Privacy Policy

    Last updated: 14 February 2026

    1. Who We Are

    Controller: Unplain Media (trade name of S&D CASEY BROS LTD, ΗΕ 429874)

    Address: Αρχαγγέλου Μιχαήλ, 18B, Μονή 4525, Λεμεσός, Κύπρος

    Email: hello@unplainmedia.com

    2. What Data We Collect

    • Enquiries: name, email/phone, company, message content.
    • Client administration: contract details, invoice/payment status (payments via Stripe).
    • Website: technical only; basic logs for security/functionality.
    • If you interact with a Client's automation we operate: chat transcripts, call transcripts (no recordings), interaction metadata, and for clinics only: (i) service requested, (ii) treatment zone, plus booking contact details (name + phone) where provided.

    3. Why We Use Data + Legal Bases

    • Respond to enquiries and manage relationships (legitimate interests / pre-contract steps).
    • Provide Services to Clients (contract).
    • Billing/accounting (legal obligation).
    • Security and abuse prevention (legitimate interests).

    4. Controller vs Processor (Important)

    When we operate automations for a clinic/business, that clinic/business is typically the Controller of end-user data, and Unplain Media acts as Processor under a DPA. In those cases, the clinic's privacy notice governs the main purposes.

    5. Retention

    • Transcripts/interaction metadata: 12 months rolling; exceptional up to 24 months where the Client instructs and documents necessity.
    • Contract end: production service data deleted/returned within 30 days as a company policy; backups expire within up to 90 days. (GDPR requires delete/return at controller's choice, but does not mandate "30 days.")
    • Invoices/tax/accounting records: retained 7 years to meet statutory and audit needs; Cyprus VAT record-keeping requires retention for at least 6 years.

    6. Sharing

    We may share personal data with:

    • Stripe (billing/payment service providers/subprocessors needed to deliver Services; list to be finalised and maintained under the DPA);
    • professional advisers and regulators where legally required.

    7. International Transfers

    If any service provider processes data outside the EEA, appropriate safeguards will be used where required.

    8. Your Rights

    You may have rights of access, rectification, erasure, restriction, objection, and portability. If we are acting as Processor, requests should be directed to the relevant Client (Controller); we assist on their instruction.

    9. Cookies

    We use essential cookies only (no analytics/pixels by default).

    10. Complaints

    You can lodge a complaint with the Cyprus supervisory authority for data protection.

    Avatar
    Hi! Have a question or want to try a quick demo? Message here, no commitment!