Privacy Policy

1. Who We Are

This Privacy Policy applies to SENDIFY LTD ("SENDIFY LTD", "we", "us", or "our"), a company registered in England and Wales, with our registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

SENDIFY LTD operates the website www.sendifyltd.com and provides a digital platform enabling legal businesses to launch Meta advertising campaigns via our mobile interface. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, SENDIFY LTD is the data controller.

If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us at: contact@sendifyltd.com.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Data You Provide Directly

• Identity data: First name, last name, company name, job title
• Contact data: Email address, telephone number, postal address
• Account data: Username, password (hashed), account preferences
• Business verification data: Company registration details, business documentation
• Communications data: Messages you send us via the contact form, email, or support channels
• Payment data: Billing address, payment method reference (we do not store full card details)
• Campaign data: Ad creative content, targeting selections, campaign budgets, and settings you enter on our platform

2.2 Data We Collect Automatically

• Technical data: IP address, browser type and version, device type, operating system
• Usage data: Pages visited, features used, time spent on platform, clicks and interactions
• Log data: Server logs, error reports, access timestamps
• Cookie data: Session cookies, preference cookies (see Section 9)

2.3 Data From Third Parties

• Business verification data from Companies House or equivalent business registries
• Campaign performance data returned from Meta's APIs (impressions, clicks, conversions)

3. How We Use Your Personal Data

We use your personal data for the following purposes, relying on the specified legal bases under UK GDPR:

3.1 Contract Performance (Article 6(1)(b) UK GDPR)

• To register your business account and provide platform access
• To process your ad campaign submissions
• To process payments for our services
• To provide customer support and respond to your enquiries

3.2 Legitimate Interests (Article 6(1)(f) UK GDPR)

• To improve our platform and user experience based on usage analytics
• To detect, prevent, and investigate fraud or misuse of our platform
• To send you service-related updates and notifications
• To ensure the security and integrity of our systems

3.3 Legal Obligation (Article 6(1)(c) UK GDPR)

• To comply with applicable laws, regulations, and court orders
• To maintain business records as required by UK law
• To cooperate with regulatory authorities when required

3.4 Consent (Article 6(1)(a) UK GDPR)

• To send you marketing communications about SENDIFY LTD services (where you have opted in)
• To use non-essential cookies (where you have provided cookie consent)

4. How We Share Your Data

We do not sell your personal data to third parties. We may share your data with the following categories of recipients:

• Meta Platforms, Inc.: Campaign data is submitted to Meta's advertising APIs to create and manage your campaigns. Meta's own privacy policy applies to this data processing.
• Payment processors: To securely process billing transactions (e.g., Stripe). These processors are bound by strict data security standards.
• Cloud infrastructure providers: Our platform is hosted on secure cloud infrastructure. Providers are subject to data processing agreements.
• Legal authorities: When required by law, court order, or regulatory obligation.
• Professional advisers: Such as lawyers, auditors, and accountants, under confidentiality obligations.

5. International Data Transfers

Some of our service providers may process your data outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO)
• Transfers to countries with an adequacy decision from the UK government
• Other lawful transfer mechanisms under UK GDPR

6. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected:

• Account data: Retained for the duration of your account and for 7 years after account closure (for legal and tax compliance)
• Campaign data: Retained for 3 years after campaign completion
• Communications data: Retained for 2 years
• Billing records: Retained for 7 years (UK tax law requirement)
• Website analytics data: Retained for 26 months in aggregate/anonymised form

When data is no longer needed, it is securely deleted or anonymised.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of Access (Article 15): You can request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): You can request correction of inaccurate or incomplete data.
• Right to Erasure (Article 17): You can request deletion of your personal data in certain circumstances ("right to be forgotten").
• Right to Restrict Processing (Article 18): You can request that we limit how we use your data in certain circumstances.
• Right to Data Portability (Article 20): You can request a copy of your data in a structured, machine-readable format.
• Right to Object (Article 21): You can object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making (Article 22): You have the right not to be subject to decisions made solely by automated processing if they significantly affect you.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at: contact@sendifyltd.com. We will respond within 30 days.

You also have the right to lodge a complaint with the UK's supervisory authority, the Information Commissioner's Office (ICO), at ico.org.uk.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Access controls and role-based permissions
• Regular security assessments and penetration testing
• Staff training on data protection and information security
• Incident response procedures for personal data breaches

In the event of a personal data breach that poses a risk to your rights, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by UK GDPR.

9. Cookies

Our website uses cookies to improve your experience. We use the following types of cookies:

• Strictly necessary cookies: Essential for the website to function. These cannot be disabled.
• Analytical cookies: Help us understand how visitors use our website (anonymised). We obtain consent before placing these.
• Preference cookies: Remember your settings and preferences. We obtain consent before placing these.

You can control cookies through your browser settings at any time. Disabling cookies may affect some website functionality.

10. Third-Party Links

Our website may contain links to third-party websites, including Meta's platforms. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

11. Children's Privacy

Our services are intended for business use only and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at contact@sendifyltd.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify registered users of material changes by email. The "Last updated" date at the top of this page will always reflect the most recent revision.

Continued use of our services after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal data, please contact us: