GDPR Compliance

Last updated: 13 August 2025

Smart Stream Pro is committed to protecting your privacy and ensuring that all personal data is handled in compliance with the UK GDPR (General Data Protection Regulation), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

This page explains how we comply with GDPR, in addition to our Privacy Policy and Cookie Policy.

1. Our Role

You (our customer) act as the Data Controller for the personal data you upload into our platform (your leads, customers, bookings, etc.).

We (Smart Stream Pro) act as the Data Processor when handling that data on your behalf.

We also act as a Data Controller for your own account information (e.g., billing details, login credentials).

2. Our Legal Basis for Processing

We process personal data under the following lawful bases:

Contract: to provide our services and fulfil our agreement with you.

Consent: when you opt in to receive marketing from us.

Legitimate interest: to improve our services, maintain security, and prevent abuse.

Legal obligation: to comply with financial, tax, and regulatory requirements.

3. Subprocessors We Use

To provide our services, we work with trusted providers (“subprocessors”):

GoHighLevel (automation platform)

Twilio (SMS/calls)

Stripe/PayPal/GoCardless (payment processing)

Google & Meta (analytics/advertising integrations if enabled by you)

We have signed Data Processing Agreements (DPAs) with these providers. Some process data in the United States, safeguarded by the UK Addendum to the EU Standard Contractual Clauses.

4. Data Subject Rights

Under GDPR, you have rights over your personal data, including:

Access to the data we hold about you.

Correction of inaccuracies.

Erasure (“right to be forgotten”).

Restriction or objection to processing.

Data portability.

The right to withdraw consent at any time.

To exercise these rights, contact: [email protected].

5. Data Retention

Account data is retained for up to 12 months after cancellation.

SMS/call logs are retained for 12 months.

Invoices/payment history are retained for 6 years (legal obligation).

Marketing consent logs are retained for up to 12 months, unless extended by law.

6. Security Measures

We implement appropriate technical and organisational measures to protect data, including:

Encryption in transit and at rest.

Access control and authentication.

Regular monitoring for abuse or misuse.

7. Data Breach Policy

If a personal data breach occurs, we will notify the UK ICO (where legally required) and any affected users without undue delay.

8. Complaints

If you have concerns about how your data is handled, contact us at [email protected]. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): www.ico.org.uk.