How VenueMindAI collects, processes, and protects your data — and how our AI systems are designed to operate responsibly, transparently, and within legal boundaries.
VenueMindAI ("we", "our", "us") is a compliance technology company providing AI-powered Martyn's Law compliance audits for venues across the United Kingdom. Our registered address and data controller details are available on request.
We are committed to protecting the privacy and security of personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We collect personal data in the following circumstances:
Name, job title, email address, telephone number, venue name, venue address, venue type, approximate capacity, and any additional notes you provide.
Venue documentation, floor plans, staffing information, existing security procedures, and other materials provided for the purpose of conducting your compliance audit.
Standard analytics data including pages visited, time on site, browser type, and referring source. No personally identifiable information is collected through website analytics without your consent.
Email address provided voluntarily for the purpose of receiving compliance updates and Compliance Hub content.
We process your data under the following lawful bases under UK GDPR:
Processing necessary to deliver the audit services you have requested.
Improving our services and communicating relevant compliance updates.
Marketing communications and newsletter subscriptions, where you have opted in.
Where processing is required to comply with applicable law.
Audit records and associated documentation are retained for 6 years from the date of delivery, in line with standard UK commercial record-keeping practice. Enquiry data from non-proceeding contacts is deleted after 12 months. Newsletter subscriber data is retained until you unsubscribe. You may request deletion at any time (see Your Rights, below).
We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, or destruction. All data is processed and stored within the UK or the European Economic Area. We conduct regular security reviews and access controls are restricted to authorised personnel only.
VenueMindAI uses artificial intelligence as a core component of our compliance audit process. We believe transparency about how AI operates in our service is essential — both as a matter of good practice and as an emerging legal expectation.
This report was produced using the VenueMindAI Workflow, which utilises generative AI to assist in gap analysis against Martyn's Law frameworks. To ensure accuracy and compliance, all AI-generated findings have been verified and finalised by a human consultant. No personally identifiable information (PII) is processed through AI systems. For our full AI Responsibility Policy, please contact VenueMindAI.
Our AI platform cross-references venue data — including capacity, layout, staffing, and existing security documentation — against the full requirements of the Terrorism (Protection of Premises) Act. It identifies compliance gaps, generates structured recommendations, and produces draft procedural documents tailored to your venue type and tier.
Our AI does not make autonomous legal determinations. Every AI-generated audit output is reviewed by a qualified compliance specialist before delivery. The AI does not process sensitive personal data about individuals at your venue, nor does it make decisions that have legal effects on any individual without human oversight.
A VenueMindAI compliance specialist reviews, validates, and signs off every audit report before it is delivered to the client. AI outputs are treated as a first draft and professional starting point — not the final word. Responsibility for the report's accuracy rests with our human compliance team.
Venue data submitted for audit purposes is processed by our AI solely for the purpose of generating your compliance assessment. It is not used to train our AI models without your explicit written consent. Anonymised, aggregated data may be used to improve audit accuracy, with no personally identifiable information included.
VenueMindAI monitors developments in AI regulation, including the EU AI Act and UK Government AI governance frameworks, and will update our practices accordingly. Our audit reports are compliance guidance tools and do not constitute legal advice. Clients are advised to seek independent legal counsel for matters requiring formal legal opinion.
You have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data in certain circumstances.
Request we limit how we use your data in certain situations.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests or for direct marketing.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled unlawfully.
To exercise any of your rights, raise a data protection concern, or submit a subject access request, please contact our Data Compliance team: