Privacy Policy

1. Who is responsible for your data?

The data controller for personal data processed in connection with this website and the marketing and intake services described below is Sahil Media. For any question about this policy or your personal data, please use the contact details in Section 16 below.

2. Scope of this policy

This policy applies to personal data we process when you:

• visit or browse our public website;
• use our cookie preference tools or similar consent features;
• submit enquiries, contact forms, or “request a project” / sample request flows;
• communicate with us by email, phone, or messaging channels we operate;
• access or use authenticated or account-based areas of our platform, where applicable.

3. What data we collect

Depending on how you interact with us, we may process the following categories of information:

• Identity and contact data: name, organisation, job role or persona you choose to share, email address, phone number, and similar details you provide in forms or messages.
• Project and brief content: free-text descriptions of your needs, campaign goals, language preferences, service selections, and similar information you submit to help us scope work.
• Reference and media uploads: files or links you attach (for example brand assets or references). Technical metadata about uploads (such as file names, types, or counts) may be processed even when the file content is stored separately.
• Technical and usage data: IP address, device and browser type, operating system, approximate location derived from IP, pages viewed, referring URLs, timestamps, and diagnostic or performance data from our hosting stack.
• Cookie and consent records: identifiers and preference choices associated with optional analytics or marketing tags, including records managed through our consent management platform (see Section 6).
• Account and authentication data: where you use sign-in features, we may process identifiers, session tokens, security logs, and related account information as required to operate authentication.
• Communications: content of emails, chat, or support tickets you send us, including attachments.

4. How we use your data (purposes)

We use personal data only where we have a lawful basis under applicable data protection law. Typical purposes include:

• Responding to enquiries and delivering proposals or information you asked for (contract steps or legitimate interests in operating our business).
• Processing and triaging project or media requests, including internal notifications to our team (performance of a contract or pre-contract steps; legitimate interests in efficient intake).
• Operating, securing, and improving our website and services, including troubleshooting, abuse prevention, and aggregated analytics (legitimate interests; consent where required for non-essential cookies or marketing tags).
• Complying with legal obligations (for example tax, accounting, or regulatory requests).
• Sending service-related messages (for example confirmations or status updates) where necessary.

5. Legal bases (summary)

Where the GDPR or similar laws apply, we rely on one or more of the following legal bases, depending on the activity:

• Consent — for example where you accept optional cookies or marketing communications, or where we ask for explicit consent for a specific processing activity.
• Performance of a contract — when we need your data to deliver services you requested or to take steps before entering a contract.
• Legitimate interests — for example securing our systems, understanding how our website is used in aggregate, improving our offerings, and internal administration, where not overridden by your rights.
• Legal obligation — where we must retain or disclose information to comply with the law.

6. Cookies, similar technologies, and Usercentrics

We use cookies and similar technologies (such as local storage or pixels) for essential operation of the site, to remember preferences, and — only with your consent where required by law — for analytics or marketing measurement.

Where we implement a consent management platform, we may use Usercentrics GmbH (Usercentrics) or an equivalent provider to present cookie choices, record consent decisions (including timestamps and categories accepted or declined), and control the loading of optional scripts. In that case, Usercentrics may process limited technical and configuration data on our behalf as a processor. You can read more about how Usercentrics handles data in Usercentrics’ own privacy documentation published at usercentrics.com.

You can change or withdraw optional cookie choices at any time through the cookie preference centre linked in our cookie banner or footer, where available.

7. Sharing of data and subprocessors

We do not sell your personal data. We may share information with the following categories of recipients, strictly as needed for the purposes above:

• Infrastructure and hosting providers (for example Vercel or comparable edge/serverless platforms) that process requests, logs, and content in order to deliver the site and APIs.
• Database, authentication, and file storage providers (for example Supabase) used to store form submissions, project data, uploads, and session-related information under our instructions.
• Messaging or notification channels we use internally to alert our team to new requests (for example WhatsApp Business or similar), limited to the information needed for that notification.
• Professional advisers (lawyers, accountants) where required.
• Authorities or other third parties when we believe disclosure is required by law or to protect rights, safety, and security.

8. International transfers

Our service providers may process data in the European Economic Area, the United Kingdom, the United States, and other countries. Where personal data is transferred from the EEA, UK, or Switzerland to countries not recognised as providing an adequate level of protection, we rely on appropriate safeguards such as the EU Commission Standard Contractual Clauses (and UK Addendum where applicable), supplemented by technical and organisational measures as required.

9. Retention

We retain personal data only for as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law. Factors include whether you have an ongoing relationship with us, whether we must keep records for legal, tax, or accounting reasons, and whether retention is advisable in light of our legal position (for example for disputes). Marketing and intake records are typically retained for the duration of the business relationship and a reasonable period afterwards unless a different retention schedule applies to your case.

10. Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include access controls, encryption in transit where appropriate, separation of environments, and monitoring. No method of transmission over the Internet is completely secure; we encourage you to use strong passwords and to protect your devices.

11. Your rights

Depending on your location, you may have some or all of the following rights in relation to your personal data:

• Access — to obtain confirmation of processing and a copy of certain data we hold about you.
• Rectification — to correct inaccurate or incomplete data.
• Erasure — to request deletion of your data in certain circumstances.
• Restriction — to ask us to limit processing in certain situations.
• Objection — to object to processing based on legitimate interests, including profiling in some cases.
• Data portability — to receive structured, commonly used data you provided, where processing is based on consent or contract and is automated.
• Withdraw consent — where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
• Lodge a complaint — with a supervisory authority in your country of residence or the country where you believe an issue has arisen.

12. Automated decision-making

We do not use fully automated decision-making that produces legal or similarly significant effects solely based on automated processing of your personal data in connection with the marketing website and intake flows described here. If that changes, we will update this policy and provide any additional information required by law.

13. Children

Our services are directed at businesses and adult professionals. We do not knowingly collect personal data from children under the age where parental consent is required in their jurisdiction. If you believe we have collected such data, please contact us and we will take steps to delete it.

14. Third-party sites

Our website may contain links to third-party websites or integrations. This policy does not apply to those sites. We encourage you to read their privacy notices before providing personal data.

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or organisational structure. The “Last updated” date at the bottom of this page will be revised when we publish changes. Where changes are material, we will provide a more prominent notice or seek consent if required by law.

16. Contact

For privacy-related requests or questions about this policy, you can contact us at hello@sahilmedia.ly. We will respond within a reasonable period, in line with applicable law. You may also use the contact options provided on our website’s contact page.

Last updated: 26 April 2026.