herd.Herd

Privacy Policy

Last updated: April 12, 2026

Contents

  1. Introduction
  2. Data Controller
  3. Information We Collect
  4. How We Use Information
  5. Legal Basis for Processing
  6. Information Sharing
  7. Third-Party Services
  8. Cookies & Tracking
  9. Data Security
  10. Data Retention
  11. Your Rights (UK GDPR)
  12. International Transfers
  13. Automated Decision-Making
  14. Children's Privacy
  15. Marketing Communications
  16. Data Breach Procedures
  17. Changes to This Policy
  18. Contact Us

1. Introduction

Herd UK Ltd ("Herd", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains in detail how we collect, use, disclose, and safeguard your information when you use our platform at herduk.co.uk and any related mobile applications or services (collectively, "the Service").

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). We are registered with the Information Commissioner's Office (ICO).

By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Service.

2. Data Controller Information

Herd UK Ltd is the data controller responsible for your personal information. Our details are:

Company Name: Herd UK Ltd
Registered in: England & Wales
Data Protection Contact: privacy@herduk.co.uk

3. Information We Collect

3.1 Information You Provide Directly

Account Registration:

  • Full name
  • Email address
  • Password (stored in encrypted form)
  • Phone number (optional, for 2FA)
  • Account type (Creator, Agency, or Brand)

Profile Information:

  • Display name and bio
  • Profile picture
  • Location and timezone
  • Professional information (niche, industry)
  • Website and portfolio links

Financial Information:

  • Payment card details (processed securely via Stripe - we do not store full card numbers)
  • Bank account details for receiving payments (encrypted at rest)
  • Billing address
  • VAT number (for business accounts)
  • Tax identification information where required by law

Content You Create:

  • Posts, drafts, and scheduled content
  • Messages and communications
  • Invoices and contracts
  • Notes and comments
  • Uploaded files and media

3.2 Information from Social Media Platforms

When you connect your social media accounts, we access information through official APIs in accordance with each platform's terms. We may collect:

TikTok:

  • Public profile (username, display name, avatar, bio)
  • Follower and following counts
  • Video content and performance metrics (views, likes, comments, shares)
  • Account analytics and audience demographics

Instagram:

  • Business or Creator account profile information
  • Follower counts and growth data
  • Media content and engagement metrics
  • Stories insights and reach data
  • Audience demographics (age, gender, location)

YouTube:

  • Channel information and branding
  • Subscriber counts
  • Video content and performance analytics
  • Revenue data (if authorized)

X (Twitter):

  • Profile information
  • Follower and following counts
  • Tweet content and engagement metrics
  • Direct messages (only with explicit consent)

Facebook:

  • Page information (for Page connections)
  • Post content and engagement
  • Page insights and audience data

Kick (when enabled):

  • Channel profile information and identifiers
  • Livestream performance metrics and audience signals
  • Messaging metadata needed for inbox and engagement workflows

3.3 Automatically Collected Information

Device & Technical Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device type and identifiers
  • Screen resolution
  • Language preferences

Usage Information:

  • Pages and features visited
  • Time spent on pages
  • Click patterns and navigation paths
  • Search queries within the Service
  • Error logs and performance data
  • Referring and exit pages

Location Information:

  • Approximate location derived from IP address
  • Timezone settings
  • Precise location only if explicitly permitted by you

4. How We Use Your Information

4.1 Service Provision

  • Creating and managing your account
  • Providing dashboard features and analytics
  • Processing content scheduling and publishing
  • Facilitating brand partnerships and deals
  • Processing payments and managing subscriptions
  • Generating invoices and financial reports

4.2 Communication

  • Sending transactional emails (receipts, confirmations, alerts)
  • Providing customer support
  • Notifying you of important account or service changes
  • Sending marketing communications (with your consent)

4.3 Improvement & Development

  • Analyzing usage patterns to improve features
  • Conducting research and analytics
  • Testing new features and functionality
  • Personalizing your experience

4.4 Safety & Security

  • Detecting and preventing fraud
  • Protecting against unauthorized access
  • Enforcing our Terms of Service
  • Complying with legal obligations

6. Information Sharing & Disclosure

6.1 With Your Consent

  • Brands/Partners: When you apply for or accept partnerships, relevant profile information is shared
  • Public Profile: Information you choose to make public in the Directory
  • Agencies: If you connect with an agency, they may access your performance data

6.2 Service Providers

We share information with third-party providers who help us operate the Service. These providers are bound by data processing agreements and can only use your data for specified purposes:

  • Stripe: Payment processing and subscription management
  • Supabase: Database hosting and authentication
  • Vercel: Website hosting and edge functions
  • Resend: Transactional email delivery
  • Twilio: SMS notifications and 2FA
  • OpenAI: AI-assisted content and transcript processing where enabled

6.3 Legal Requirements

We may disclose your information if required to:

  • Comply with applicable law, regulation, or legal process
  • Respond to lawful requests from public authorities
  • Protect our rights, privacy, safety, or property
  • Enforce our Terms of Service
  • Protect against legal liability

6.4 What We Do NOT Do

  • We do not sell your personal information to third parties
  • We do not share your data for third-party advertising purposes
  • We do not provide your data to data brokers

7. Third-Party Services

Our Service integrates with various third-party platforms. When you connect these services, their privacy policies apply to their handling of your data:

TikTok: Privacy Policy

Meta (Instagram/Facebook): Privacy Policy

YouTube/Google: Privacy Policy

X (Twitter): Privacy Policy

Kick (when enabled): Privacy information is provided through Kick's legal pages.

Stripe: Privacy Policy

8. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

8.1 Types of Cookies We Use

Essential Cookies:

  • Authentication and session management
  • Security features (CSRF protection)
  • Load balancing
  • User preferences (language, theme)

Analytics Cookies:

  • Understanding how you use our Service
  • Measuring performance and errors
  • Improving features based on usage patterns

8.2 Managing Cookies

You can manage cookies through your browser settings and relevant provider opt-out tools. We do not currently provide a persistent in-product cookie preference center in the footer. If we roll out non-essential cookie controls in-product, we will request consent before enabling them.

9. Data Security

We implement comprehensive technical and organizational measures to protect your data:

9.1 Technical Measures

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Regular security audits and penetration testing
  • Secure password hashing (bcrypt)
  • Two-factor authentication (2FA) options
  • Rate limiting and DDoS protection

9.2 Organizational Measures

  • Staff security training and awareness programs
  • Access controls based on role and necessity
  • Confidentiality agreements with all staff
  • Regular security policy reviews
  • Incident response procedures

9.3 Your Responsibilities

You can help protect your account by:

  • Using a strong, unique password
  • Enabling two-factor authentication
  • Not sharing your login credentials
  • Logging out on shared devices
  • Reporting suspicious activity immediately

10. Data Retention

We retain your data only as long as necessary for the purposes outlined in this policy:

Data TypeRetention Period
Account dataDuration of account + 90 days after deletion request
Transaction records7 years (UK tax requirements)
Invoices and contracts7 years (legal compliance)
Support communications3 years from last contact
Marketing consent recordsDuration of consent + 2 years
Analytics data26 months (anonymized thereafter)
Security logs12 months

11. Your Rights Under UK GDPR

As a data subject, you have the following rights regarding your personal data:

11.1 Right of Access

You can request a copy of all personal data we hold about you. We will provide this within one month of your request in a commonly used electronic format.

11.2 Right to Rectification

You can request correction of any inaccurate or incomplete personal data. You can also update most information directly in your account settings.

11.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • The data is no longer necessary for its original purpose
  • You withdraw consent (where processing is based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

11.4 Right to Restriction of Processing

You can request that we limit how we use your data in certain circumstances.

11.5 Right to Data Portability

You can request your data in a structured, machine-readable format (JSON or CSV) to transfer to another service provider.

11.6 Right to Object

You can object to processing based on legitimate interests, including profiling. You can also object to direct marketing at any time.

11.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@herduk.co.uk. We will respond within one month. If your request is complex, we may extend this by two months, but we will inform you of any delay.

12. International Data Transfers

Some of our service providers may process data outside the UK. When this occurs, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries deemed adequate by the UK Government
  • Standard Contractual Clauses (SCCs): UK-approved SCCs with each provider
  • Supplementary Measures: Additional technical and organizational measures where needed

You can request information about the specific safeguards we use by contacting privacy@herduk.co.uk.

13. Automated Decision-Making & Profiling

13.1 How We Use Automated Processing

We use automated processing for:

  • Fraud Detection: Automated systems identify potentially fraudulent activity
  • Content Recommendations: Suggesting relevant features based on usage
  • Performance Analytics: Calculating engagement rates and metrics
  • Account Risk Assessment: Identifying accounts that may violate our terms

13.2 Your Rights

We do not make fully automated decisions that produce legal or similarly significant effects without human review. If you believe an automated decision has significantly affected you, you can request human review by contacting us.

14. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected data from a child under 18 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us at privacy@herduk.co.uk.

15. Marketing Communications

15.1 Types of Marketing

With your consent, we may send you:

  • Product updates and new features
  • Tips and best practices
  • Industry news and trends
  • Partnership opportunities
  • Promotional offers

15.2 Managing Preferences

You can manage your marketing preferences by:

  • Clicking "Unsubscribe" in any marketing email
  • Updating preferences in Settings → Notifications
  • Contacting us at privacy@herduk.co.uk

Note: You will still receive essential transactional communications even if you opt out of marketing.

16. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify the ICO within 72 hours of becoming aware of the breach
  • If the breach is likely to result in high risk to you, we will notify you without undue delay
  • Our notification will describe the nature of the breach, likely consequences, and measures taken
  • We will provide recommendations for steps you can take to protect yourself

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

  • We will notify you of material changes by email or prominent notice on the Service
  • Minor changes will be reflected in the "Last updated" date
  • Continued use of the Service after changes constitutes acceptance
  • We encourage you to review this policy periodically

18. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have a complaint about how we handle your data, please contact us:

Data Protection Contact
Herd UK Ltd
Email: privacy@herduk.co.uk
Website: https://herduk.co.uk

Supervisory Authority
You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk