Legal

Privacy policy

Last updated: March 2026

Who we are

Mad Social is a trading name of O'Hanlon Potter Enterprise Limited, a company registered in Scotland. We provide e-commerce marketing services including social advertising, email marketing, and marketing audits.

Our website is madsocial.co.uk. You can contact us at hello@madsocial.co.uk.

For the purposes of UK GDPR, O'Hanlon Potter Enterprise Limited is the data controller for personal data collected through this website and our services.

What data we collect

We collect personal data in the following ways:

Via our audit and contact forms

  • Name and email address
  • Business name and website URL
  • Monthly advertising spend and revenue (approximate)
  • Any other information you choose to provide

Via Meta / Facebook connection (Mad Social Marketing Suite)

When you connect your Facebook account through our marketing suite application, we request read-only access to your ad account data using the ads_read permission. This includes:

  • Ad campaign performance data (impressions, clicks, spend, conversions)
  • Ad account identifiers
  • Audience and targeting metadata

We do not request permission to create, edit, or delete any content on your behalf. Access is strictly read-only and used solely to perform marketing audits.

Automatically collected data

  • Session cookies for authentication purposes (these do not track you across other websites)
  • Basic server logs (IP address, browser type, page visited) retained for security purposes

We do not use advertising tracking cookies or sell your data to third parties.

Why we collect it

We collect and process your data for the following purposes:

  • To provide our services - including performing marketing audits, creating strategy recommendations, and managing campaigns on your behalf
  • To communicate with you - responding to enquiries and delivering service-related communications
  • To improve our services - understanding how our tools are used in aggregate

Our lawful basis for processing is legitimate interests (for enquiry data) and contract performance (for data collected as part of delivering services you have engaged us for).

How we store your data

Data collected through our marketing suite and portal is stored in Supabase, a hosted database platform. Data is encrypted at rest and in transit. Supabase operates servers in the EU region.

Contact form submissions may be stored in HubSpot CRM, which is hosted in the United States. HubSpot is certified under the EU-US Data Privacy Framework. You can view HubSpot's privacy information at legal.hubspot.com.

We take reasonable technical and organisational measures to protect your data from unauthorised access, loss, or disclosure.

Third parties

We share data with the following third parties only to the extent necessary to provide our services:

  • Meta Platforms Inc. (Facebook) - to connect to and read ad account data via the Facebook Login API. Meta's data practices are governed by their own privacy policy at facebook.com/privacy/policy.
  • Supabase Inc. - database hosting. Data stored in EU region.
  • HubSpot Inc. - CRM for enquiry and contact management.

We do not sell, rent, or share your personal data with any other third parties for marketing purposes.

Data retention

We retain your personal data for as long as your client relationship with us is active. If you are a prospective client who did not proceed, we retain enquiry data for up to 12 months.

Connected platform tokens (such as Facebook access tokens) are retained for as long as the connection is active. You can revoke this access at any time - see the section on your rights below.

On request, we will delete your personal data within 30 days. See our data deletion instructions for more information.

Your rights under UK GDPR

Under UK GDPR, you have the following rights:

  • Right of access - you can request a copy of the personal data we hold about you
  • Right to rectification - you can ask us to correct inaccurate data
  • Right to erasure - you can ask us to delete your personal data
  • Right to restrict processing - you can ask us to limit how we use your data
  • Right to data portability - you can ask for your data in a portable format
  • Right to object - you can object to processing based on legitimate interests

To exercise any of these rights, email us at hello@madsocial.co.uk with the subject line "Data Rights Request". We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

We use session cookies to maintain authentication state when you are logged into our client portal or marketing suite. These cookies:

  • Are deleted when you close your browser (session cookies)
  • Do not track you across other websites
  • Are not used for advertising purposes

We do not use third-party advertising or tracking cookies.

Changes to this policy

We may update this privacy policy from time to time. When we do, we will update the "last updated" date at the top of this page. If we make significant changes, we will notify active clients by email.

Contact

If you have any questions about this privacy policy or how we handle your data, please contact us at hello@madsocial.co.uk.