Email address — waitlist sign-ups and account registration
Name — contact form submissions
Social media credentials — when you connect accounts (encrypted at rest)
Billing information — processed by Stripe; we never store card numbers
Data collected automatically
IP address — via Netlify, for security and abuse prevention
Browser and device type — for compatibility and security monitoring
Pages visited — via Plausible (cookieless, no personal data collected)
Security event data — logged on detection of suspicious access attempts
What we do NOT collect
No advertising trackers or third-party marketing pixels
No data on children under 16
No keystrokes, mouse movements, or session recordings
3. Legal Bases for Processing (UK GDPR)
Consent — waitlist and marketing emails (withdrawable any time)
Contract — data necessary to provide the Sociabuild service
Legitimate interests — security monitoring and fraud prevention
Legal obligation — billing records retained per HMRC requirements
4. How We Use Your Data
To operate and improve the Sociabuild platform
To send service-related emails (onboarding, billing, security alerts)
To send marketing emails where you have consented
To detect and prevent fraud, abuse, and security threats
To comply with legal obligations
5. Who We Share Data With
We do not sell your data. We share only with necessary service providers:
Netlify — hosting (USA, SCCs in place)
Supabase — database (EU region)
Stripe — payments (USA, SCCs in place)
Resend — transactional email
Meta, LinkedIn, TikTok, X — via their APIs under your explicit authorisation
6. International Transfers
Some providers are US-based. We ensure Standard Contractual Clauses (SCCs) are in place for all international transfers.
7. Retention Periods
Waitlist emails — until onboarding or deletion request
Account data — duration of account + 30 days post-deletion
Billing records — 7 years (legal requirement)
Security logs — 90 days
Contact form submissions — 12 months
8. Your Rights
Under UK GDPR you have the right to: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Email tom@sociabuild.com — we respond within 30 days. You may also complain to the ICO.
9. Security
We protect your data with HTTPS/HSTS enforcement, Content Security Policy headers, clickjacking and XSS protection, automated breach alerting, encrypted credential storage, and restricted staff access.
10. Children
Sociabuild is not directed at children under 16. If you believe a child has submitted data to us, contact us immediately.
11. Changes
Material changes will be communicated by email. The "Last updated" date reflects the most recent revision.