Privacy Policy

Last updated: 24 February 2026

Crouch End Media Ltd ("we", "us", "our") operates the SiteAgent platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller for the purposes of data protection law is:

Crouch End Media Ltd
London N8
United Kingdom

2. Information We Collect

Information you provide

  • Account information — Name, email address, and password when you register.
  • Billing information — Payment details processed securely via our payment provider (Stripe). We do not store your full card details.
  • Site content — Text, images, and other content you create or upload through the Platform.
  • Communications — Messages you send to us via the contact form or email.

Information collected automatically

  • Usage data — Pages visited, features used, token consumption, and session duration.
  • Device information — Browser type, operating system, and screen resolution.
  • Log data — IP address, access times, and referring URLs.

3. How We Use Your Data

We use your personal data to:

  • Provide, maintain, and improve the SiteAgent platform.
  • Process subscriptions and payments.
  • Send transactional emails (account confirmations, billing receipts, service updates).
  • Monitor platform performance and diagnose technical issues.
  • Respond to your enquiries and support requests.
  • Comply with legal obligations.

We do not sell your personal data. We do not use your site content for advertising or for training AI models beyond what is necessary to provide the Service.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract — Processing necessary to provide the Service you have subscribed to.
  • Legitimate interest — Improving our platform, preventing fraud, and ensuring security.
  • Consent — Where you have given explicit consent (e.g., marketing communications).
  • Legal obligation — Where we are required to process data by law.

5. Data Sharing

We may share your data with the following categories of third parties:

  • Infrastructure providers — Vercel (hosting), Supabase (database), and cloud storage providers.
  • Authentication — Clerk (identity and access management).
  • Payment processing — Stripe (subscription billing).
  • AI providers — Anthropic and Google (AI processing for content generation).

All third-party providers are contractually obligated to protect your data and process it only as instructed by us. We do not share your data with third parties for their own marketing purposes.

6. Data Retention

  • Active accounts — We retain your data for as long as your account is active.
  • Cancelled accounts — We retain your data for 30 days after cancellation to allow you to export it, then permanently delete it.
  • Billing records — We retain billing records for 7 years as required by UK tax law.
  • Log data — Automatically deleted after 90 days.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS) and at rest.
  • Row-level security (RLS) ensuring strict data isolation between tenants.
  • Regular security audits and dependency updates.
  • Access controls limiting employee access to personal data.

8. International Transfers

Some of our infrastructure providers operate outside the United Kingdom. Where data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the UK Information Commissioner's Office (ICO).

9. Your Rights

Under UK GDPR, you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate data.
  • Erasure — Request deletion of your data ("right to be forgotten").
  • Restriction — Request that we limit processing of your data.
  • Portability — Receive your data in a structured, machine-readable format.
  • Objection — Object to processing based on legitimate interest.
  • Withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us. We will respond within 30 days.

10. Cookies

SiteAgent uses essential cookies required for the Service to function (authentication, session management). We do not use third-party tracking cookies or advertising cookies.

11. Children's Privacy

SiteAgent is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Platform at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact and Complaints

If you have questions about this Privacy Policy or wish to make a complaint, contact us at:

Crouch End Media Ltd
London N8
Get in touch

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.