Privacy Policy

This Privacy Policy explains how Sociably Digital Services ("we", "us", "our") collects, uses, and protects your personal data when you use the Stish platform.

1. Data Controller

Company: Sociably Digital Services

Address: Athens 15342, Greece

VAT ID: EL077034367

For data protection inquiries, please use our contact form.

2. Data We Collect

Account Information

Name, email address, company name, password (encrypted)

Usage Data

Campaign data, asset uploads, platform interactions, feature usage

Payment Data

Processed securely through Stripe. We do not store full card details.

Technical Data

IP address, browser type, device information, cookies

3. How We Use Your Data

  • To provide and maintain the Stish platform
  • To process your subscription and payments
  • To send service-related communications
  • To improve our services and user experience
  • To comply with legal obligations
  • To protect against fraud and unauthorized access

4. Legal Basis for Processing (GDPR)

  • Contract: Processing necessary to fulfill our service agreement
  • Consent: For optional features like marketing communications
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws

5. Data Sharing

We share data only with:

  • Service Providers: Cloud hosting (AWS), payment processing (Stripe), email services
  • Legal Requirements: When required by law or to protect our rights

We do not sell your personal data to third parties.

6. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Personal data is deleted within 30 days
  • Backup copies are deleted within 90 days
  • Financial records are retained as required by law (typically 7 years)

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us through our contact form.

8. Data Security

We implement industry-standard security measures including:

  • SSL/TLS encryption for data in transit
  • Encrypted storage for sensitive data
  • Regular security audits and updates
  • Access controls and authentication

9. International Transfers

Our servers are located in the European Union. If data is transferred outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

10. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. In Greece, this is the Hellenic Data Protection Authority (HDPA):

www.dpa.gr

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the platform. Your continued use of Stish after such changes constitutes acceptance of the updated policy.

Last updated: January 2026