies retention for transcripts, logs, and derived outputs.
  • Clarifies when a human reviews or overrides AI outputs.

What buyers should notice

This is not about longer legal text. It is about making the document match the real system: what data enters it, where it goes, how long it stays there, and what the user is actually interacting with.

That is the difference between “we updated the privacy notice” and “we updated it properly.”