Trust
Four Rules for Automation You Can Actually Trust
Most automation vendors treat the rules as fine print. We built ours into the machine: lawful basis checked before any message, AI always disclosed, no scoring of people, no sensitive data. Here is why each rule exists.
Automation that messages your customers carries your name. If it spams, your business spams. If it pretends to be human, your business lied. Most vendors handle this with a clause in the contract. We handle it with four rules built into the machine itself, checks that run before a message exists, not promises made after it goes wrong. Here is each rule, and why it exists.
Rule one: no message without a lawful basis
UK electronic-marketing law (PECR, sitting alongside UK GDPR) is stricter than most business owners realise, and since February 2026 the fine ceiling is £17.5m or 4 per cent of turnover. The detail that catches people out: a sole trader counts as an individual, so cold-messaging one requires consent, while a limited company can be contacted on an opt-out basis. Our system checks the basis before every marketing message: did this person contact you first, are they an existing customer, have they opted in? No basis, no message. And a reply of “STOP” halts everything, instantly, on every channel.
A rule enforced by the software is worth more than a clause enforced in court.
Rule two: we always say when it is an AI
Your customers are told, plainly and in the first message, when they are talking to an automated assistant. Partly because transparency rules are moving that way everywhere, but mostly because the alternative is corrosive: the day a customer discovers the “person” who handled their booking was a machine in disguise is the day they re-read every message you ever sent them. Disclosed automation that is fast and accurate builds trust. Concealed automation spends it.
Rule three: we never score, rank or auto-judge people
Software that rates human beings, job applicants, tenants, customers, drags its operator into automated-decision territory under UK GDPR Article 22 and into the highest-risk category of the new AI rules. So nothing we run does it. Our assistants move information and remove friction: they answer, chase, remind and ask. Decisions about people, who to hire, whose refund to approve, whose complaint is fair, stay with people. That line is not a limitation. It is the design.
Rule four: no medical or other sensitive data
UK GDPR treats certain data, health above all, as special category, with obligations to match. The cleanest way to protect it is to never hold it. Our systems are built so that data never enters them: there is no breach surface to defend because there is nothing there to breach. When a prospective client needs that kind of data handled, a clinic, a care provider, we say so honestly and point them to specialists, rather than stretching our system somewhere it should not go.
What this buys you
Each rule removes a category of risk before it can attach to your business: the PECR complaint, the reputation hit, the automated-decision claim, the data breach. And they cost us sales, occasionally, which is rather the point. A vendor who will automate anything is telling you what their promises are worth. We would rather be the one whose refusals you can rely on, because the same machinery that enforces our rules is the machinery running your customer messages.