Back to Home

Privacy Policy

Last updated: March 20, 2026

Your privacy is of utmost importance to us. This Privacy Policy explains how Call Me Fred – adsyme Ltd (company number 08301982), operating RadioSiteMaker.com ("the Service"), collects, uses, stores, and protects your personal data.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller responsible for your personal data is:

• Call Me Fred – adsyme Ltd
• 86-90 Paul Street, London EC2A 4NE, United Kingdom
• Email: [email protected]

2. Data We Collect

We collect the following types of data:

Account information: When you register, we collect your name, email address, and password (stored as a bcrypt hash). If you sign in via Google OAuth, we receive your name and email from Google.

Station content: Any content you upload to the Service (images, text, audio, logos) is stored on our servers and/or cloud storage to operate your station website.

Payment information: Payment is processed by Stripe. We do not store your full credit card number. We may store your Stripe customer ID and subscription status for billing purposes.

Technical data: We automatically collect IP address, browser type, device information, and pages visited for security and analytics purposes.

We do not collect any special category data (e.g. health, biometric, or political data).

3. How We Use Your Data

We use your data for the following purposes:

• Service delivery: To create and manage your account, host your station website, and provide platform features
• Communication: To send transactional emails (account verification, password resets, subscription receipts) and important service updates
• Security: To protect against fraud, abuse, and unauthorised access
• Analytics: To understand usage patterns and improve the Service
• Legal compliance: To comply with applicable laws and regulations

We will never sell, rent, or trade your personal data to third parties.

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contractual necessity: Processing required to deliver the Service you have subscribed to
• Legitimate interests: Security monitoring, fraud prevention, and service improvement
• Consent: Where you have explicitly opted in (e.g. marketing communications)
• Legal obligation: Where required by applicable law

5. Cookies & Analytics

RadioSiteMaker.com uses the following cookies and similar technologies:

Essential cookies: Session cookies required for the Service to function (e.g. keeping you logged in, CSRF protection). These are automatically deleted when you close your browser or when your session expires.

Analytics: We use PostHog, a product analytics platform, to understand how visitors interact with the Service. PostHog may set cookies or use local storage to distinguish unique users and sessions. The data collected includes pages visited, clicks, scroll depth, and browser/device information. This data is used solely to improve the Service and is not shared with third parties for advertising purposes. PostHog processes data on servers located in the United States. For more information, see PostHog's Privacy Policy.

We do not use cookies for advertising, profiling, or cross-site tracking purposes.

6. Third-Party Services

We use the following third-party services to operate the platform:

• PostHog: Product analytics. PostHog collects anonymised usage data to help us understand how the Service is used and improve the user experience. See PostHog's Privacy Policy.
• Stripe: Payment processing. Stripe processes your payment data under their own privacy policy.
• Google OAuth: Optional sign-in method. Google shares only your name and email when you choose to sign in with Google.
• Resend: Transactional email delivery. We share your email address with Resend solely for sending account-related emails.
• Cloudflare R2: Cloud storage for uploaded files (images, audio). Files are stored securely and accessed only through the Service.

All third-party processors are bound by Data Processing Agreements and process data only on our instructions.

7. Data Retention

• Account data: Retained for as long as your account is active. Upon account deletion or 30 days after subscription expiry (if not renewed), your account data will be permanently deleted.
• Station content: Retained for as long as your subscription is active, plus a 30-day grace period after expiry.
• Technical/log data: Retained for up to 12 months for security and analytics purposes.
• Payment records: Retained for up to 7 years as required by UK tax law.

8. Your Rights

Under the UK GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing: Request that we limit how we use your data
• Right to data portability: Request your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Where processing is based on consent, you may withdraw at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• SSL/TLS encryption for all data in transit
• Passwords stored using bcrypt hashing (never in plain text)
• CSRF protection on all forms
• Access controls and authentication for all admin interfaces
• Regular security reviews of our codebase and infrastructure

10. International Data Transfers

Some of our third-party processors (Stripe, Cloudflare) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and reliance on adequacy decisions where applicable.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete it.

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours
• Notify affected users without undue delay where the breach poses a high risk

13. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or through the Service. The "last updated" date at the top of this page indicates when the policy was last revised.

14. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113

15. Contact

For any privacy-related questions or requests, please contact us:

• Email: [email protected]
• Call Me Fred – adsyme Ltd, 86-90 Paul Street, London EC2A 4NE, United Kingdom