Legal
Privacy Policy
Last updated: 10 July 2026
This Privacy Policy explains how The Content Lab NI LTD (“The Content Lab”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit our website, book a studio session, use our client portal, or otherwise engage our services. We are the data controller for the personal data described in this policy.
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy should be read alongside our Terms & Conditions.
1. Who We Are
The Content Lab NI LTD is a content production studio based at Unit 13, Ormeau Business Park, Belfast BT7 2JA. For any privacy query, or to exercise any of the rights described in this policy, contact us at info@thecontentlab.co.uk.
2. Personal Data We Collect
Contact and account details. Name, email address, phone number, company name, and role — provided when you book a session, create a portal account, are added as a team member by your organisation, or contact us.
Booking and service records. Session dates and times, studio setup, add-ons, membership tier, hour allocations and usage, content plans, and delivery records.
Payment information. Payments are processed by Stripe. We receive confirmation of payment, the amount, and a reference — we never see or store your full card details.
Sign-in data. If you sign in with an email code we process your email address. If you sign in with Google or Microsoft we receive your name, email address, and basic profile from that provider — nothing more, and never your password.
Recordings and content. Audio and video recorded during your sessions, and material you upload to the portal. Ownership and retention of recordings are covered in our Terms & Conditions.
Technical data. Essential cookies and standard server logs (IP address, browser type, pages requested) needed to operate the site securely. We do not run advertising or analytics trackers.
3. How We Use Your Data & Our Lawful Bases
To provide our services (lawful basis: performance of a contract) — taking and administering bookings, operating your portal account, managing hour allocations, producing and delivering content, and processing payment.
To communicate with you (contract and legitimate interests) — booking confirmations, sign-in codes, session reminders, delivery notifications, and responses to your enquiries.
To keep our business and clients safe (legitimate interests) — securing accounts, preventing fraud and misuse, and maintaining audit records of account activity.
To meet our legal obligations (legal obligation) — retaining invoicing and accounting records as required by UK tax law.
With your consent — where we ask for it specifically, for example before using recognisable client content for promotional purposes beyond what is agreed in our Terms. You can withdraw consent at any time.
4. Who We Share Data With
We never sell personal data. We share it only with service providers (“processors”) who help us run the business, under contracts that restrict how they may use it:
Supabase — database, authentication, and file storage for the booking system and client portal. Stripe — payment processing. Resend — transactional email delivery. Google — sign-in (if you choose it), calendar scheduling, and Google Meet links for strategy sessions. Microsoft — sign-in (if you choose it). Vercel — website hosting. Cloudflare — network and DNS services.
We may also disclose personal data where required by law, or to professional advisers (e.g. accountants) under duties of confidentiality.
5. International Transfers
Some of our processors store or process data outside the UK, including in the United States and the European Economic Area. Where they do, transfers are protected by UK adequacy regulations or appropriate safeguards such as the UK International Data Transfer Agreement / Addendum and standard contractual clauses, as set out in each processor’s published data-processing terms.
6. How Long We Keep Data
Account and booking records — for the duration of our relationship with you or your organisation, and for a reasonable period afterwards in case you return or a dispute arises.
Invoices and financial records — at least six years, as required by UK tax law.
Raw session footage — sixty (60) days after the recording session, unless a longer storage arrangement is agreed (see our Terms).
When data is no longer needed we delete or anonymise it. You can request earlier deletion at any time (see section 8).
7. Cookies
We use essential cookies only: authentication cookies that keep you signed in to the client portal, and cookies set by Stripe during checkout for payment security and fraud prevention. These are necessary for the site to function and do not require consent under UK law.
We do not use advertising cookies, analytics trackers, or any third-party marketing technology on this site.
8. Your Rights
Under the UK GDPR you have the right to: access the personal data we hold about you; have inaccurate data corrected; have data erased where there is no continuing need for us to hold it; restrict or object to certain processing; receive a copy of data you provided to us in a portable format; and withdraw consent where processing is based on consent.
To exercise any of these rights, email info@thecontentlab.co.uk. We will respond within one month.
You also have the right to complain to the UK supervisory authority, the Information Commissioner’s Office (ICO): ico.org.uk or 0303 123 1113. We would appreciate the chance to address your concern first.
9. Security
Personal data is encrypted in transit, stored with access controls and row-level security, and accessible only to those who need it to provide our services. Payment card data is handled entirely by Stripe, a PCI-DSS Level 1 certified provider. No system is perfectly secure, but we review our safeguards regularly and will notify you and the ICO of any breach where the law requires it.
10. Children
Our services are provided to businesses and individuals aged 18 or over, and our website is not directed at children. We do not knowingly collect personal data from children. Where minors appear as on-camera contributors, the client is responsible for obtaining appropriate parental or guardian consent (see our Terms).
11. Changes to this Policy
We may update this policy from time to time — for example when we change service providers or add features. The current version will always be published on this page with its “last updated” date. Material changes will be communicated to active clients directly.
12. Contact
The Content Lab NI LTD, Unit 13, Ormeau Business Park, Belfast BT7 2JA. Email: info@thecontentlab.co.uk.