Brand Buddy
  • Services
  • Case Study
  • About
  • Contact
Book a Free Call →
Services Case Study About Contact Book a Free Call →
Legal

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: May 2026

Brand Buddy Digital Ltd is committed to protecting your privacy. This policy explains how we collect and use your personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who We Are

Brand Buddy Digital Ltd (company number 14419002) is the data controller for personal data collected through our website and services. Our registered address is 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

For any data protection queries, contact us at [email protected].

2. What Data We Collect

We may collect the following categories of personal data:

  • Contact information — name, email address, phone number
  • Business information — company name, industry, database size, average order value
  • Communications — messages sent via our contact forms, emails, or SMS
  • Payment information — billing details processed securely via Stripe (we do not store full card details)
  • Usage data — IP address, browser type, pages visited, time spent on our website (collected via cookies)
  • Appointment data — booking details collected via Calendly
  • Marketing consent — your preferences regarding receiving marketing communications from us

3. How We Collect Your Data

We collect personal data when you:

  • Fill in a form on our website (demo request, contact form)
  • Book a call via Calendly
  • Email or message us directly
  • Purchase or engage our services
  • Interact with our AI bots as part of a campaign run on behalf of one of our clients
  • Browse our website (via cookies and analytics tools)

4. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery — to provide, manage, and improve our AI automation services
  • Communication — to respond to enquiries, send demo results, and provide support
  • Scheduling — to manage appointments and strategy calls via Calendly
  • Payments — to process transactions via Stripe or bank transfer
  • Marketing — to send relevant information about our services, where you have given consent or we have a legitimate interest
  • Legal compliance — to comply with our legal obligations
  • Service improvement — to analyse how our website and services are used

5. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

  • Contract — where processing is necessary to perform a contract with you or take steps prior to entering into one
  • Legitimate interests — where we have a legitimate business interest that is not overridden by your rights (e.g. responding to enquiries, improving our services)
  • Consent — where you have given explicit consent, particularly for marketing communications and SMS messaging
  • Legal obligation — where processing is required to comply with a legal obligation

6. SMS & Marketing Communications

Where you have provided consent to receive SMS or marketing messages from us, we will use your contact details to send relevant communications. You can withdraw your consent at any time by:

  • Replying STOP to any SMS message
  • Emailing [email protected]
  • Using any unsubscribe link in our emails

Withdrawal of consent does not affect the lawfulness of any processing carried out before withdrawal.

7. Third-Party Data Processors

We share your data with trusted third-party service providers who assist us in delivering our services. All processors are required to handle your data securely and in accordance with applicable law:

  • GoHighLevel — CRM, automation, and communication platform. Data may be stored on servers in the US. GoHighLevel is covered by appropriate data transfer safeguards.
  • Calendly — Appointment scheduling. Data is processed in accordance with Calendly's privacy policy.
  • Stripe — Payment processing. Stripe is PCI-DSS compliant. We do not store your full card details.
  • SMS Providers — Used to send SMS messages as part of AI automation campaigns.

We do not sell your personal data to third parties.

8. International Data Transfers

Some of our third-party processors may transfer data outside of the UK or EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or an adequacy decision, in accordance with UK GDPR requirements.

9. Data Retention

We retain your personal data only for as long as necessary for the purposes it was collected, or as required by law. Our general retention periods are:

  • Client data — retained for the duration of the contract plus 6 years (for legal and tax purposes)
  • Enquiry and demo data — retained for up to 2 years if no contract is entered into
  • Marketing data — retained until you withdraw consent or unsubscribe
  • Website analytics — retained for up to 26 months

10. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your data in certain circumstances
  • Right to restriction — to request that we restrict processing of your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making — not to be subject to solely automated decisions that significantly affect you

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

11. Cookies

Our website uses cookies to improve your browsing experience and analyse site usage. Cookies are small text files stored on your device. We use:

  • Essential cookies — necessary for the website to function properly
  • Analytics cookies — to understand how visitors use our site
  • Marketing cookies — to track the effectiveness of our campaigns, where consent is given

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our website.

12. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or destruction. These include encrypted data transmission (SSL), access controls, and regular security reviews.

However, no method of transmission over the internet is 100% secure. If you have concerns about a potential data breach, please contact us immediately at [email protected].

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113

We would, however, appreciate the opportunity to address your concerns directly before you contact the ICO. Please email us at [email protected].

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

15. Contact Us

For any questions about this Privacy Policy or how we handle your data:

  • Email: [email protected]
  • Post: Brand Buddy Digital Ltd, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
  • Company Number: 14419002
Brand Buddy
© 2026 Brand Buddy Digital. All rights reserved.
Privacy Policy Terms of Service Contact
AI Automation Agency