Privacy policy

Last updated: 20 April 2026

Who we are

This privacy policy explains how Zephira Social handles personal data. Zephira Social is a trading name of Crimson Fox Retail Ltd, a company registered in England and Wales (company number 16808606). Our registered office is Unit 1, Kataria Point, 1 Riches Road, Ilford, Essex IG1 1JH.

For the purposes of UK data protection law (the UK GDPR and Data Protection Act 2018), we are the data controller of the personal data we collect.

Questions? Email zephirasocial@gmail.com.

When we collect data

We only collect personal data when you choose to share it with us. That means:

When you contact us. If you email us, message us on WhatsApp, fill in a form on this website, or message us on social media, we collect your name, contact details, and the content of your message.

When you become a client. Once we start working together, we collect the information we need to deliver the service. This includes your business details, brand voice information, billing details, content you send us (photos, videos, updates), and access to your social media accounts.

We do not use Google Analytics, Meta Pixel, or any third party tracking on this website.

Why we hold it, and on what basis

We only process personal data where we have a lawful basis under UK GDPR:

  • To reply to your enquiry. Our legitimate interest in responding to people who contact our business.
  • To deliver the service. Necessary for the performance of our contract with you.
  • To issue invoices and keep financial records. Required by tax and company law, which require us to keep records for at least 6 years.
  • To manage access to your social media accounts. Necessary for the performance of our contract.

Who we share it with

We do not sell personal data. We share it only with:

  • Service providers who help us run our business, including our website host MailerLite, design and scheduling tools, accounting provider, cloud storage, and WhatsApp for client communication.
  • The social media platforms themselves, when we post or respond on your behalf.
  • HMRC, Companies House, or other authorities where legally required.
  • Our professional advisers where reasonably necessary.

Some of these providers are based outside the UK. Where personal data is transferred internationally, we rely on protections approved under UK data protection law.

How long we keep it

Enquiries that don't become clients: up to 12 months.

Active client records: for the duration of our working relationship.

Client records after the relationship ends: up to 7 years, to meet our accounting and legal obligations.

Access credentials: deleted within 30 days of the end of our engagement.

Raw content you've sent us: deleted within 90 days of termination unless you ask otherwise.

Your rights

Under UK GDPR you have the right to:

  • Ask for a copy of the personal data we hold about you
  • Ask us to correct anything that's wrong
  • Ask us to delete your data in certain circumstances
  • Object to or restrict how we use it
  • Withdraw your consent where consent is our basis
  • Ask for your data in a portable format

To exercise any of these rights, email zephirasocial@gmail.com. We'll respond within one month.

If you're not happy with how we handle your data, you can complain to the Information Commissioner's Office at ico.org.uk or on 0303 123 1113. We'd appreciate the chance to sort it first, though.

Created with MailerLite