Legal
Privacy Policy
Effective date: 22 June 2026
This Privacy Policy explains how House of STK Ltd, operating as LLM Cost Audit ("LLM Cost Audit", "we", "us", or "our"), handles personal information in connection with our website and our LLM inference cost audit services (together, the "Services"). We keep what we collect to the minimum needed to respond to you and to deliver our work, and confidentiality is built into how we operate.
If you have any questions, contact us at hello@houseofstk.com.
1. Information we collect
Information you give us
When you submit our contact form, we collect only four fields:
- your name;
- your work email address;
- your company name; and
- an approximate monthly LLM spend range (selected from a list).
We deliberately do not ask for billing credentials, account access, prompts, or usage data through the form. If you email or otherwise correspond with us, we also keep the contents of that correspondence and your contact details.
Engagement information (provided under NDA)
If you engage us, you may share a usage export from your AI provider account so we can analyse it. A usage export consists of aggregate metadata — such as token counts, model mix, call volumes, and the cost figures on your invoices. We do not ask for, and you should not send, the content of your prompts or responses, your customers' data, or your API keys and account credentials. All such engagement information is treated as Confidential Information under a mutual non-disclosure agreement signed before any data is shared, is used solely to perform your audit, and is never used to train models or for marketing.
Information collected automatically
When you visit the website, our hosting provider automatically processes standard server and security log data, which may include your IP address, browser type, device information, referring pages, and timestamps. This is used to operate, secure, and debug the site.
2. How we use information
We use personal information to:
- respond to your enquiry and arrange a possible engagement;
- provide, perform, and improve the Services and the deliverables;
- send you transactional messages (for example, a confirmation of your enquiry, next steps, and a link to follow up);
- operate, secure, and maintain the website; and
- comply with our legal obligations and enforce our agreements.
Legal bases (where the GDPR or UK GDPR applies). We rely on: your consent and our legitimate interests in responding to enquiries and operating our business when you contact us; the performance of a contract with you (or steps taken at your request before entering one) when we deliver an audit; and compliance with a legal obligation where applicable. Where we rely on legitimate interests, we have balanced them against your rights and consider them not to be overridden.
3. How we share information
We do not sell your personal information, and we do not share it for cross-context behavioural advertising. We disclose personal information only to the limited set of service providers that help us run the Services, each of which is bound to process it only on our instructions, and to others where required to do so.
| Provider | Purpose | Location |
|---|---|---|
| Vercel Inc. | Website hosting and infrastructure | United States |
| Resend (Plus Five Five, Inc.) | Sending transactional email | United States |
| Neon Inc. | Database storage of enquiry and consent records | United States |
| Slack Technologies | Optional follow-up chat, only if you choose to join | United States |
We may also disclose information: to professional advisers; in connection with a corporate reorganisation or transfer of the business; and where required by law, legal process, or to protect rights, safety, and property. We maintain and update the list of service providers above as our operations change.
4. International transfers
Our service providers process personal information in the United States. If you access the Services from outside the United States, your information will be transferred to and processed there and in other countries that may not provide the same level of data protection as your home jurisdiction. Where required, we rely on appropriate safeguards for such transfers, such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or a recognised adequacy framework.
5. How long we keep it
We keep personal information only for as long as necessary for the purposes described above:
- Enquiries that do not become engagements: kept for up to 24 months so we can follow up, then deleted or anonymised.
- Engagement information and usage exports: retained for the duration of the engagement and deleted promptly on completion or on your written request, except for limited records we are required to keep, as described in our mutual NDA.
- Server and security logs: retained for a short period consistent with security and operational needs.
6. Your rights
Depending on where you live, you may have some or all of the following rights over your personal information: to access it; to correct inaccurate information; to delete it; to restrict or object to its processing; to data portability; and to withdraw consent at any time (without affecting prior processing).
If you are in California (CCPA/CPRA), you have the right to know what we collect, to access and delete it, to correct it, and to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights. We honour Global Privacy Control (GPC) and other recognised opt-out preference signals.
To exercise any right, email hello@houseofstk.com. We will respond within the time required by applicable law and may need to verify your identity first. If you are in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO); elsewhere, you may complain to your local data protection authority.
7. Security
We use reasonable technical and organisational measures designed to protect personal information, including limiting access on a need-to-know basis, working with reputable infrastructure providers, and minimising the data we collect in the first place. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
Personal information travels over the internet and is processed by third-party providers. To the fullest extent permitted by law, we are not responsible for the security practices, acts, omissions, outages, or breaches of third-party services beyond our reasonable control, nor for data lost, intercepted, or accessed without authorisation in transmission or transfer over networks, systems, devices, or accounts that we do not control, except to the extent directly caused by our own breach of our obligations.
8. Cookies and analytics
The website does not use advertising or cross-site tracking cookies. We do not build advertising profiles of visitors. Any analytics we use are limited to privacy-respecting, aggregate measurement that does not identify you individually. Our hosting provider may set strictly necessary cookies or process log data to operate and secure the site.
9. Children
The Services are intended for businesses and are not directed to children, and we do not knowingly collect personal information from anyone under 16.
10. Third-party services
The Services reference and may link to third parties, including AI providers such as OpenAI and Anthropic. We are not affiliated with those providers, and their handling of your information is governed by their own privacy policies. Your use of their APIs is governed by your agreements with them.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the effective date above, and we review this policy at least once a year. Material changes will be reflected on this page.
12. Governing law
This Privacy Policy and any dispute relating to it are governed by the laws of England and Wales.
13. Contact
Questions, requests, or complaints about this policy or your personal information can be sent to hello@houseofstk.com.