This privacy policy explains how visible.md (a trading name of Marketing Signals Ltd) collects, uses, stores, and protects your personal data when you visit our website or purchase our services.
We're committed to handling your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU GDPR, and the Privacy and Electronic Communications Regulations (PECR).
Quick summary
We collect only the information needed to deliver our services: your name and email when you contact us or buy an audit, your company details for the audit itself, and basic analytics about how you use the site. We don't sell your data, ever. You have the right to access, correct, or delete your data at any time — email gareth@visible.md.
1. Who we are
visible.md is a trading name of Marketing Signals Ltd, registered in England and Wales (Company no. 09767832). Marketing Signals Ltd is the data controller for personal data collected via this website.
Registered office: 33 Harrison Road, Halifax, HX1 2AF, United Kingdom.
For all data protection queries, contact: gareth@visible.md
2. What personal data we collect
Depending on how you interact with us, we collect:
When you browse the website
- Analytics data via Google Analytics 4 — anonymised IP address, browser type, pages visited, time on page, country and city of access, device type. This is collected only after you give cookie consent.
- Essential technical data — log files and cookies required for the site to function (these don't require consent under PECR).
When you submit an audit intake form
- Your name and business email address
- Company name, website URL, and market
- Competitor list and audit-specific configuration details
- Any free-text context you provide
When you purchase an audit or retainer
- Billing name, email, and country (collected by Stripe)
- Payment card details — these go directly to Stripe and we never see or store them
- VAT number if you provide one
- Records of payment, refund, and audit delivery for accounting and legal purposes
When you book a call
- Information you provide via Calendly when booking — name, email, time zone, and any notes you share
3. How we use your data
| Purpose | Lawful basis (UK GDPR) |
|---|---|
| Deliver the audit or retainer you've purchased | Contract |
| Send you the audit report and related communications | Contract |
| Process payments and send receipts | Contract / Legal obligation |
| Respond to enquiries you send us | Legitimate interests |
| Maintain accounting records (HMRC compliance) | Legal obligation |
| Improve the website using analytics | Consent |
| Send service-related updates about your audit | Contract |
| Detect and prevent fraud or abuse of the service | Legitimate interests |
We will never use your data for marketing purposes without your explicit consent. We don't add audit purchasers to a marketing newsletter or share their data with third parties for marketing.
4. Who we share your data with
We share data only with carefully chosen processors who help us deliver the service. We have data processing agreements (DPAs) in place with all of them.
| Processor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA / Ireland (EU representative) |
| Resend | Transactional email delivery | USA |
| Vercel | Website hosting | USA / Global edge |
| Cloudflare | DNS, email routing, security | USA / Global edge |
| Google Analytics | Anonymised website analytics | USA / Ireland |
| Calendly | Call booking (Managed tier only) | USA |
| Anthropic, OpenAI, Google, Perplexity | AI engine queries during audit (no personal data sent) | USA |
| SEMrush, Ahrefs, MOZ, DataForSEO | SEO authority data lookups (domain only) | USA / Cyprus / Latvia |
For transfers outside the UK / EEA, we rely on the UK Addendum to the EU Standard Contractual Clauses, the EU SCCs themselves, or the UK Extension to the EU-US Data Privacy Framework where applicable.
We don't sell your data. We don't share it with advertising networks. We don't use it to train AI models.
5. How long we keep your data
- Audit reports and intake data: retained for 6 years from delivery, then deleted, in line with HMRC record-keeping requirements
- Payment records: 6 years (HMRC requirement)
- Analytics data (Google Analytics): 14 months
- Email correspondence: 3 years from last contact, unless related to an active customer relationship
- Call recordings or notes: we don't record calls. Notes are kept only for the duration of an active engagement.
6. Your rights
Under UK GDPR you have the following rights:
- Right of access — ask for a copy of the data we hold about you
- Right to rectification — correct inaccurate data
- Right to erasure ("right to be forgotten") — request we delete your data, subject to legal retention requirements
- Right to restrict processing — limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — where we rely on consent (e.g., analytics), you can withdraw at any time
To exercise any of these rights, email gareth@visible.md. We'll respond within one calendar month.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) — ico.org.uk.
7. Cookies
We use a minimal set of cookies. See our Cookie Policy for full details.
In summary: essential cookies are always on (these are required for the site to function). Analytics cookies (Google Analytics) only fire if you accept them via the cookie banner. We don't use marketing or advertising cookies.
8. Data security
We take reasonable technical and organisational measures to protect your data:
- HTTPS encryption across the entire site
- Encrypted data at rest with all our processors
- Access to customer data is restricted to authorised Marketing Signals personnel
- Regular security reviews and patching
- API keys and secrets stored in encrypted environment variables, never in source code
No system is perfectly secure. If a breach affects your data, we'll notify you and the ICO within 72 hours of becoming aware, where required by law.
9. Children
Our service is not directed at children under 18 and we don't knowingly collect data from anyone under that age.
10. International users
If you're in the European Economic Area (EEA), we comply with the EU GDPR in addition to the UK GDPR. Marketing Signals Ltd doesn't currently have an EU representative, as our processing of EU-resident data falls below the threshold requiring one. This may change as the business grows; we'll update this policy if so.
11. Changes to this policy
We'll update this policy as our practices evolve. Material changes will be flagged on the homepage for at least 14 days. The "Last updated" date at the top of this page always reflects the latest version.
12. Contact
Marketing Signals Ltd
33 Harrison Road, Halifax, HX1 2AF
United Kingdom
Company no. 09767832
Email: gareth@visible.md