This Privacy Policy explains how Zythero Ltd (“Zythero”, “we”, “us”) collects, uses, shares and protects your personal information, and the rights you have under UK data protection law (UK GDPR and the Data Protection Act 2018).
1) Who we are (Data Controller)
Zythero Ltd is the data controller for personal data collected via our website and onboarding processes.
Zythero Ltd
Registered in Scotland (Company No: SC863503)
Email: darren@zythero.com · content@zythero.com
Website: zythero.com
2) What data we collect
- Contact & business details (name, role, company, email, phone, address, VAT/registration numbers) — provided by you via our contact form and onboarding form.
- Brand & content assets (logos, guidelines, photos, brochures, links to shared folders) — supplied to deliver our services.
- Social account access (page/profile links, admin invitations) — to publish content on your behalf.
- Billing data (payer name, email, plan, amounts, status) — processed by our payment providers; we do not store full card/bank details on our systems.
- Usage/technical data (basic logs, error data) — limited and typically anonymised; we currently do not run analytics on the site.
3) How we collect data
- Directly from you — our website contact form (Formspree), Google Forms onboarding, email, or shared links (Drive/Dropbox).
- From platforms you authorise — e.g., Meta Business Suite, Instagram, LinkedIn (for posting and reporting).
- From payment providers — Stripe and GoCardless send us payment and status metadata.
4) Why we use your data (lawful bases)
- Contract — to provide content creation, publishing and reporting under our Service Agreement.
- Legitimate interests — service improvement, account management, preventing misuse.
- Legal obligation — tax, accounting and compliance record-keeping.
- Consent — where required (e.g., if we ever use testimonials with names/logos in marketing; you can withdraw consent at any time).
5) Sharing your data (processors)
We use trusted service providers who process data on our behalf, including:
- Google Workspace & Google Forms — email, storage, onboarding forms.
- Formspree — website contact form submission handling.
- Stripe — card payments and subscriptions.
- GoCardless — Direct Debit payments.
- Meta / Instagram / LinkedIn — publishing and performance data access where you grant permissions.
- Website hosting — your message and minimal logs may pass through our host to deliver the site.
These providers only process data under our instructions and appropriate safeguards.
6) International transfers
Some processors may store data outside the UK (e.g., EEA or US). Where this occurs, we rely on lawful transfer mechanisms such as UK adequacy regulations, Standard Contractual Clauses (SCCs), or equivalent safeguards.
7) How long we keep data
- Client files & reports — for the duration of the contract and up to 6 years thereafter (accounts/legal).
- Contact form enquiries — typically 12 months after last contact if you do not become a client.
- Billing records — kept for statutory periods (usually 6 years).
- We will delete or anonymise data when it is no longer required.
8) Your rights
You have rights under UK GDPR, including:
- Access to your personal data and a copy of it.
- Correction of inaccurate or incomplete data.
- Erasure (“right to be forgotten”) in certain circumstances.
- Restriction or objection to processing in certain circumstances.
- Data portability (to receive your data in a usable format).
- Right to withdraw consent where processing is based on consent.
To exercise any rights, email darren@zythero.com. We may need to verify your identity.
9) Cookies & analytics
Our site is currently a simple marketing site and does not use analytics or advertising cookies. If we introduce analytics or tracking in future, we will update this policy and (where required) present a consent banner.
10) Security
We implement reasonable technical and organisational measures to protect personal data, including access controls, role-based permissions and secure storage via reputable providers. However, no system is 100% secure, and you acknowledge inherent risks when transmitting data online.
11) Children
Our services are business-to-business and not directed at children. We do not knowingly collect data relating to children.
12) Complaints
If you have concerns about our use of your data, please contact us first at darren@zythero.com. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): ico.org.uk.
13) Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date above will change. Significant changes will be highlighted on this page.
14) Contact
For privacy queries, contact darren@zythero.com or content@zythero.com.
Controller: Zythero Ltd · Scotland · Company No: SC863503