Summary: We collect only what we need, we don't sell your data, and you can ask us to delete it at any time. The full details are below.
1. Who We Are
socialmedia.pm is a digital services business providing AI-powered websites and lead automation services to small businesses. We are the data controller for personal data collected through this website.
If you have any questions about this policy or how we handle your data, contact us at hello@socialmedia.pm.
2. What Data We Collect
Contact Form
When you submit a contact form, we collect:
- Your name
- Email address
- Phone number (optional)
- Business name (optional)
- Your message and service interest
Customer Portal
If you become a customer and access the client portal, we collect:
- Email address (for passwordless authentication)
- Business name and contact details
- Billing and invoice information
- Support ticket content and correspondence
Payments
Payments are processed by Stripe. We do not store your card details — these are handled directly by Stripe and are subject to their privacy policy.
Website Usage
We do not currently use cookies for tracking or advertising. We may collect basic server logs (IP address, browser type, pages visited) for security and diagnostic purposes.
3. How We Use Your Data
- To respond to enquiries — when you contact us through the website
- To deliver services — managing your subscription, invoices, and support tickets
- To send transactional emails — confirmations, invoices, and replies to your requests
- To improve our service — understanding how the site is used
We do not use your data for advertising, profiling, or automated decision-making.
4. Legal Basis for Processing
Under UK GDPR, we process your data on the following bases:
- Contractual necessity — to deliver services you've purchased
- Legitimate interests — to respond to enquiries and improve our service
- Consent — where you've opted in to communications
- Legal obligation — where required by law (e.g. keeping financial records)
5. Who We Share Your Data With
We share your data only with the third-party services required to operate:
- Resend — transactional email delivery (privacy policy)
- Stripe — payment processing (privacy policy)
- Supabase — secure database and authentication (privacy policy)
- Vercel — website hosting (privacy policy)
We do not sell, rent, or trade your personal data to any third parties.
6. Data Retention
We retain your data for as long as necessary to provide services and meet legal obligations:
- Contact enquiries — 2 years unless you become a customer
- Customer records — 7 years (UK tax law requirement for financial records)
- Support tickets — 2 years after resolution
7. Your Rights
Under UK GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction — ask us to limit how we process your data
- Object — object to processing based on legitimate interests
To exercise any of these rights, email us at hello@socialmedia.pm. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Security
We take reasonable technical and organisational measures to protect your data, including HTTPS encryption, secure authentication, and row-level database security. No transmission over the internet is 100% secure, but we follow industry best practices.
9. Changes to This Policy
We may update this policy from time to time. The date at the top of this page will reflect the most recent revision. Continued use of our services after changes constitutes acceptance of the updated policy.
10. Contact
For any privacy-related questions or requests:
Email: hello@socialmedia.pm
Website: socialmedia.pm