Convertico

Privacy Policy

Last updated: March 2026

1. Who We Are

Convertico is a digital growth agency based in Cambridge, UK. We help expert-led businesses turn their existing audiences into qualified leads and long-term clients through scorecards, qualification funnels, and growth systems.

Our registered address is Unit F, South Cambridgeshire Business Park, Babraham Road, Sawston, Cambridge, CB22 3JH. For any data-related queries, you can reach us at support@convertico.co.uk.

For the purposes of UK GDPR and the Data Protection Act 2018, Convertico is the data controller for information collected through this website.

2. What Data We Collect

We collect personal data through the following touchpoints on our website:

Contact Enquiries

When you submit our contact form, we collect your first name, last name, email address, phone number (optional), the service you are interested in, and the message you provide.

Newsletter Sign-Up

When you subscribe to our newsletter, we collect your first name, last name, and email address.

Services Guide (Brochure) Download

When you request our Services Guide, we collect your first name, last name, business name (optional), email address, and phone number (optional) in order to send the document to you.

Strategy Session Booking & Payment

When you purchase a Strategy Session, we collect your name and email address to create a payment record. Payment card details are entered directly into and processed by Stripe — we do not store, see, or have access to your card information at any point.

Discovery Call Booking

When you book a discovery call, your name, email address, and any information you provide during booking are collected directly by our calendar booking system (GoHighLevel). Please refer to GoHighLevel's privacy policy for further detail on how they handle this data.

Technical & Usage Data

We automatically collect limited technical data when you visit our website, including your IP address, browser type, operating system, pages visited, and the time and date of your visit. This data is used for security, analytics, and to improve the site.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To respond to your enquiry and provide any services you have requested
  • To send you our Services Guide when you have requested it
  • To process your Strategy Session payment and fulfil the service
  • To send our newsletter and marketing communications to subscribers who have opted in
  • To add you to our CRM (GoHighLevel) so we can manage our relationship with you and communicate appropriately
  • To send you internal notifications about new enquiries or purchases (Convertico staff only)
  • To analyse website usage and improve our content and user experience
  • To comply with our legal and regulatory obligations

We will never sell your personal data to third parties.

4. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Consent – when you subscribe to our newsletter or request our Services Guide, you are actively opting in to receive communications from us. You may withdraw your consent at any time by contacting us or using any unsubscribe link.
  • Contract performance – when you purchase a Strategy Session, processing your data is necessary to deliver the service you have paid for.
  • Legitimate interests – when you submit a contact enquiry, we have a legitimate interest in responding to you and managing our business relationships. We also have a legitimate interest in maintaining website security and improving our services.

5. Third-Party Services & Data Processors

We use the following trusted third-party services to operate our website and business. Where these services act as data processors on our behalf, they are bound by appropriate data processing agreements.

GoHighLevel (HighLevel Inc.)

Our CRM, email automation, and calendar booking platform. When you submit any form on this website or book a call, your contact details are stored in GoHighLevel and tagged so we can manage and respond to your enquiry appropriately. GoHighLevel is based in the United States — see the international transfers section below.

GoHighLevel Privacy Policy →

Stripe

Our payment processing provider for the Strategy Session purchase. Stripe handles all payment card data directly. We do not store or have access to your card details. Stripe is PCI-DSS compliant.

Stripe Privacy Policy →

Microsoft (Outlook / Microsoft 365)

We use Microsoft 365 to send transactional emails — including enquiry confirmations, Services Guide delivery, newsletter welcome emails, and internal notifications. Email content may pass through Microsoft's servers.

Microsoft Privacy Statement →

Replit / PostgreSQL (Hosting & Database)

Our website and API server are hosted on Replit infrastructure. Form submissions (contact enquiries, newsletter sign-ups, brochure requests) are stored in a PostgreSQL database hosted by Replit. Data is held securely and access is restricted to authorised Convertico personnel.

6. International Data Transfers

Some of our third-party service providers, in particular GoHighLevel and Stripe, are based in or process data in the United States. Whenever we transfer personal data outside the UK, we ensure appropriate safeguards are in place — typically through Standard Contractual Clauses (SCCs) approved under the UK GDPR international transfer framework, or through the UK–US Data Bridge where applicable.

If you have questions about how your data is protected when transferred internationally, please contact us at support@convertico.co.uk.

7. Data Retention

We retain personal data only for as long as necessary:

  • Contact enquiries – retained for up to 3 years from the date of enquiry, or longer if an ongoing business relationship exists
  • Newsletter subscribers – retained for as long as you remain subscribed; deleted within 30 days of an unsubscribe request
  • Brochure leads – retained for up to 2 years
  • Payment records – retained for 7 years in line with HMRC requirements
  • Technical/usage data – retained for up to 12 months

You may request deletion of your data at any time by contacting us.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access – request a copy of the personal data we hold about you
  • Rectification – request correction of any inaccurate or incomplete data
  • Erasure – request deletion of your personal data (subject to any legal obligations we have to retain it)
  • Restriction – request that we restrict how we process your data in certain circumstances
  • Portability – request a copy of your data in a structured, machine-readable format
  • Object – object to processing based on legitimate interests
  • Withdraw consent – where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please email support@convertico.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully.

9. Cookies

Our website uses cookies and similar technologies to ensure the site functions correctly and to analyse how it is used. We use the following types of cookies:

  • Essential cookies – necessary for the website to function and cannot be switched off
  • Analytics cookies – help us understand how visitors use our site so we can improve it
  • Functional cookies – used by embedded third-party tools (e.g. the GoHighLevel calendar booking widget)

You can manage or disable cookies through your browser settings at any time. Disabling certain cookies may affect the functionality of some parts of the site.

10. Marketing Communications

We only send marketing emails — including our newsletter — to people who have explicitly opted in. Every marketing email includes an unsubscribe link. You can also opt out at any time by emailing support@convertico.co.uk.

Where you have made a purchase or enquiry, we may contact you with information directly related to that service. This is based on our legitimate interests and the existing relationship between us.

11. Children's Privacy

Our website and services are intended for business professionals and are not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it promptly.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. The current version will always be available on this page with the date it was last updated. Where changes are significant, we will take reasonable steps to notify you.