Privacy Policy | AgencySort

1. Who we are

AgencySort Ltd (“AgencySort”, “we”, “us”, “our”) operates the website agencysort.com. We are the data controller responsible for your personal data. For questions about this policy or your data, contact us at hello@agencysort.com.

2. What data we collect

We collect data in the following categories:

Account and profile data (agencies)

When you create an agency account, we collect your name, email address, company name, company website, phone number, business address, service descriptions, portfolio case studies, team size, and any other information you voluntarily add to your listing profile.

Project brief data (buyers)

When you submit a project brief, we collect your name, email address, project description, budget range, and location preference. This information is shared with matched agencies.

Review data

When you submit a client review, we collect your name, email address (for verification), your relationship to the agency, and your review content. Your email is not displayed publicly.

Usage and analytics data

We collect standard web analytics data including pages visited, time on site, referring URLs, browser type, and approximate location (country/city level). We use this to improve the platform. We do not use third-party advertising trackers.

Payment data

Payment information is processed by Stripe. We do not store your card details. We retain records of transactions (amount, date, subscription plan) for accounting purposes.

3. How we use your data

→ To operate and provide the AgencySort platform
→ To process agency applications and verify listings
→ To match project briefs with relevant agencies and notify them
→ To process subscription payments
→ To send service emails (account notifications, brief matches, review requests)
→ To improve the platform through analytics
→ To comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for automated decision-making that produces legal or similarly significant effects.

4. Legal basis for processing

Under UK GDPR and EU GDPR, we process your data on the following legal bases:

→ Contract: Processing necessary to perform our contract with you (account services, subscriptions)
→ Legitimate interests: Platform security, fraud prevention, improving our service, analytics
→ Legal obligation: Tax records, compliance requirements
→ Consent: Marketing emails (where you have opted in)

5. Data sharing

We share data only as necessary to operate the platform:

→ Supabase: Our database and authentication provider (EU-hosted)
→ Stripe: Payment processing
→ Resend / email provider: Transactional email delivery
→ Vercel: Hosting and edge infrastructure
→ Agencies: When you submit a project brief, your name, email, and brief details are shared with matched agencies so they can contact you

All processors are contractually bound to process data only as instructed and to maintain appropriate security measures.

6. Cookies

We use essential cookies required to operate the platform (session authentication, CSRF protection). We use analytics cookies to understand how the site is used — these do not track you across other websites and do not build advertising profiles. We do not use third-party advertising or tracking cookies. You can disable non-essential cookies in your browser settings.

7. Data retention

We retain your data for as long as your account is active or as needed to provide services. Agency profile data is retained for the duration of your listing, plus 12 months after deletion for compliance purposes. Project brief data is retained for 24 months. Transaction records are retained for 7 years for accounting and tax purposes. You may request deletion of your data at any time (see section 8).

8. Your rights

Under UK and EU data protection law, you have the following rights:

→ Access: Request a copy of the personal data we hold about you
→ Rectification: Request correction of inaccurate data
→ Erasure: Request deletion of your data (“right to be forgotten”)
→ Portability: Receive your data in a structured, machine-readable format
→ Restriction: Request restriction of processing in certain circumstances
→ Objection: Object to processing based on legitimate interests
→ Withdraw consent: Withdraw any consent you have given at any time

To exercise any of these rights, contact us at hello@agencysort.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We implement appropriate technical and organisational security measures to protect your personal data, including encryption in transit (TLS), encrypted storage, row-level security on our database, and access controls limiting who can view personal data. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.

10. International transfers

Our primary infrastructure is hosted in the EU. Some of our service providers (Stripe, Vercel) operate in the United States. Where data is transferred outside the UK/EEA, we ensure adequate safeguards are in place, including Standard Contractual Clauses approved by the UK ICO and/or EU Commission.

11. Children's privacy

AgencySort is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email. The “last updated” date at the top of this page reflects the most recent revision. Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions, data subject requests, or concerns, please contact us at: hello@agencysort.com