Catalyse Media Ltd (“we”, “us”, or “our”) is a digital marketing and AI automation agency registered in England and Wales. This policy explains what personal data we collect through catalysemedia.com and our related services, why we collect it, how we use it, who we share it with, and the rights you have over it.
This policy applies to visitors to our website, prospective clients who contact us, and clients who use our MyCM client dashboard. It does not cover the privacy practices of third-party sites we may link to.
Catalyse Media Ltd is the data controller responsible for your personal data collected through catalysemedia.com.
Company name: Catalyse Media Ltd
Registered in: England and Wales, via Companies House
Website: catalysemedia.com
Contact email: contact@catalysemedia.com
If you have any questions about this policy or how we handle your data, contact us using the details above and we will respond within one month, as required by law.
We collect different categories of personal data depending on how you interact with us. The table below sets out each category in full.
| Category | Examples | Why we collect it | Legal basis | Retention |
|---|---|---|---|---|
| Contact form data | Name, business name, email address, phone number, message content, package selected | To respond to your enquiry and arrange a demo or consultation | Legitimate interest / consent | Up to 24 months, or until you ask us to delete it |
| Client account data | Name, business name, login email, password (hashed), phone number | To create and manage your MyCM client dashboard login | Contract (necessary to provide the service) | Duration of the client relationship plus 6 years for legal/accounting purposes |
| Client performance data | Leads, calls, reviews, ad spend, and other metrics related to your campaigns | To populate your MyCM dashboard with live reporting | Contract | Duration of the client relationship plus 6 years |
| Technical data | IP address, browser type, device type, pages visited (where applicable via hosting logs) | To keep the site secure and understand basic usage | Legitimate interest | Typically 30–90 days, depending on hosting provider logs |
We do not knowingly collect any special category data (such as health information, religious beliefs, or biometric data) and ask that you do not include this in any message you send us.
Under UK GDPR, we must have a valid legal basis for every way we use personal data. We rely on the following:
Our public marketing website (catalysemedia.com) does not currently use cookies for tracking or analytics. We do not run third-party advertising trackers, analytics cookies, or marketing pixels on the site at this time.
If this changes — for example, if we introduce analytics or advertising tracking in future — we will update this policy and display a cookie consent banner in line with UK PECR (Privacy and Electronic Communications Regulations) requirements before any non-essential cookies are set.
Our MyCM client dashboard uses a strictly necessary form of browser storage (via our database provider, Supabase) to keep you securely logged in between visits. This is considered “strictly necessary” functional storage under PECR, which does not require separate cookie consent, because it is essential to providing the login functionality you have requested. This storage only applies to logged-in MyCM users, not to general website visitors.
Our website loads typefaces from Google Fonts. Google's font delivery service may receive your IP address as part of this request, in line with Google's own privacy policy. This is a standard, widely-used practice and does not involve cookies on the current version of our site.
We do not sell your personal data. We share data only with the following categories of third party, each acting as our data processor or, where noted, an independent controller of their own data:
| Service | What it does | What data it sees | Where it's based |
|---|---|---|---|
| Supabase | Hosts our client database and authentication for MyCM | Client account data, login credentials (hashed), performance metrics | EU (project-dependent; UK/EU region selected where possible) |
| Netlify | Hosts our website and processes contact form submissions | Contact form submissions, technical/hosting log data | United States / global CDN |
| Meta (Facebook/Instagram) | Runs advertising campaigns on behalf of clients | Client ad account data (clients only, not website visitors) | United States / Ireland |
| Delivers fonts; may host advertising campaigns for clients | IP address (font requests); client ad account data (clients only) | United States / global | |
| GoHighLevel | Powers AI missed-call SMS, receptionist, and appointment booking for clients | Client phone numbers and call/SMS data (clients only, not website visitors) | United States |
Where any of these providers are based outside the UK, we rely on their participation in recognised data protection frameworks (such as the UK Extension to the EU–US Data Privacy Framework, or Standard Contractual Clauses) to ensure your data continues to receive an adequate level of protection.
We may also disclose personal data where required by law, for example in response to a valid request from a regulator, court, or law enforcement body.
We keep personal data only for as long as necessary for the purposes it was collected for, as set out in the table in Section 2. In general:
Under UK GDPR, you have the following rights in relation to your personal data:
| Right | What it means |
|---|---|
| Right to be informed | To know how your data is being used — this policy is part of how we meet that right. |
| Right of access | To request a copy of the personal data we hold about you. |
| Right to rectification | To ask us to correct inaccurate or incomplete data. |
| Right to erasure | To ask us to delete your data, sometimes known as the “right to be forgotten”, subject to legal retention obligations. |
| Right to restrict processing | To ask us to limit how we use your data in certain circumstances. |
| Right to data portability | To request your data in a structured, commonly used format to transfer elsewhere. |
| Right to object | To object to processing based on legitimate interests, including direct marketing. |
| Rights related to automated decision-making | To not be subject to a decision based solely on automated processing that significantly affects you. We do not currently use fully automated decision-making that produces legal or similarly significant effects. |
To exercise any of these rights, contact us at contact@catalysemedia.com. We will respond within one calendar month. If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO), the UK's data protection regulator, at ico.org.uk or by calling 0303 123 1113.
We take the security of your personal data seriously and have put reasonable technical and organisational measures in place, including:
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.
Our services are intended for business use and are not directed at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us and we will delete it.
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. The “Last updated” date at the top of this document will always reflect the most recent version. We encourage you to review this policy periodically.
If you have any questions, concerns, or requests relating to this privacy policy or how we handle your personal data, please get in touch: