Plain English summary: We collect your data to provide Sales Hub Cloud. We don't sell your data. We use trusted third-party services (listed below). You have full rights to access, correct, or delete your data at any time.
1. Who we are
Sales Hub Cloud is operated by Zayn Productions Ltd, a company registered in England and Wales (Company No. 16892199), with registered address at 1 Alvin Street, Gloucester, England, GL1 3EJ.
We are the data controller for personal data collected through the Sales Hub Cloud platform and website at saleshubcloud.co.uk. For questions about your data, contact us at [email protected].
2. What data we collect
Account and identity data
- Full name, email address, and phone number (provided on signup)
- Organisation name and role within your organisation
- Hashed password (we never store passwords in plain text)
- Profile photo (if uploaded)
Usage and activity data
- Login timestamps, IP addresses, and device/browser information
- Actions taken within the platform (audit log entries)
- Feature usage patterns and session duration
Client and case data (entered by you)
- Contact details, case notes, documents, and communications for your clients
- This data is owned by your organisation. We process it only on your instructions as a data processor.
Communications data
- Emails sent and received via the platform (stored via IMAP)
- WhatsApp Business messages sent and received
- SMS messages and AI call recordings/transcripts
Payment data
We do not store payment card details. All payment processing is handled by our payment processor. We receive only transaction confirmation and subscription status.
3. How we use your data
- To create and manage your Sales Hub Cloud account and organisation
- To provide the CRM, pipeline management, and communication features
- To send you service emails (welcome, trial reminders, expiry warnings)
- To provide customer support and respond to your queries
- To improve and develop the platform using aggregated, anonymised usage data
- To comply with legal obligations (e.g., accounting, fraud prevention)
- To enforce our Terms of Service
We do not use your data for advertising, and we do not sell your personal data to any third party.
4. Legal basis for processing (UK GDPR)
- Contract performance — processing necessary to provide the service you've signed up for
- Legitimate interests — security monitoring, fraud prevention, and product improvement
- Legal obligation — where we are required to retain records by law
- Consent — where we ask for your permission (e.g., marketing emails). You may withdraw consent at any time.
5. Who we share data with
We use the following trusted sub-processors to operate the platform. Each is contractually bound to process your data only as instructed and to maintain appropriate security:
- Replit — cloud hosting and infrastructure (United States)
- Google Cloud — file and document storage (United States)
- Brevo (Sendinblue) — transactional email delivery (France/EU)
- Twilio — SMS and WhatsApp Business messaging (United States)
- OpenAI — AI features including GPT-4o case note formatting (United States)
- ElevenLabs — AI voice call generation (United States)
- Meta / Facebook — lead ad integration (United States)
- TikTok — lead ad integration (varies by region)
- DocsCheck — document verification (United Kingdom)
- IONOS — IMAP email hosting (Germany/EU)
We will disclose your data to law enforcement or regulatory bodies if required to do so by law, or where we believe disclosure is necessary to protect our rights or the safety of others.
6. How long we keep data
- Active accounts: data is retained for as long as your account is active
- Trial accounts: if you do not subscribe, account data is deleted 30 days after trial expiry
- Closed accounts: personal data is deleted within 90 days of account closure, except where we are required to retain it by law (e.g., financial records — 6 years under UK law)
- Audit logs: retained for 7 years for compliance purposes
- Email and communication logs: retained for the duration of the account plus 90 days
7. Your rights under UK GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — ask us to correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data in certain circumstances
- Right to restrict processing — ask us to pause processing your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing
- Rights related to automated decision-making — we do not make solely automated decisions with significant legal effects
To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
Our website uses cookies and similar technologies. Please see our Cookie Policy for full details. Essential cookies are required for the platform to function. You can control non-essential cookies via your browser settings or our cookie banner.
9. International data transfers
Some of our sub-processors are based outside the UK and European Economic Area (EEA), including the United States. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
- UK adequacy decisions (where applicable)
- Standard Contractual Clauses (SCCs) approved by the ICO
- Processor contracts with data protection obligations
10. Security
We take the security of your data seriously. Our measures include:
- Passwords hashed using industry-standard algorithms (bcrypt)
- Session-based authentication with secure cookies
- HTTPS encryption in transit for all data
- Database backups with encryption at rest
- API keys stored server-side only — never exposed to the frontend
- Full audit logging of all user actions
- Instant account disable capability (force logout of all devices)
In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you and the ICO within 72 hours as required by law.
For any privacy-related questions, requests, or complaints:
- Email: [email protected]
- Post: Zayn Productions Ltd, 1 Alvin Street, Gloucester, England, GL1 3EJ
We aim to respond to all requests within 30 days. If you are not satisfied with our response, you have the right to complain to the ICO at