Who we are

Introduction: This Privacy Policy explains how Smarty Software Ltd (“we,” “us,” “our”) collects, uses, discloses, and protects personal information when you use our website and Services. We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Policy applies to business customers and their users of our marketing platform.

What Personal Data We Collect: We collect information you provide when you sign up or use the Service. This may include:

  • Account and Contact Information: Your name, business name, email address, mailing address, phone number, and job title.
  • Company Identifiers: Business registration number, tax ID, billing address.
  • Credentials: Username and password for your account.
  • Payment Information: If you subscribe, we use Stripe to process payments. We do not store full credit card data on our servers; Stripe manages that securely. Any billing info we hold is limited to what’s needed (e.g. last four digits of card).
  • Customer Data: Any data or contacts (leads, clients, user-generated content) you import into the platform. Note: As the business customer, you are the data controller of these records; we act as a data processor on your behalf.
  • Usage Data: Technical data about how you interact with our Service (IP address, browser type, access times, pages visited, device information, cookies and similar tracking data). We use Google Analytics and other analytics tools to collect usage metrics and improve our Services.

We do not intentionally collect “special category” data (health, race, religion, etc.) or sensitive financial data, except standard business payment info.

We may use tracking pixels and device fingerprinting technologies for fraud prevention, analytics, and feature optimization. You can disable these by adjusting your browser settings, but this may affect how the platform functions.

How We Use Personal Data: We use your data for the following purposes:

  • Providing the Service: To create and manage your account, provide the platform’s features, respond to support requests, and send administrative notices.
  • Billing: To process payments and invoices via Stripe (subject to Stripe’s own Privacy Policy).
  • Communication: To send you updates about the Service, including technical notices or service announcements. With your consent, we may also send marketing emails about new features, events, or promotions. You can opt out of marketing at any time.
  • Improvements and Analytics: To analyze usage patterns and improve our Service. This may involve aggregating data to understand trends.
  • Legal Compliance: To comply with legal obligations (e.g. tax, regulatory requirements) and to enforce our rights (e.g. fraud prevention, dispute resolution).

These uses correspond to what the ICO expects in a privacy notice – namely the purposes for data collection and processing

Lawful Basis for Processing: Under UK GDPR, every use of personal data must have a lawful basis. For our Services:

  • Contractual Necessity: Processing is necessary to provide our Service and fulfill our contract with you (e.g. providing access, billing, customer support).
  • Legitimate Interests: We may use data for legitimate interests such as improving our platform, preventing fraud, or marketing to businesses (so long as these interests are not overridden by your rights).
  • Consent: Where applicable (e.g. marketing emails), we process data based on your consent.
  • Legal Obligation: We process data as required by law (e.g. tax record-keeping).

We follow ICO guidance to clearly state our lawful bases in this Policy.

Data Sharing and Disclosure: We do not sell your personal data. We share information only as necessary:

  • With Service Providers: We use third-party processors to help deliver the Service (e.g. Stripe for payments, hosting providers, email services, analytics). These providers only process data on our behalf and are under strict confidentiality.
  • In Mergers or Sales: If our company is acquired or merged, customer data may be transferred to the new owner, who will remain bound by this Policy.
  • Legal Requirements: If required by law, subpoena, or government request, we may disclose data. This includes cooperating with regulators or law enforcement.

We may use third-party AI, analytics, or data enhancement services to improve our platform capabilities. These services are bound by strict confidentiality agreements and only process data in accordance with our instructions and applicable data protection laws.

Data Retention: We retain your personal data only as long as needed for the purposes above or to comply with legal requirements. When you close your account or a deletion request is made, we will delete or anonymize your data within a reasonable period (unless we need to retain certain records for legal compliance).

Cookies and Tracking: Our website uses cookies and similar technologies to distinguish you from other users, remember your preferences, and gather analytics. You can set your browser to refuse cookies, but note that disabling cookies may affect functionality. We use standard cookie banners to obtain consent for non-essential cookies in accordance with ICO guidance.

Security: We employ industry-standard security measures (SSL/TLS encryption, access controls, firewalls) to protect your data. However, no system is impenetrable. We strive to safeguard data but cannot guarantee that our security measures will prevent all security breaches. As noted above, our terms disclaim liability for unauthorized data access beyond our control.

Your Rights: Under UK GDPR, you have rights regarding your personal data. These include the right to:

  • Access your data: You can request a copy of personal data we hold about you.
  • Rectification: You can ask us to correct inaccurate or incomplete data.
  • Erasure: You can request deletion of your data (subject to legal requirements to retain certain information).
  • Restrict Processing: You can ask us to limit how we use your data.
  • Data Portability: You can request your data in a structured, machine-readable format (for data processed by contract or consent).
  • Object: You can object to certain processing (e.g. marketing communications).
  • Withdraw Consent: Where we rely on consent (e.g. marketing), you may withdraw consent at any time.
    We will comply with valid requests in a timely manner, or explain if a legal exception applies. We will inform you of any breach affecting your data if required by law.

We do not use your personal data for fully automated decision-making with legal or similarly significant effects. Where profiling or AI-assisted analysis is conducted to support platform performance or marketing, it is always reviewed by human operators.

International Transfers: Our infrastructure may use globally distributed data centers (e.g. AWS, Google Cloud, or Azure), some of which may be located outside the UK or EEA. All transfers are subject to contractual protections under UK GDPR.

Your rights are part of our privacy notice obligations. The ICO specifically requires informing individuals of these rights and how to exercise them. If you have questions or wish to exercise any rights, please contact us (see below).

Data Protection Complaints: If you have concerns about our handling of your data, you may contact our Data Protection Officer at dpo@smartysoftware.com or write to us at the address below. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe we are not respecting your privacy rights

International Transfers: Our primary operations are in the UK. If we transfer data outside the UK or European Economic Area (for example, cloud servers or third-party services), we will ensure appropriate safeguards, such as UK-approved standard contractual clauses or that the jurisdiction has adequate data protection laws.

Policy Updates: We may update this Privacy Policy to reflect changes in our practices or the law. We will post the revised Policy on our website with an updated “Last Updated” date. Continued use after changes means acceptance of the new Policy.

Use of AI Technologies: We employ AI technologies within our platform to facilitate various services, including automated responses, content generation, and workflow optimization. These AI features process data you provide to deliver tailored outputs. While we strive for accuracy, AI-generated content may not always be reliable or error-free. You are responsible for reviewing and validating AI outputs before use.

Communication Services and Call Recording: Our platform enables communication services such as SMS, MMS, email, and voice calls. These services may involve processing personal data, including contact information and communication content. If you use call recording features, it is your responsibility to inform and obtain consent from all parties involved, in accordance with applicable laws. We process and store communication data solely to provide and improve our services, and we implement appropriate security measures to protect this data.

Contact Information: Smarty Software Ltd (Company No. 08532478), C/O B&F Services, 3 More London Riverside, London, United Kingdom, SE1 2RE. Our Data Protection Officer can be reached at dpo@smartysoftware.com. For general inquiries, email support@smartysoftware.com.

By using our Services, you acknowledge that you have read and understand this Privacy Policy.

Part of the Smarty Software Group.

English

Smarty Software © All rights reserved.