Privacy Policy

Last updated: April 2026

1. Who We Are

Posh Socials Ltd is a digital marketing agency based in the United Kingdom. We manage paid advertising campaigns (including Google Ads, Meta Ads, and social media advertising) and social media accounts on behalf of our clients.

We operate a proprietary internal platform called Aycent (accessible at meta-ads-report.aycent.com) which is used exclusively by our team and our managed clients to access performance reports, leads, and campaign data.

Contact: jalpa@poshsocials.co.uk | poshsocials.co.uk

2. Data We Collect

2.1 Client Business Data

When we manage your advertising accounts, we access and process:

• Google Ads campaign data — campaigns, ad groups, ads, keywords, budgets, metrics (impressions, clicks, spend, conversions)
• Meta Ads campaign data — campaigns, ad sets, ads, creative assets, audience definitions, spend and performance metrics
• Ad account credentials and access tokens necessary to manage campaigns on your behalf
• Business information provided during onboarding (business name, website, contact details)

2.2 Lead Data

When we manage lead generation campaigns on your behalf, we may receive and store:

• Lead contact details submitted via Google Lead Form extensions or Meta Lead Ads (name, email, phone number)
• Lead qualification status and contact history within our CRM system
• Custom question responses submitted by leads on your lead forms

2.3 Platform User Data

For users of the Aycent platform (our team and client contacts):

• Login credentials (email address and hashed password)
• Session data for authentication purposes
• Notification preferences and contact email addresses

2.4 API Usage Data

In operating our platform, we use the following third-party APIs on behalf of our clients:

• Google Ads API — to read and manage Google Ads campaigns, sync performance metrics, and process lead form submissions
• Meta Graph API — to read and manage Meta Ads campaigns, sync performance metrics, receive lead webhooks, and send Conversions API events
• WhatsApp Business API — to power AI-assisted customer messaging for applicable clients

3. How We Use Data

We use the data we collect exclusively for the following purposes:

• Campaign management — creating, pausing, modifying, and reporting on advertising campaigns on your behalf
• Performance reporting — displaying campaign metrics, spend, leads, and conversions in our client dashboard
• Lead management — storing and tracking leads generated through your advertising campaigns
• Conversion optimisation — sending offline conversion data (lead outcomes) back to Google Ads and Meta to improve campaign performance
• Platform security — authenticating users and maintaining audit logs of platform activity
• Client communication — sending performance reports and lead notifications to authorised contacts

We do not sell, rent, or share your data with any third parties for their own marketing purposes.

4. Legal Basis for Processing (UK GDPR)

We process data under the following legal bases:

• Contract performance — processing is necessary to deliver the advertising management services you have engaged us to provide
• Legitimate interests — operating and improving our platform, maintaining security, and providing accurate reporting
• Consent — where required for lead data collected via advertising forms, consent is obtained at the point of collection by the lead form itself

5. Data Storage and Security

• All data is stored on our dedicated server infrastructure based in the United Kingdom
• API credentials and access tokens are stored encrypted in our database and are never stored in source code or transmitted to client devices
• All platform access is via HTTPS with valid SSL certificates
• Client data is isolated at the database level — each client can only access their own data
• Our platform maintains an audit log of all significant operations for security and compliance purposes
• We conduct regular database backups with secure off-site storage

6. Data Retention

• Campaign performance data is retained for the duration of our agency relationship plus 12 months
• Lead data is retained for the duration of our agency relationship, or as otherwise agreed with the client
• Platform login data is deleted within 30 days of account termination
• API access tokens are revoked and deleted upon termination of our agency relationship

7. Third-Party Services

In delivering our services we interact with the following third-party platforms. Each has their own Privacy Policy:

• Google LLC — Google Ads API, Google Analytics. Google Privacy Policy
• Meta Platforms Inc — Meta Ads API, Meta Conversions API, WhatsApp Business API. Meta Privacy Policy
• Anthropic PBC — AI language model API used for campaign recommendations and WhatsApp AI responses. Anthropic Privacy Policy

We only share data with these third parties to the extent necessary to deliver your campaign management services.

8. Google Ads API — Specific Disclosure

Posh Socials Ltd uses the Google Ads API to manage Google Ads campaigns on behalf of clients under our Google Ads Manager Account (MCC). Our use of the Google Ads API is subject to the Google Ads API Terms of Service.

• We access Google Ads data only for accounts where the client has explicitly granted our MCC manager access
• We do not use the Google Ads API for any purpose other than managing and reporting on our clients' advertising campaigns
• We do not resell, sublicense, or otherwise distribute Google Ads API access to third parties
• All Google Ads data accessed via API is used solely for the benefit of the account owner
• Offline conversion data is only submitted for conversions that originated from the client's own Google Ads campaigns

9. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data (subject to legal obligations)
• Right to restriction — request that we limit processing of your data
• Right to portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests

To exercise any of these rights, please contact us at jalpa@poshsocials.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been processed unlawfully.

10. Cookies

Our Aycent platform uses session cookies strictly for authentication purposes. These cookies are essential for platform operation and do not track users across third-party websites. We do not use advertising or analytics cookies on our platform.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active clients of material changes by email. The date at the top of this page will always reflect the most recent update.

12. Contact Us

For any questions about this Privacy Policy or how we handle your data:

• Email: jalpa@poshsocials.co.uk
• Website: https://poshsocials.co.uk
• Company: Posh Socials Ltd, United Kingdom