Privacy Policy

01

Who we are

CNR Digital Ltd ("we", "us", "our") is a social media marketing and management company registered in England and Wales (Company No. 17185406). Our registered office is 2 Coppidwell Drive, Aylesbury, England, HP21 9QF. CNR Digital Ltd is the data controller responsible for your personal data under this Privacy Policy. We provide social media management, content creation, paid advertising, and brand strategy services to small businesses in the UK and India.

Our website is cnrdigital.co.uk. For any privacy-related enquiries, please contact us at hello@cnrdigital.co.uk.

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

02

Information we collect

We collect personal information in the following ways:

Contact form submissions — When you fill in our booking form, we collect your name, email address, business name, and any message you provide.
Email correspondence — When you email us directly, we retain that correspondence including your email address and any personal details you share.
Client onboarding — If you become a client, we may collect additional business and billing information necessary to provide our services.
Social media interactions — If you interact with our Facebook or Instagram pages, those platforms collect data in accordance with their own privacy policies.
Website analytics — We may collect anonymised usage data such as pages visited and time spent on site to improve our website.

We do not collect sensitive personal data (such as health, financial, or identity documents) unless you explicitly provide it and it is necessary for the service.

03

How we use your information

We use the information we collect for the following purposes:

To respond to your enquiry and book your free consultation call
To deliver and manage social media marketing services for clients
To communicate updates, reports, or service-related information to clients
To improve our website and understand how visitors use it
To comply with our legal and regulatory obligations

We will never use your information for unsolicited marketing without your consent. The legal basis for processing your data is legitimate interest (responding to enquiries) and contractual necessity (delivering client services).

04

Platform API Access & BrandEngine

CNR Digital Ltd uses an internal automation tool called BrandEngine to schedule and publish social media content on behalf of clients via official platform APIs. BrandEngine is a multi-tenant agency platform that posts to client-owned social media accounts on the client's behalf, under explicit OAuth authorisation granted by the client. The client retains full ownership of and authority over their platform accounts at all times and can revoke access at any moment.

Meta (Facebook & Instagram) Meta App

BrandEngine connects to Meta's Graph API using OAuth access tokens granted by the client to:

Publish posts (text, images, and links) to Facebook Pages managed on behalf of clients
Publish posts to Instagram Business accounts connected to those Pages
Retrieve basic page insights and engagement metrics for reporting purposes

Important — Meta third-party data BrandEngine does not collect, store, or share any personal data from Facebook or Instagram users. The tool only publishes content and reads aggregated, anonymised page metrics (such as reach and impressions). No user-level data from Meta's platforms is accessed, retained, or transmitted to any third party.

BrandEngine uses Meta's official APIs under the Meta Platform Terms and Meta Developer Policies. If you authorise CNR Digital Ltd to manage your Facebook Page or Instagram account, you can revoke access at any time through your Facebook Settings → Business Integrations or via Meta Business Suite. Upon revocation, all automated posting to your accounts will immediately cease.

Google Business Profile Google API

BrandEngine connects to the Google Business Profile API using OAuth access tokens granted by the client to:

Publish posts and updates to client-owned Google Business Profile listings
Retrieve basic post performance data for client reporting
Manage business profile content (descriptions, hours, photos) on behalf of the client

Important — Google account ownership Your Google Business Profile account remains fully under your ownership and control at all times. CNR Digital Ltd accesses your account solely under the OAuth authorisation you explicitly grant. You can revoke access at any time via Google Account → Security → Third-party apps with account access, or through Google Business Profile settings. Upon revocation, all automated posting to your Google Business Profile will immediately cease and your access credentials will be deleted from our systems.

BrandEngine uses Google's official APIs in compliance with the Google API Terms of Service. Access tokens for all platforms are stored securely in encrypted environment files and are never shared with third parties. Meta's own privacy practices are governed by Meta's Privacy Policy; Google's by Google's Privacy Policy.

05

Data sharing

We do not sell, rent, or trade your personal information to third parties. We may share data with:

Service providers — Trusted tools we use to operate (e.g. email, hosting). These are bound by their own privacy policies and data processing agreements.
Legal requirements — If required by law, court order, or regulatory authority in the UK.

Any third-party tools we use (such as Google, Cloudflare, or Meta) process data under their own privacy policies. We only use reputable providers who meet appropriate data protection standards.

06

Data retention

We retain your personal data only for as long as necessary:

Enquiries — Contact form and email enquiries are retained for up to 12 months.
Active clients — Client data is retained for the duration of the contract and up to 3 years afterwards for legal and financial record-keeping.
API access tokens — Platform access tokens (Meta, Google, and any other integrated platforms) are stored only as long as the client relationship is active and deleted upon contract termination or revocation.

You can request deletion of your data at any time (see Your Rights below).

07

Your rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of access — Request a copy of the personal data we hold about you.
Right to rectification — Ask us to correct inaccurate or incomplete data.
Right to erasure — Request deletion of your personal data ("right to be forgotten").
Right to restrict processing — Ask us to limit how we use your data.
Right to data portability — Request your data in a portable format.
Right to object — Object to processing based on legitimate interests.

To exercise any of these rights, email us at hello@cnrdigital.co.uk. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

08

Cookies

Our website may use cookies to improve your browsing experience. Cookies are small text files stored on your device. We use:

Strictly necessary cookies — Required for the website to function. These cannot be disabled.
Analytics cookies — Anonymous usage data to help us understand how visitors use the site (e.g. pages visited, time on site). No personally identifiable information is collected.

You can control cookies through your browser settings. Disabling cookies will not prevent you from using our website but may affect some functionality.

09

Security

We take the security of your data seriously. Our measures include:

All API credentials and access tokens are stored in encrypted environment files, never in source code or public repositories
Our website is served over HTTPS with SSL/TLS encryption via Cloudflare
All key accounts are protected with multi-factor authentication (MFA)
We limit access to personal data to only those who need it to perform their role

While we take every reasonable precaution, no internet transmission is 100% secure. If you have any concerns about data security, please contact us immediately.

10

Contact us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please get in touch:

CNR Digital Ltd
Company No. 17185406
2 Coppidwell Drive, Aylesbury, England, HP21 9QF
Email: hello@cnrdigital.co.uk
Website: cnrdigital.co.uk

This policy was last reviewed on 29 April 2026. We may update it from time to time — the latest version will always be available at this URL.

Contents