Privacy Policy

Privacy Policy & Data Protection Statement

Effective Date: 9th February 2026

Jurisdiction: United Kingdom

1. Introduction

Welcome to SiteFlow Tech ("we", "us", "our"). We are committed to protecting the privacy and security of your personal data.

This Privacy Policy explains how we collect, use, and safeguard information when you visit our website, use our services, or interact with our digital tools (including our Client Portal and "Lead Connector" mobile application).

We operate in strict compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

 

2. Who We Are (Controller vs. Processor)

It is important to understand our role in handling data, as it changes depending on the situation:

We are the Data Controller when dealing with your data (e.g., our direct clients' billing information, business contact details, and account login credentials).

We are the Data Processor when we provide you with services like a GoHighLevel sub-account, automated SMS systems, or website hosting. In this case, you (the Client) remain the Data Controller for your customers' ("Leads") data, and we process it strictly on your behalf and according to your instructions.

When using WhatsApp Business API services (Phase 2), the Client acknowledges that Meta Platforms, Inc. acts as an additional Sub-Processor. The Client is responsible for ensuring their Leads consent to communication via the WhatsApp platform.

 

3. The Data We Collect

We may collect and process the following categories of personal data:

Identity Data: First name, last name, username, or similar identifier.

Contact Data: Billing address, email address, and telephone numbers.

Financial Data: Payment card details (processed securely via Stripe; we do not store full card numbers).

Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types, and operating system (collected via Cookies).

Usage Data: Information about how you use our website, products, and services.

Profile Data: Your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.

Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.

 

4. How We Use Your Data (Lawful Basis)

Under UK GDPR, we are required to identify a "lawful basis" for every way we handle your information. We process your data under the following conditions:

Contractual Necessity: We use your Identity and Contact data to register you as a new client and your Financial data to process your monthly subscriptions and orders. This is essential for the Performance of our Contract with you; without this data, we cannot provide the SiteFlow Tech service.

Legal Obligations & Relationship Management: We process your Identity and Contact details to manage our ongoing relationship. This includes notifying you about changes to our terms or asking for feedback. This is done to fulfil our Legal Obligations (for critical notices) and our Legitimate Interests in keeping our business records accurate and updated.

Service Improvement & Analytics: We collect Technical and Usage data to study how clients interact with our website and software. This is based on our Legitimate Interest to improve our products, define our customer base, and ensure our digital content remains relevant and secure.

Marketing Communications: We may use your Contact and Identity information to send you relevant marketing updates. This is processed based on your Consent (if you have opted in) or our Legitimate Interest in developing our business through professional B2B (business-to-business) communication. You have the right to opt out of these communications at any time.

Automated Decision Making & Profiling

We use automated technologies (such as "Lead Scoring") to understand your engagement with our services. For example, if you open our emails frequently or visit our pricing page, our system may increase your "score" to help us prioritise our outreach.

Note: This profiling is for marketing and service optimisation purposes only and does not produce legal effects concerning you.

 

5. Third-Party Sub-Processors & Data Sharing

To deliver our services, we share data with trusted third-party service providers ("Sub-Processors"). By using our services, you acknowledge their role:

GoHighLevel (HighLevel, Inc.): Our primary CRM and hosting infrastructure provider.

Stripe: For secure payment processing.

Twilio: For SMS and telephony services.

Google & Meta (Facebook): We may use "Custom Audiences" features to show you relevant ads on social media. This involves hashing your email address to match it with your social media profile securely.

Google API "Limited Use" Disclosure

Our platform's integration with information received from Google APIs (such as connecting your Gmail or Google Calendar) will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use this data for advertising or other non-essential purposes.

Meta Platforms, Inc. (WhatsApp Business API): To facilitate automated WhatsApp messaging and media exchange.

OpenAI / GHL AI: (If you use the Tier 3 AI features) For processing inbound lead queries via AI Voice or Chat.

 

6. International Transfers

Our primary technology provider, GoHighLevel, is based in the United States. This means your personal data may be transferred to and processed on servers outside the UK.

We ensure your data is protected by relying on the UK Extension to the EU-US Data Privacy Framework (Data Bridge) or Standard Contractual Clauses (SCCs) approved by the UK Government, which contractually oblige our US partners to protect your data to UK standards.

 

7. SMS & WhatsApp Messaging Compliance

Our systems enable automated SMS communication. If you use our services to send messages to your own customers, you agree to the following strict conditions:

Consent: You must ensure all recipients have explicitly "Opted-In" to receive SMS from you.

No Cold Texting: You strictly agree not to use our system for "Cold" or "Unsolicited" SMS marketing.

Indemnity: You agree to indemnify SiteFlow Tech against any fines, legal fees, or damages resulting from your failure to comply with the Privacy and Electronic Communications Regulations (PECR) or other anti-spam laws.

Media Data: The Client acknowledges that images, PDFs, and voice notes sent via WhatsApp or MMS are processed through SiteFlow Tech’s Sub-Processors. The Client warrants they have the right to receive such media from their Leads.

 

8. Data Retention & Deletion

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for.

Active Accounts: Data is retained for the duration of your contract.

Suspended Accounts: If your account is suspended for non-payment, we will provide a 14-day grace period.

Termination: 30 days after your account is terminated, we reserve the right to permanently delete your sub-account and all associated data. This is an automated process to comply with the GDPR principle of "Data Minimisation."

 

9. Data Security & Breach Protocol

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.

In the unlikely event of a data breach, we have a protocol to notify you and any applicable regulator (such as the ICO) within 72 hours of becoming aware of the breach, where we are legally required to do so.

 

10. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

Request access to your personal data.

Request correction of your personal data.

Request erasure of your personal data ("Right to be Forgotten").

Object to the processing of your personal data (e.g., for direct marketing).

Request restriction of processing of your personal data.

Request transfer of your personal data (Data Portability).

Right to Withdraw Consent at any time where we are relying on consent to process your data.

To exercise any of these rights, please contact us at [email protected].

 

11. Cookies & Similar Technologies

Our website uses cookies, local storage, and similar tracking technologies to distinguish you from other users. For detailed information on the cookies we use and the purposes for which we use them, please see our [Cookie Policy].

 

12. Changes to This Privacy Policy

We keep our privacy policy under regular review. This version was last updated on the date listed at the top of this page.

 

13. Contact & Complaints

If you have any questions about this privacy policy or our privacy practices, please contact us:

Email: [email protected]

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Cookie Policy

Cookies & Similar Technologies Policy

Last Updated: 9th February 2026

Disclaimer: This document is a template and is provided for informational purposes only. We recommend having this policy reviewed by a legal professional to ensure full compliance with your specific business practices and local regulations.

 

1. Introduction

At SiteFlow Tech, we believe in being clear and open about how we collect and use data related to you. This policy provides detailed information about how and when we use cookies on our website and associated subdomains (including our Client Portal).

By using our website, you agree to the use of cookies and similar technologies as described in this policy.

 

2. What Are Cookies?

Cookies are small text files that are downloaded to your device (computer, tablet, or mobile) when you visit a website. They allow the site to recognise your device and store some information about your preferences or past actions.

We also use Local Storage (technically known as "HTML5 Local Storage"). This is similar to cookies but allows us to store information directly in your browser’s memory. We use this to make your experience faster and more seamless, such as keeping your place in a form or remembering your chat history.

 

3. How We Use Cookies

We use cookies to make our site work correctly, to analyse how visitors use our site so we can improve it, and to provide a more personalised experience. We categorise our cookies into the following types:

 

A. Strictly Necessary Cookies

These cookies are essential for you to browse the website and use its features, such as accessing secure areas. Without these cookies, the services you have asked for cannot be provided.

Security: We use cookies to protect our website from malicious attacks.

Client Portal: If you log in to our client dashboard to manage your leads or view reports, we use secure authentication cookies to keep you logged in during your session.

Spam Protection: This site is protected by reCAPTCHA, and the Google Privacy Policy and Terms of Service apply.

 

B. Functionality Cookies

These allow our website to remember choices you make to give you better functionality and a personal experience.

Sticky Contact: As our site is built on the GoHighLevel platform, we use cookies to "remember" your details (like your name or email) if you have filled out a form previously. This saves you from re-typing your information on return visits.

Chat Widget: We use a webchat widget to provide support. Cookies and local storage are used to maintain your conversation history across different pages so you don't lose your chat when you click a link.

WhatsApp Business API: When using our WhatsApp-integrated chat features, Meta Platforms, Inc. may use cookies or local storage to facilitate the secure transfer of media and message history within the browser.

 

C. Performance & Analytics Cookies

These cookies collect information about how you use our website, such as which pages you visit most often and if you get error messages. These cookies do not collect information that identifies you personally; all information is aggregated and anonymous.

Traffic Analysis: We use third-party tools (like Google Analytics) to track visitor volume and behaviour.

Call Tracking: We may use "Dynamic Number Insertion" technology. This swaps the phone number displayed on our site depending on how you found us (e.g., via Google or Facebook). A cookie is used to ensure you see the same phone number throughout your visit.

AI Intent Tracking: We may use internal identifiers to track the performance of our AI assistants in successfully resolving customer queries without identifying you personally.

 

D. Marketing & Retargeting Cookies

These cookies record your visit to our website, the pages you have visited, and the links you have followed.

We may use this information to make our website and the advertising displayed on it more relevant to your interests.

Third-Party Pixels: We may share this information with third parties (such as Facebook or Google) for this purpose. This means you may see ads for SiteFlow Tech on other websites after you leave our site.

 

4. Cookie Table (Common Examples)

Below is a list of common cookies and storage technologies we may use on this site. Please note: Third-party tools may change their cookie names periodically.

Cookie & Storage Technologies

To provide a high-performance digital experience, SiteFlow Tech utilizes cookies and similar storage technologies. These are categorised into the following functions:

Essential & Necessary Technologies: We use internal system cookies, such as pl_session and msgs_id, to preserve your session state across page requests and ensure that lead messages are routed to your correct dashboard. These are critical for the security and basic operation of the SiteFlow Tech platform.

Functional & Chat Support: To enable a seamless communication experience, we utilise functional cookies like chat_widget and wa_session. These allow the system to recognise returning customers, load their previous conversation history, and manage media exchanges (such as photos and postcodes) via the WhatsApp Business API.

Analytics & Performance Tracking: We use industry-standard tools like Google Analytics (_ga, gid, linkid) and call tracking (call_trk_id) to understand how visitors navigate your site. These cookies distinguish between unique users and track link clicks or phone number "swaps," allowing us to show you exactly which marketing efforts are resulting in phone calls.

Performance & Security: We utilise cfbm (Cloudflare) to read and filter requests from bots to protect the site from malicious traffic and test_cookie to check if your browser supports cookies.

Marketing & Attribution: To help grow your business, we may use marketing pixels from Google (_gcl_au, gclaw) and Meta/Facebook (_fbp). These allow us to measure the efficiency of advertisements and ensure that your brand is shown to relevant local customers who have previously interacted with your digital profiles

 

 

5. Third-Party Embeds

Some of the content on our website may be embedded from other sites, such as:

Videos (YouTube or Vimeo)

Maps (Google Maps)

Calendars (Booking widgets)

When you visit a page with such content, you may be presented with cookies from these third-party websites. We do not control the dissemination of these cookies, and you should check the relevant third-party website for more information.

 

6. International Data Transfers

Our website platform provider (GoHighLevel) is based in the United States. This means that some data collected via cookies (such as your IP address) may be processed on servers outside of the UK/EEA. We ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements.

 

7. How to Manage Your Cookies

You have the right to accept or reject cookies.

Cookie Settings: You can change your preferences at any time by clicking the "Cookie Settings" link located in the footer of our website.

Browser Settings: You can also control cookies through your browser settings. Most browsers allow you to verify which cookies you have and delete them on an individual basis or block cookies from specific or all websites. Google Chrome Safari Microsoft Edge

Please note that if you limit the ability of websites to set cookies, you may worsen your overall user experience and lose the ability to access services like the Client Portal or Chat Widget.

 

8. Changes to this Policy

We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. Please stick back to this page regularly to stay informed about our use of cookies.

 

9. Contact Us

If you have any questions about our use of cookies or other technologies, please email us at:

Email: [email protected]