— Legal

Privacy policy

Last updated: 18 April 2026

Danson Marketing Ltd ("Danson", "we", "us", or "our") takes the privacy of our website visitors, product users, and their end-customers seriously. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.

This policy is issued under the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

1. Who we are

The data controller is:

Danson Marketing Ltd
Registered in England & Wales
Contact: [email protected]

For data protection queries specifically, contact the same address with the subject line "Data protection request".

2. What we collect

2.1 When you visit this website

We collect minimal technical information automatically, including your IP address (anonymised), browser type, approximate geographic location (country / region), pages viewed, and referring URL. This is used for analytics and security only.

2.2 When you contact us

When you submit a form, email us, or book a call, we collect the information you provide: name, email, company, phone (optional), and the content of your message. We use this to respond to your enquiry and — if relevant — onboard you as a client.

2.3 When you use Danson AI as an end-customer

If you are a customer of a business using Danson AI (our SaaS product), the business you are interacting with is the data controller of your conversation. Danson acts as a data processor on their behalf.

We process: your message content, phone number or social media handle (depending on channel), name if you provide it, timestamps, and routing metadata. We do not sell this data, do not use it to train third-party AI models, and do not share it with anyone outside the client business unless required by law.

2.4 When you use Danson AI as a client business

We collect: your company information, billing details (processed by our payment processors, see §5), authentication credentials (hashed), configuration data (your FAQs, services, tone-of-voice samples), and usage metrics.

3. Lawful basis for processing (UK GDPR Art. 6)

  • Contract — processing necessary to deliver services to you as a client.
  • Legitimate interests — replying to enquiries, maintaining security, improving our services. We balance these against your rights.
  • Consent — for non-essential cookies and marketing emails (both opt-in).
  • Legal obligation — retaining records for tax, anti-money-laundering, or other statutory purposes.

4. Meta platform integrations (WhatsApp, Messenger, Instagram)

Danson AI connects to the WhatsApp Business API, Facebook Messenger Platform, and Instagram Messaging API on behalf of our client businesses. This section discloses specifically how Meta-sourced data is handled.

4.1 WhatsApp Business API

  • Messages are received via Meta's official WhatsApp Business Platform (Cloud API) or, where authorised, via Evolution API as a self-hosted gateway on behalf of the client.
  • We process only the messages sent to or from the business's registered WhatsApp Business number.
  • Message content is retained only for the period necessary to operate the service (typically 90 days for active processing, then archived for up to 12 months unless the client business configures a shorter period).
  • We comply with Meta's WhatsApp Business Solution Terms and the WhatsApp Business Messaging Policy.
  • End-customers can opt out of further AI-assisted conversation at any time by sending "STOP" or equivalent — this is then handled by a human representative of the business.

4.2 Facebook Messenger & Instagram Messaging

  • Danson AI connects via Meta's Graph API and uses tokens granted by the client business's authorised Facebook page and Instagram business account.
  • We request only the permissions necessary to receive, process, and respond to messages (e.g. pages_messaging, instagram_manage_messages).
  • Profile information accessed is limited to public profile fields and the message contents. We do not scrape posts, friend lists, or ad engagement data.
  • Data retention and deletion follows the same rules as WhatsApp (§4.1) and Meta's Platform Terms.
  • End-customers can revoke permissions at any time via their Meta account settings.

4.3 Meta data deletion

Per Meta Platform requirements, end-customers can request deletion of their data by emailing [email protected] with the subject "Meta data deletion request". We will process the request within 30 days and confirm completion.

5. Third-party processors

We use the following third parties to deliver our services. Each is bound by a data processing agreement:

  • Anthropic and OpenAI — for LLM inference. Client conversation content is sent to generate responses. Neither provider trains on our API traffic by default.
  • Meta Platforms — for WhatsApp, Messenger, Instagram connectivity.
  • Stripe and PayPal — for payment processing (client billing and, where configured, end-customer payment collection).
  • Hetzner / UK-based hosting — for server infrastructure. Primary data residency is within the UK / EU.
  • HubSpot, Zoho, Pipedrive — as CRM integrations, only when explicitly configured by the client business.

6. International data transfers

Some of our processors (notably Anthropic, OpenAI, Meta, Stripe) are based in the United States or other non-UK/EU jurisdictions. Transfers rely on:

  • The UK/EU–US Data Privacy Framework, where applicable.
  • Standard Contractual Clauses (SCCs) approved by the UK ICO and European Commission.
  • Where appropriate, supplementary technical measures (encryption in transit and at rest).

7. Retention

  • Website contact enquiries: 24 months from last interaction.
  • Active conversation data (Danson AI): 90 days active, 12 months archive, then deleted — unless the client configures otherwise.
  • Client account data: duration of subscription + 7 years for tax/accounting purposes.
  • Financial records: 7 years (UK statutory requirement).
  • Logs (security, access): 90 days.

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request rectification of inaccurate data.
  • Request erasure ("right to be forgotten") where applicable.
  • Restrict processing.
  • Data portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time (for consent-based processing).
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these, email [email protected]. We respond within 30 days.

9. Cookies

We use cookies described fully in our Cookie Policy.

10. Children's privacy

Our services are intended for businesses and individuals aged 18 or over. We do not knowingly collect data from children under 13. If you believe we have collected such data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via our website and, where we have the contact details, by email. The "Last updated" date at the top of this page will always reflect the most recent revision.

12. Contact

Questions, complaints, or data requests:
[email protected]
Danson Marketing Ltd, United Kingdom