Privacy Policy
We take your privacy seriously. This policy explains what data we collect, why we collect it, and how we use it. If you have any questions, email us at priya@lotusdigitalflow.com.
1. Who we are
Lotus Digital Flow is a social media content service for Thai massage shops across the UK, operated by Priya (trading as Lotus Digital Flow). Our website is social.lotusdigitalflow.com.
2. What data we collect
We collect the following information when you use our site or purchase a service:
- Contact information โ name, email address, phone number, business name, and city, provided when you enquire or purchase.
- Payment information โ handled entirely by Stripe (for one-off payments) or GoCardless (for monthly subscriptions). We do not store your card details. We receive confirmation of payment and the email address used.
- Business information โ your shop's social media handles and website, if you provide them as part of onboarding.
- Communications โ any messages you send us via email or WhatsApp.
- Usage data โ anonymous analytics on how visitors use our site (pages visited, time on page). No personal identifiers are collected via analytics.
3. How we use your data
- To deliver the service you purchased (content plans, edited videos, WhatsApp support).
- To send you your monthly content plans and filming briefs.
- To process payments and send receipts.
- To respond to your enquiries.
- To improve our service based on how clients use it.
We do not sell your data to third parties. We do not use your data for advertising.
4. Legal basis for processing (UK GDPR)
- Contract performance โ processing is necessary to fulfil the service you purchased.
- Legitimate interests โ we may contact you about your ongoing service or relevant updates.
- Legal obligation โ we retain financial records as required by HMRC.
5. Who we share data with
We share your data only with service providers necessary to run the business:
- Stripe โ payment processing (stripe.com)
- Google โ email (Gmail) and file sharing (Google Drive)
- Supabase โ secure database hosting
- WhatsApp (Meta) โ client communication
All providers are GDPR-compliant. No data is transferred outside the UK/EEA without appropriate safeguards.
6. Cookies
Our site uses cookies for:
- Analytics โ to understand how visitors use the site (anonymised).
- Payment processing โ Stripe uses cookies to detect fraud and process payments securely.
- Preferences โ to remember your cookie consent choice.
You can dismiss the cookie banner to consent, or adjust your browser settings to block cookies. Blocking cookies may affect payment functionality.
7. How long we keep your data
- Client records โ for the duration of the service plus 6 years (HMRC requirement).
- Enquiries that did not convert โ 12 months, then deleted.
- Payment records โ 6 years as required by law.
8. Your rights (UK GDPR)
You have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data (subject to legal retention requirements).
- Object to processing based on legitimate interests.
- Withdraw consent at any time (where consent is the basis for processing).
- Lodge a complaint with the ICO (ico.org.uk).
To exercise any of these rights, email priya@lotusdigitalflow.com. We will respond within 30 days.
9. Security
We use industry-standard security measures to protect your data, including encrypted data storage and secure payment processing via Stripe. We never store payment card details ourselves.
10. Changes to this policy
We may update this policy from time to time. The date at the top of this page reflects when it was last updated. Continued use of our service after changes constitutes acceptance of the updated policy.
11. Contact
Questions about this policy or how we handle your data: