Stirling Access

Privacy Policy

Last updated: 19 March 2026

1. Who We Are

Stirling Access (stirlingaccess.com) is operated by Ant vs Bear Ltd, a company registered in England and Wales.

Registered address: 128 City Road, London, EC1V 2NX
Contact: [email protected]

For the purposes of UK GDPR and the Data Protection Act 2018, Ant vs Bear Ltd is the data controller. This policy explains what personal data we collect, why, how we use it, who we share it with, and your rights.

Stirling Access is a luxury concierge and intelligence platform that connects clients with the right service providers across high-value service categories. Our current service is private aviation (charter flight matching, routing, and brokerage). We may expand to additional service categories in the future — when we do, this policy will be updated to reflect any new data processing activities.

2. How You Interact With Us

You may interact with Stirling Access through the following channels:

  • Website — stirlingaccess.com (quote requests, calculator tools, contact forms, account registration)
  • WhatsApp — via our AI concierge assistant, accessible from the website or by messaging our WhatsApp Business number directly
  • Email — direct correspondence and transactional notifications

Each channel collects different data, described below.

3. Data We Collect

3.1 Website — data you provide

  • Quote requests: name, email address, travel route, dates, passenger count, budget range, and any additional information you choose to provide.
  • Account registration: name, email address, password (hashed — never stored in plain text), and account preferences.
  • Contact form: name, email address, and the content of your message.
  • Newsletter subscription: email address only.

3.2 WhatsApp AI Concierge — data collected during conversations

When you engage with our WhatsApp AI concierge, we collect and store the following, with your knowledge and agreement to these terms:

  • WhatsApp profile data: your phone number and display name as provided by WhatsApp/Meta.
  • Message content: the full text of messages you send to our concierge, and the replies sent to you. These are stored to maintain conversation continuity.
  • Travel requirements: origin, destination, travel dates, passenger count, budget, and timing flexibility — as disclosed during conversation.
  • Service routing: which service provider category best suits your needs, as determined through conversation.
  • Preference profile (with your explicit consent): your usual travel patterns, preferred aircraft types, preferred travel days, regular companions, catering or dietary requirements, special requirements, and price sensitivity — built up over time as you engage with the assistant.
  • Companion and passenger details: names and WhatsApp numbers of travel companions, where you choose to share these so we can send them flight updates. Companions are contacted only with their own consent.
  • Sensitive personal information you choose to share: if, in the course of making a booking or completing travel arrangements, you send us identification documents (such as passport details), home address, or other sensitive personal information via WhatsApp, we will store this data securely to fulfil your request. We will never ask for this information unprompted — only to complete a specific service you have requested.

3.3 Data collected automatically

We use Plausible Analytics, a privacy-focused analytics service that does not use cookies and does not collect personal data. Data gathered is fully anonymous and aggregated (pages visited, referral source, country, device type). This data cannot identify you.

Standard server logs (IP address, request time, browser type) are retained for up to 30 days for security and operational purposes.

4. How Our AI Concierge Works

Our WhatsApp concierge is powered by an AI language model (provided by Anthropic, Inc. — see Section 8 for details). This means:

  • Your messages are processed by an automated AI system, not a human, on initial contact.
  • The AI analyses what you write and generates replies based on your stated needs.
  • The AI extracts structured data from the conversation (route, passenger count, service tier) and saves it to your profile automatically.
  • Routing decisions (which provider category to connect you with) are made automatically based on your stated preferences and travel frequency.
  • A human at Stirling Access may review conversation transcripts for quality assurance, complaint handling, or to fulfil a specific service request.

Under UK GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing if that decision produces significant legal or similarly significant effects. The routing decisions made by our AI are preparatory actions (selecting which category of provider to approach) — they do not constitute legally significant decisions. You may always request human review by emailing [email protected].

5. Legal Basis for Processing

We process your data on the following legal bases:

  • Contract (Article 6(1)(b)): processing necessary to fulfil a service you have requested — quote submissions, booking assistance, account management.
  • Legitimate interests (Article 6(1)(f)): operating and improving the concierge service, routing enquiries to the most suitable providers, maintaining conversation continuity, security monitoring. We have balanced these interests against your rights and determined the processing is proportionate.
  • Consent (Article 6(1)(a)): building and retaining a preference profile; sending WhatsApp messages to travel companions you name; email newsletter subscriptions. You may withdraw consent at any time (see Section 11).
  • Legal obligation (Article 6(1)(c)): where we are required by law to retain or disclose data.

Where you choose to share sensitive personal data (such as identification documents or health/dietary information relevant to a booking), we process this on the basis of your explicit consent and, where applicable, because processing is necessary for the performance of a contract (Article 9(2)(a) and (b)). You are never required to share such data — it is offered only where you wish to use an advanced booking or fulfilment service.

6. How We Use Your Data

  • To provide the concierge service: understanding your needs and routing your enquiry to the appropriate service provider category.
  • To connect you with providers: sharing your relevant travel details with the broker, operator, or programme provider best matched to your needs (see Section 7).
  • To maintain continuity: storing conversation history and preference profiles so that returning clients do not need to repeat themselves.
  • To notify companions: sending opt-in WhatsApp messages to travel companions you name, so they receive flight details directly.
  • To manage your account: if you register an account, to provide access to your quote history, active enquiries, and saved preferences.
  • To communicate with you: transactional emails (quote status, booking updates), and newsletter content where you have subscribed.
  • To improve our service: reviewing anonymised conversation patterns to improve the concierge's accuracy and response quality.
  • For security and fraud prevention: detecting and preventing misuse of our platform.

7. Data Sharing

We share personal data only in the following circumstances. We never sell personal data, and we never share it with third parties for advertising or marketing purposes.

7.1 Service providers (third parties you are routed to)

When you engage the concierge to source a flight or service, your relevant details (name, contact information, route, dates, passenger count, and any specific requirements) are shared with the matched service provider(s). Current provider categories include:

  • Private charter brokers (for one-off charter enquiries)
  • Empty-leg operators (for flexible, price-sensitive travel)
  • Jet card and aviation programme providers (for frequent flyers)
  • Dedicated charter operators (for regular, high-volume clients)

As Stirling Access expands into additional service categories, this list will be updated. Each provider operates under their own privacy policy and is independently responsible for their handling of your data once received. We only share the minimum data necessary to fulfil your request.

7.2 Technology and infrastructure sub-processors

We use the following sub-processors to operate Stirling Access:

  • Anthropic, Inc. (USA) — AI language model provider. Message content is processed by Anthropic's Claude API to generate concierge responses. Anthropic processes data under a data processing agreement and does not use API inputs to train models.
  • Meta Platforms, Inc. (USA) — WhatsApp Business API provider. Message delivery, phone number verification, and message metadata are processed by Meta in accordance with their WhatsApp Privacy Policy and Meta's Business Terms.
  • Supabase, Inc. (USA) — Database and authentication provider. All client data, conversation histories, and preference profiles are stored in Supabase infrastructure hosted in the EU (eu-west-2 region).
  • Vercel, Inc. (USA) — Website hosting and serverless infrastructure. Data transits Vercel's edge network; no personal data is persistently stored at Vercel beyond standard request logs (30 days).
  • Resend, Inc. (USA) — Transactional email delivery. Email addresses and the content of transactional emails are processed by Resend to deliver notifications.
  • Plausible Analytics (EU) — Anonymous, cookieless website analytics. No personal data processed.

All sub-processors are bound by data processing agreements. Where data is transferred outside the UK or EEA, appropriate safeguards are in place (including Standard Contractual Clauses or adequacy decisions).

7.3 Legal disclosure

We will disclose personal data if required to do so by applicable law, court order, or regulatory authority, or where necessary to protect the safety of any person or the integrity of our systems.

8. WhatsApp — Specific Notice

Our WhatsApp concierge operates via the Meta WhatsApp Business API. By messaging our WhatsApp number, you acknowledge:

  • Your phone number, WhatsApp display name, and message content are transmitted to and processed by Meta Platforms under Meta's terms of service and privacy policy.
  • Message content is also received and processed by Stirling Access (via Ant vs Bear Ltd) and our AI sub-processor (Anthropic) as described in this policy.
  • End-to-end encryption applies between your device and Meta's servers. Message content is decrypted by Meta for delivery to the Business API and is then transmitted to our servers over TLS.
  • You may opt out of WhatsApp communications from Stirling Access at any time by sending the word STOP to our WhatsApp number, or by contacting us at [email protected]. Opting out will stop further proactive messages but will not delete your existing data (see Section 10 for erasure requests).

9. Data Retention

  • WhatsApp conversation history: retained for 36 months from your last active conversation, then deleted.
  • Preference profiles: retained while your profile is active. If you have not engaged with Stirling Access for 36 months, your profile is automatically deleted.
  • Companion passenger data: retained for 12 months from the date of the trip or from the date of consent request, whichever is later, then deleted.
  • Sensitive personal data (e.g. identification documents): retained only as long as necessary to fulfil the specific request for which it was provided, and deleted within 90 days of completion unless legal obligations require otherwise.
  • Quote and booking records: retained for 36 months for operational and record-keeping purposes, then deleted.
  • Account data: retained while your account is active, plus 12 months after account closure.
  • Contact form enquiries: retained for 12 months, then deleted.
  • Email subscriptions: retained until you unsubscribe.
  • Server logs: retained for 30 days, then automatically purged.
  • Anonymous analytics: aggregated, non-personal — retained indefinitely.

10. Security

We take the security of your personal data seriously. Our technical and organisational measures include:

  • All data in transit encrypted via TLS 1.2 or higher.
  • Database encryption at rest (Supabase AES-256).
  • Access controls: only authorised Ant vs Bear Ltd personnel may access personal data, and only for the purposes described in this policy.
  • Webhook signature verification for all inbound WhatsApp messages (HMAC-SHA256).
  • No plain-text storage of passwords or sensitive credentials.

No method of transmission or storage is completely secure. In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR Article 33.

11. Your Rights Under UK GDPR

You have the following rights regarding your personal data, exercisable by contacting [email protected]:

  • Right of access (Article 15): to receive a copy of the personal data we hold about you.
  • Right to rectification (Article 16): to have inaccurate or incomplete data corrected.
  • Right to erasure (Article 17): to request deletion of your data, subject to legal obligations. To delete your WhatsApp profile and conversation history, email us or send DELETE MY DATA to our WhatsApp number.
  • Right to restrict processing (Article 18): to limit how we process your data while a dispute is resolved.
  • Right to data portability (Article 20): to receive your data in a structured, machine-readable format.
  • Right to object (Article 21): to processing based on legitimate interests.
  • Right to withdraw consent (Article 7(3)): at any time, for any processing based on consent (preference profiling, newsletter, WhatsApp outreach). Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Rights related to automated decision-making (Article 22): to request human review of any automated routing or profiling decision.

We will respond to all requests within 30 days. In complex cases we may extend this to 60 days with notice.

If you are dissatisfied with our handling of your data or your rights request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12. Children

Stirling Access is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected].

13. Cookies

Stirling Access does not use advertising or tracking cookies. We use session cookies for account login functionality only. Our analytics provider (Plausible) is cookieless.

14. Changes to This Policy

We may update this policy as our services evolve or as legal requirements change. When we make material changes, we will:

  • Update the "last updated" date at the top of this page.
  • Notify active WhatsApp users via a message to their WhatsApp number.
  • Notify registered account holders via email.

Continued use of Stirling Access after a policy update constitutes acceptance of the revised terms.

15. Contact

For all privacy-related enquiries, rights requests, or concerns:

Ant vs Bear Ltd
128 City Road
London, EC1V 2NX
United Kingdom
[email protected]