1. Who we are
The Agency ("we", "our", "us") is a UK-based AI marketing and business systems company operating at theagency.io. We are the data controller for the personal data we process. For any privacy-related enquiries, contact us at hello@theagency.io.
2. What data we collect
We collect the following categories of personal data:
- • Contact information: Name, email address, phone number, and business name provided through our forms and custom AI strategy.
- • Business data: Information you provide about your business during onboarding, including services, pricing, and brand preferences.
- • Usage data: Pages visited, time on site, referral source, browser type, and device information collected through analytics.
- • Communication data: Messages sent through our contact form, email correspondence, and AI agent conversations.
3. How we use your data
We use your personal data for the following purposes:
- • To provide and improve our services, including building your AI revenue system and Company Brain.
- • To communicate with you about your account, enquiries, and service updates.
- • To send marketing communications where you have given consent (you can opt out at any time).
- • To analyse website usage and improve performance using anonymised analytics data.
- • To comply with legal obligations and protect our legitimate business interests.
4. Legal basis for processing (GDPR)
We process your data under the following legal bases:
- • Contract: Processing necessary to fulfil our service agreement with you.
- • Consent: Where you have explicitly consented to marketing communications.
- • Legitimate interest: For analytics, service improvement, and fraud prevention.
- • Legal obligation: Where we are required by law to retain or share data.
5. Third-party services
We use the following third-party services that may process your data:
- • GoHighLevel (GHL): CRM, email automation, and client communication. Data stored in the US with appropriate safeguards.
- • Netlify: Website hosting and form submissions. Data processed in the US under their privacy policy.
- • Google Analytics: Anonymous website usage tracking. We use IP anonymisation. Data processed per Google's data processing terms.
- • Stripe: Payment processing. We do not store your card details. All payments are processed securely by Stripe.
- • Meta (Instagram/Facebook): Social media integration and advertising. Subject to Meta's data policy.
6. Cookies
We use essential cookies to ensure the website functions correctly. Analytics cookies are only loaded after your first interaction with the site (scroll, click, or touch). We do not use tracking cookies for advertising. You can disable cookies in your browser settings at any time, though this may affect site functionality.
7. Data retention
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected. Contact form submissions are retained for 2 years. Client data is retained for the duration of your subscription plus 1 year. Analytics data is anonymised and retained indefinitely. You can request deletion at any time.
8. Your rights (GDPR)
Under the UK GDPR and Data Protection Act 2018, you have the right to:
- • Access: Request a copy of the personal data we hold about you.
- • Rectification: Request correction of inaccurate or incomplete data.
- • Erasure: Request deletion of your personal data ("right to be forgotten").
- • Restriction: Request that we limit processing of your data.
- • Portability: Request your data in a machine-readable format.
- • Objection: Object to processing based on legitimate interest.
To exercise any of these rights, email us at hello@theagency.io. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Data security
We implement appropriate technical and organisational measures to protect your personal data. All data is transmitted over HTTPS with TLS encryption. Access to client data is restricted to authorised team members and AI systems that require it for service delivery. We regularly review and update our security practices.
10. Changes to this policy
We may update this privacy policy from time to time. Material changes will be communicated via email to active subscribers. The "last updated" date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically.