Digitally Done Ltd (company number [XXXXXXXX], registered office 9 Mossbrook Lane, London EC2A 4QR) is the controller of personal data described in this policy.
ICO registration number: [ZAXXXXXXX]
Data Protection contact: privacy@digitallydone.com
We collect personal data in three contexts:
| Context | Data collected | Lawful basis (UK GDPR) |
|---|---|---|
| You contact us (website form, email, phone, WhatsApp) | Name, email, phone, business name, message content | Legitimate interest (responding to your enquiry) |
| You become a customer | Billing name, address, payment-card data (held by Stripe/GoCardless, not by us), business details, account credentials | Contract performance |
| Your customers interact with you via channels we manage (DMs, reviews, bookings) | Names, messages, contact details, transaction context | You are the controller. We process this data as your processor under our Terms. |
We do not sell your data or use it for advertising to third parties.
To run the Services we share necessary data with the following processors. Each is bound by a Data Processing Agreement.
| Processor | Purpose | Location |
|---|---|---|
| Netlify (Netlify Inc.) | Website hosting + form submissions | USA (EU-US Data Privacy Framework) |
| Stripe Payments UK Ltd | Card payment processing | UK / EEA |
| GoCardless Ltd | Direct-debit processing | UK |
| OpenAI / Anthropic (LLM providers) | AI-generated content and replies | USA (Standard Contractual Clauses) |
| Meta Platforms Ireland Ltd | Instagram / WhatsApp / Facebook publishing | EU / USA |
| Google Ireland Ltd | Google Business Profile, Gmail integration | EU / USA |
| [add others as you adopt] | — | — |
You have the right to:
To exercise any of these rights, email privacy@digitallydone.com. We will respond within 30 days.
You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
This website uses essential cookies only — no analytics, advertising or tracking cookies. If we add analytics in future (e.g. Plausible, Fathom — privacy-friendly tools), this section will be updated and you will be notified.
All data is transmitted over HTTPS. Account passwords are hashed. Customer message data is encrypted at rest. We use principle-of-least-privilege access controls internally. If we ever suffer a breach affecting your data, we will notify you and the ICO within 72 hours as required by UK GDPR.
Some of our processors are in the USA. Transfers are protected by either the EU-US Data Privacy Framework or Standard Contractual Clauses with additional safeguards.
We will email you at least 14 days before any material change to this policy.
Questions: privacy@digitallydone.com