How we collect, use, and protect your data in compliance with UK GDPR.
Last Updated: March 2026
UtterConnection ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (utterconnection.com) or use our services, and tell you about your privacy rights and how the law protects you.
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. As a consultancy serving the legal sector, we treat the confidentiality and security of our clients' data — and their clients' data — as our highest priority.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By law we have to keep basic information about our clients (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being clients for tax purposes.
Under certain circumstances, you have rights under data protection laws (UK GDPR) in relation to your personal data, including the right to:
If you wish to exercise any of the rights set out above, please contact us via our contact page.
When providing our consultancy services (including the Institutional Sight framework implementation), UtterConnection acts as a Data Processor under the UK GDPR. In accordance with Article 28 of the UK GDPR, we process any client personal data solely on the documented instructions of the data controller (our client law firm). Our standard engagement terms incorporate a comprehensive Data Processing Addendum (DPA) which guarantees: (1) all client data remains strictly within the UK/EU, (2) zero retention or training use of data by third-party LLM providers, and (3) immediate deletion of data upon contract termination.