This policy explains how Squishy Little Agency Ltd (company number 14230740, registered in England & Wales), trading as Squishy Little Agency ("we", "us", "our"), collects, uses, stores and protects your personal data when you use our website at squishylittleagency.com and our services.
We are the data controller for personal data collected through this website. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. What data we collect
We may collect and process the following personal data:
1.1 Data you give us directly
- Contact data: Name, email address, company name and message content when you use our contact form.
- Onboarding data: Business name, goals, brand details, content, preferences and other information you provide during onboarding.
- Payment data: We do not store your card details. All payments are processed securely by Stripe, which acts as an independent data controller for payment information. See Stripe's Privacy Policy.
1.2 Data collected automatically
- Analytics data: We use Google Analytics (GA4) to collect anonymised usage data such as pages visited, time on site, device type and approximate location (country/city level). Google processes this data under its own terms. See Google's Privacy Policy.
- Cookies: We use cookies as described in our Cookie Policy. You can manage your preferences via our cookie banner.
- Log data: Our hosting provider may collect IP addresses, browser type and access times as part of standard server logs.
2. How we use your data
We process your personal data for the following purposes and lawful bases under UK GDPR Article 6:
| Purpose | Lawful basis |
|---|---|
| To deliver fractional marketing services | Performance of a contract (Art. 6(1)(b)) |
| To process payments via Stripe | Performance of a contract (Art. 6(1)(b)) |
| To respond to enquiries via the contact form | Legitimate interest (Art. 6(1)(f)) |
| To send project updates and progress notifications | Performance of a contract (Art. 6(1)(b)) |
| To analyse website usage and improve our services | Legitimate interest (Art. 6(1)(f)) |
| To comply with legal obligations (e.g. tax records) | Legal obligation (Art. 6(1)(c)) |
3. Who we share your data with
We do not sell your personal data. We share it only with trusted third-party service providers who process data on our behalf or as independent controllers:
- Stripe (USA) - payment processing. Stripe is an independent controller for payment data. See Stripe's Privacy Policy.
- Google Analytics (USA) - anonymised website analytics. See Google's Privacy Policy.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses, adequacy decisions, or the provider's participation in a recognised data privacy framework).
4. How long we keep your data
- Client data: Retained for the duration of our business relationship plus 6 years (to comply with HMRC record-keeping requirements).
- Onboarding data: Retained for the project duration plus 2 years, unless required longer for legal purposes.
- Contact form enquiries: Retained for up to 2 years from the date of the enquiry.
- Payment records: Retained for 6 years as required by UK tax law.
- Analytics data: Governed by Google Analytics' own retention settings (currently set to 14 months).
5. Your rights
Under UK GDPR, you have the following rights:
- Right of access - request a copy of the personal data we hold about you.
- Right to rectification - ask us to correct inaccurate or incomplete data.
- Right to erasure - ask us to delete your data (subject to legal obligations).
- Right to restrict processing - ask us to limit how we use your data.
- Right to data portability - receive your data in a structured, machine-readable format.
- Right to object - object to processing based on legitimate interests.
- Right to withdraw consent - where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, email us at hello@squishylittleagency.com. We will respond within one month as required by law.
6. Data security
We take appropriate technical and organisational measures to protect your personal data, including:
- All data transmitted between your browser and our site is encrypted via HTTPS/TLS.
- Payment data is handled entirely by Stripe's PCI DSS Level 1 certified infrastructure - we never see or store your card details.
- Access to client data is restricted to authorised personnel only.
7. Children's data
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.
8. Changes to this policy
We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Material changes will be notified via email where appropriate.
9. Complaints
If you are unhappy with how we handle your personal data, please contact us first at hello@squishylittleagency.com so we can try to resolve the issue.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:
- Website: ico.org.uk
- Helpline: 0303 123 1113
10. Contact us
For any questions about this privacy policy or how we handle your data:
- Email: hello@squishylittleagency.com
- Post: Squishy Little Agency Ltd, Office One, 1 Coldbath Square, London, EC1R 5HL