Privacy Policy

Last updated: May 2025

1. Who We Are

YourBrand ("we", "us", "our") operates this website. For privacy enquiries, contact us at privacy@yourbrand.com.

2. Data We Collect

We collect the following categories of personal data:

• Information you provide — name, email address, and message content submitted via contact or newsletter forms.
• Usage data — pages visited, session duration, referral source, and UTM parameters, collected via PostHog analytics.
• Technical data — browser type, device type, and approximate location (country/city level) derived from IP address. We do not store raw IP addresses.

3. How We Use Your Data

• To respond to your enquiries and provide the Service.
• To send newsletters or product updates you have opted into.
• To understand how visitors use the Service and improve it.
• To comply with our legal obligations.

4. Legal Bases for Processing (EU/EEA Users — GDPR)

We process your personal data on the following legal bases:

• Consent — for analytics cookies and marketing emails.
• Legitimate interests — for security, fraud prevention, and improving the Service, where these interests are not overridden by your rights.
• Contract — to deliver services you have requested.
• Legal obligation — where required by applicable law.

5. Analytics — PostHog

We use PostHog for product analytics. PostHog collects anonymised usage events (page views, form interactions) to help us understand how the Service is used. We operate PostHog in EU data-residency mode — all data is stored on servers within the European Union. PostHog does not sell your data.

PostHog's privacy policy is available at posthog.com/privacy.

6. Form Submissions — Supabase

Contact and newsletter form submissions are stored in Supabase, a managed database platform. Data is stored in the EU region. Supabase processes data on our behalf under a Data Processing Agreement.

7. Data Retention

We retain personal data only as long as necessary for the purposes described above, or as required by law. Contact enquiry data is retained for up to 2 years. Analytics events are retained for 12 months.

8. Data Transfers

Where personal data is transferred outside the EU/EEA or Australia, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses for EU transfers).

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict certain processing.
• Data portability (EU/EEA).
• Withdraw consent at any time without affecting the lawfulness of prior processing.
• Lodge a complaint with your supervisory authority (EU/EEA users: your national data protection authority; Australian users: the Office of the Australian Information Commissioner at oaic.gov.au).

To exercise any of these rights, contact us at privacy@yourbrand.com. We will respond within 30 days (or sooner where required by law).

10. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have done so, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. We will notify you of material changes by posting a notice on the Service.

12. Contact

Privacy enquiries: privacy@yourbrand.com