Legal Document

Privacy & Policy

Effective Date 01 June 2025 Last Updated 01 June 2026 Version 2.4

At our digital agency, your privacy is not a checkbox — it is a commitment embedded into every service we deliver, every tool we use, and every relationship we build. This Privacy Policy explains how we collect, process, store, and protect personal data when you interact with our website, engage our services, or communicate with our team.

By using our website or services, you acknowledge the practices described in this document. If you disagree with any part of this policy, please refrain from using our services and contact us to address your concerns directly.

01

Who We Are

We are a full-service digital agency specialising in brand identity, web design and development, digital marketing, SEO strategy, social media management, UI/UX design, and performance advertising. Our clients range from early-stage startups to established enterprises across diverse industries.

We act as both a Data Controller — when processing data on our own behalf (e.g. inquiries, analytics) — and a Data Processor — when handling data on behalf of our clients as part of contracted services. This distinction is important and is reflected throughout this policy.

For any privacy-related inquiries, our designated Data Privacy Lead can be contacted at privacy@youragency.com. We aim to respond to all requests within 5 business days.

02

Information We Collect

We collect information in two primary ways: data you provide directly, and data collected automatically through your interaction with our website and digital properties.

Information you provide to us:

  • Contact details (name, email address, phone number, company name) submitted through inquiry forms, project briefs, or direct email
  • Project requirements, creative briefs, and supporting documents shared during onboarding or active engagements
  • Billing and invoicing information (we do not store full payment card details — all payments are handled via PCI-DSS compliant processors)
  • Communications including emails, meeting notes, and feedback submitted through client portals
  • Account credentials for platforms we manage on your behalf (stored with encrypted secrets management)

Information collected automatically:

  • IP address, browser type, operating system, and device identifiers via server logs and analytics tools
  • Pages visited, scroll depth, session duration, click events, and referral sources
  • Geolocation data at a regional or city level (never precise GPS coordinates)
  • UTM parameters and campaign attribution data to measure the effectiveness of our own marketing
  • Error logs and performance metrics that help us maintain website quality
03

How We Use Your Data

We process your personal data only for specific, legitimate purposes and never in ways incompatible with those purposes. The primary uses of your data include:

  • Delivering services: to manage projects, communicate progress, share deliverables, and provide ongoing support as contracted
  • Client onboarding: to verify identity, set up accounts, and establish working processes at the start of an engagement
  • Invoicing and payments: to issue proposals, contracts, invoices, and process payments in compliance with applicable tax laws
  • Marketing communications: to send agency news, case studies, or service updates — only to contacts who have opted in or with whom we have an existing business relationship
  • Website improvement: to understand how visitors interact with our site, identify friction points, and improve the overall experience
  • Legal obligations: to comply with applicable laws, respond to legal requests, and enforce our terms of service

We operate on a need-to-know basis internally. Team members access client data only to the extent necessary for their role in the project.

04

Cookies & Tracking

Our website uses cookies and similar tracking technologies to enhance your experience and gather analytics data. Cookies are small text files stored on your device. We use the following categories:

  • Essential cookies: Required for the website to function. They cannot be disabled. Examples include session tokens and security cookies.
  • Analytics cookies: Help us understand traffic patterns and user behaviour using tools such as Google Analytics 4 (with IP anonymisation enabled) and self-hosted analytics platforms.
  • Marketing cookies: Used to track the performance of paid campaigns on platforms such as Google Ads and Meta Ads. Only deployed with your explicit consent.
  • Preference cookies: Remember settings like cookie consent status and UI preferences.

You may manage cookie preferences at any time through our cookie consent banner or via your browser settings. Withdrawing consent for non-essential cookies does not affect your ability to use the website.

We do not use cookies for fingerprinting, persistent cross-site tracking, or selling audience data to third-party advertisers.

05

Third-Party Services

In delivering our services, we engage trusted third-party tools and platforms. Each is selected based on their security standards, privacy practices, and suitability for professional agency work. Key categories include:

  • Cloud hosting & infrastructure: AWS, Google Cloud Platform, Vercel, and similar providers for website and application hosting
  • Communication tools: Email platforms (Google Workspace, Microsoft 365) and project management tools (Notion, Asana, Slack)
  • Analytics: Google Analytics 4, Plausible Analytics, or similar tools — always configured to minimise personal data exposure
  • Advertising platforms: Google Ads, Meta Ads Manager, LinkedIn Campaign Manager — used for client campaign delivery with appropriate data processing agreements in place
  • Payment processors: Stripe or equivalent PCI-DSS Level 1 compliant providers
  • CRM & client management: HubSpot or similar, used solely for managing our own business relationships

We maintain Data Processing Agreements (DPAs) with all sub-processors who handle personal data on our behalf. We do not sell, lease, or trade personal data to any third party for their own commercial purposes.

06

Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Our general retention schedule is as follows:

  • Active client data: Retained for the duration of the engagement plus 2 years after project close, to support warranty periods, references, and potential future work
  • Billing records: Retained for 7 years in compliance with financial regulations and tax requirements
  • Inquiry and prospect data: Retained for 18 months from last contact, unless a business relationship is established
  • Website analytics: Aggregated data retained indefinitely; individual session data deleted after 14 months
  • Marketing opt-out records: Retained indefinitely to honour suppression lists and prevent re-contact

Upon expiry of the relevant retention period, data is securely deleted or anonymised so it can no longer be attributed to an individual.

07

Your Rights

Depending on your jurisdiction, you may hold a range of rights regarding your personal data. We take these rights seriously and will respond to verified requests promptly:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your data where it is no longer necessary or where you withdraw consent
  • Right to restrict processing: Ask us to pause processing of your data under certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, email privacy@youragency.com with the subject line "Data Rights Request". We may ask you to verify your identity before processing the request. We will respond within 30 days.

08

Data Security

We implement technical and organisational measures proportionate to the sensitivity of the data we process. Our security practices include:

  • Encryption of data in transit (TLS 1.2+) and at rest using industry-standard algorithms
  • Access controls enforced via role-based permissions, multi-factor authentication, and principle of least privilege
  • Regular security reviews and vulnerability assessments on our own infrastructure
  • Secure handling of client platform credentials using dedicated secrets management tools
  • Incident response procedures with defined escalation paths and notification obligations

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, in accordance with applicable law.

No method of transmission over the internet or electronic storage is 100% secure. We continuously review and improve our measures, but cannot guarantee absolute security.

09

Children's Privacy

Our services are directed exclusively at business professionals and organisations. We do not knowingly collect personal data from individuals under the age of 16.

If you believe a minor has submitted personal data to us without appropriate consent, please contact us immediately at privacy@youragency.com and we will take prompt steps to delete that information.

10

Policy Changes

We may update this Privacy Policy periodically to reflect changes in our services, legal obligations, or industry best practices. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this document
  • Notify active clients by email where the change is significant and affects how their data is processed
  • Display a notice on our website for a minimum of 30 days following a material update

Your continued use of our website or services after a policy update constitutes acceptance of the revised terms. We encourage you to review this page periodically to stay informed.

Questions or Concerns?

We're here to help

If you have any questions about this Privacy Policy or how we handle your data, reach out to our privacy team directly.

privacy@youragency.com
Work with us

Let's build something worth clicking.

Tell us about your goals and we'll put together a free, no-obligation strategy tailored to your business.

Basic Information
Services Interested In
SEO
Google Ads (PPC)
Social Media Marketing
Website Development
AI SEO (AEO & GEO)
Local SEO
Additional Information