Privacy policy · Stay Looped Agency

The short version

We collect the minimum amount of data needed to run our website and respond to enquiries. We don't sell your data, we don't share it with advertisers, and we don't track you across the internet. If you want your data deleted, email hello@staylooped.agency.

1. Who we are

This privacy policy applies to Stay Looped Agency ("we", "us", "our"), operating the website at staylooped.agency and providing marketing services to UK small businesses.

For data protection purposes, we are the data controller for personal data we collect through this website and our services. Our contact details for any data protection question:

Email: hello@staylooped.agency
Postal address: available on request

2. What personal data we collect

We collect different types of data depending on how you interact with us:

2.1 When you book a call

Through our booking form, we collect:

Your name
Your email address
Your business name
Your phone number (optional)
A short description of your business (optional)
The date and time of your selected slot

2.2 When you send a contact-form message

We collect your name, email, optional business name, and the content of your message.

2.3 When you email us directly

We receive whatever you choose to include in the email. We retain this in our Zoho Mail inbox.

2.4 When you visit the website

If you have given consent via our cookie banner, we collect anonymous analytics data through Google Analytics 4 — including pages visited, approximate location, device type, and referring source. IP addresses are anonymised before processing. We do not collect any personally identifying information through analytics.

If you reject the cookie banner, no cookies are stored. Google Analytics may still receive anonymous cookieless "pings" containing only the page you visited and a basic country signal — no identifiers, no fingerprinting, no behavioural tracking.

3. How we use your data — and our legal basis

Under UK GDPR, we must have a lawful basis for processing your personal data. Here's how we use it and our basis for each:

To respond to your booking or enquiry — legal basis: legitimate interests (responding to a request you initiated) and, where relevant, performance of a contract.
To send you a booking confirmation email — legal basis: performance of the booking you requested.
To follow up with you about a call — legal basis: legitimate interests in conducting our business.
To run anonymous analytics on website usage — legal basis: your consent (granted via the cookie banner).

We do not use your data for: targeted advertising, profile-building, automated decision-making, training AI models, or any purpose other than running our business and responding to you.

4. Marketing communications

We will only send you marketing emails if you have explicitly opted in or if you are an existing client and the email relates to services similar to those you have engaged. You can unsubscribe at any time using the link in any marketing email or by emailing us.

If you contact us via the booking or contact form, that constitutes an enquiry — not an opt-in for marketing. We will respond to your enquiry and not add you to a marketing list without your separate, clear consent.

5. Cold outreach

We conduct outbound business-to-business outreach by email to UK businesses we believe may benefit from our services. This is permitted under the UK GDPR and the Privacy and Electronic Communications Regulations (PECR) on the basis of legitimate interest, provided:

The outreach is directed at a business address (not personal)
We make our identity clear and provide a working unsubscribe in every email
You can opt out at any time

If you have received outreach from us and would like us to stop and remove your details, simply reply to the email — we will action it the same working day.

6. Who we share your data with

We share your data only with the following service providers, all of whom are bound by their own GDPR-compliant data processing agreements:

Resend (Resend, Inc., USA) — sends our transactional emails (booking confirmations, contact-form notifications). Data processed: name, email, message content. Resend's privacy policy: resend.com/legal/privacy-policy
Zoho Mail (Zoho Corporation, EU data centres) — hosts our business email. Data processed: anything you send us by email. Zoho's privacy policy: zoho.com/privacy
Vercel (Vercel, Inc., USA) — hosts our website. Data processed: server logs (IP address, request data). Vercel's privacy policy: vercel.com/legal/privacy-policy
Google Analytics 4 (Google LLC, USA) — anonymous website analytics, only with your consent. Google's privacy policy: policies.google.com/privacy

We do not sell, rent, or otherwise transfer your data to any third party for their own marketing or commercial purposes.

7. International transfers

Some of our service providers (Resend, Vercel, Google) are based in the United States. Data transfers from the UK to the US are protected under the UK-US Data Bridge (the UK extension to the EU-US Data Privacy Framework). All our processors maintain appropriate safeguards including Standard Contractual Clauses where required.

8. How long we keep your data

Booking enquiries that do not convert to a client: 12 months from last contact, then deleted.
Active client data: for the duration of our engagement plus 7 years (UK tax record requirements).
Contact-form messages: 12 months unless you become a client.
Cold outreach lists: deleted immediately upon opt-out request, otherwise reviewed and refreshed every 12 months.
Analytics data: retained by Google for the period you set in GA4 (we use the default of 14 months).

9. Your rights

Under UK GDPR, you have the following rights:

Right of access — request a copy of the personal data we hold about you
Right to rectification — ask us to correct inaccurate data
Right to erasure — ask us to delete your data ("right to be forgotten")
Right to restriction — ask us to stop processing your data in certain circumstances
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — where processing is based on consent (e.g. analytics)

To exercise any of these rights, email hello@staylooped.agency. We will respond within one month.

10. Cookies

This website uses cookies only for the purposes you consent to via the banner that appears on your first visit:

Essential cookies (always active): none — our site functions without cookies if you reject the banner.
Analytics cookies (only with consent): Google Analytics 4 sets cookies named _ga and _ga_* to measure visits and pages anonymously. These last up to 13 months.
Consent preference (technical): a single localStorage entry called sla_consent stores your accept/reject choice so we don't prompt you again.

You can clear your consent and re-prompt by clearing your browser's site data for staylooped.agency.

11. Security

We protect your data with industry-standard measures: HTTPS encryption on the website, encrypted storage with our service providers, two-factor authentication on all admin accounts, and a small team of trusted individuals with access on a need-to-know basis. No system is 100% secure, but we take this seriously.

12. Children

Our services are not directed at children under 18, and we do not knowingly collect data from anyone under 18. If you believe we have, contact us and we will delete it.

13. Complaints

If you have a concern about how we handle your data, contact us first — we'd genuinely like to fix it. If we can't resolve it, you have the right to complain to the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113

14. Changes to this policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top and, for material changes, post a notice on the website. Continued use of the site constitutes acceptance of the updated policy.