Privacy Policy
Last updated: 11 June 2026
Introduction
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights over it. We operate vimsy.io and deliver WordPress maintenance and development services worldwide.
No dark patterns. No selling your data. If something is unclear, email us at hello@vimsy.io.
Who We Are
Vimsy is operated by SociiLabs LLC, a Wyoming limited liability company. When this policy refers to "we", "us", or "our", it means Vimsy / SociiLabs LLC.
For visitors and customers in the European Economic Area or United Kingdom, we are the data controller for the personal data described in this policy.
What We Collect and Why
2.1 Data You Give Us Directly
| Data | When | Why |
|---|---|---|
| Name, email address, phone number | Contact form, checkout, newsletter signup | To respond to enquiries, deliver services, send receipts, send newsletters you requested |
| Website URL | Contact form, onboarding | To deliver the WordPress service you purchased |
| Payment information | Checkout | Processed directly and exclusively by Stripe — we never receive, see, or store your card number, CVV, or full billing details |
| WordPress and hosting credentials | Service delivery | To access your site and perform the work you paid for — credentials are handled under strict access controls and deleted or formally revoked upon project completion |
| Project brief and business context | Custom development enquiries | To prepare a proposal and deliver the project |
| Support messages | Crisp chat, email, WhatsApp | To respond to and track your support requests — retained as a service history record |
2.2 Data We Collect Automatically
When you visit vimsy.io, the following is collected:
Google Analytics 4 (GA4)
Pages visited, session duration, device type, approximate geographic location (country/city level), referring source. Used to understand how visitors use the site so we can improve it. IP addresses are anonymised before storage. This is collected with your consent where required by applicable law. Data is processed by Google LLC — see Google's Privacy Policy.
Microsoft Clarity
Session recordings and heatmaps showing how visitors interact with pages (clicks, scrolls, mouse movement). Clarity is configured to mask input fields and sensitive content areas. However, you should not type sensitive personal data (such as passwords or financial information) into any field on our website other than the Stripe-hosted payment form. Used to identify usability issues. Collected with your consent where required. Data is processed by Microsoft — see Microsoft's Privacy Statement.
Google Search Console
Aggregate search query data showing which search terms lead to our site — not tied to individual users, not stored by us. Used to understand organic search performance.
2.3 Data Processed by Our Internal Tools
The following tools are used to operate our business. Each processes personal data as described.
Stripe
Payment processing. Stripe stores your payment method, billing address, and transaction history in accordance with PCI-DSS Level 1 standards. Stripe is the data controller for payment data. See Stripe's Privacy Policy.
MailerLite
Email newsletter. If you subscribe to our newsletter (Site Maintained), your email address and first name (if provided) are stored in MailerLite. You can unsubscribe at any time — every email includes a one-click unsubscribe link. Unsubscribing removes you from all future mailings immediately. See MailerLite's Privacy Policy.
Crisp
Live chat and support. When you use the chat widget on our site or submit a support request, your messages and email address (if provided) are stored in Crisp. Support conversations are retained as a service record. See Crisp's Privacy Policy.
Attio
CRM. Customer and prospect contact records are stored in Attio. This includes name, email address, company name, and service history. Attio data is not shared with third parties and is used solely for managing our customer relationships and service delivery. See Attio's Privacy Policy.
n8n (Workflow Automation)
We use n8n to automate internal workflows, including onboarding communications and generating customer discount codes. Our n8n instance processes personal data (name, email) in transit as part of these workflows. We operate our own n8n infrastructure; data processed through n8n is subject to the same security and retention controls as our other systems. n8n does not act as an independent data controller for data we process through our own instance.
Legal Basis for Processing (GDPR / UK GDPR)
If you are in the European Economic Area or United Kingdom, we process your personal data on the following legal bases:
| Processing activity | Legal basis | Notes |
|---|---|---|
| Delivering services you purchased | Contract performance (Art. 6(1)(b)) | Necessary to fulfil our service obligations |
| Sending transactional emails (receipts, service updates, onboarding) | Contract performance (Art. 6(1)(b)) | Required for service delivery |
| Responding to support requests | Contract performance (Art. 6(1)(b)) | — |
| Sending the Site Maintained newsletter | Consent (Art. 6(1)(a)) | You opted in; withdrawable at any time |
| Website analytics — GA4, Microsoft Clarity | Consent (Art. 6(1)(a)) | Collected via cookie consent banner |
| CRM records for sales pipeline and service history | Legitimate interest (Art. 6(1)(f)) | We have a legitimate interest in maintaining records of our business relationships |
| Fraud prevention | Legitimate interest (Art. 6(1)(f)) | — |
| Legal compliance and record-keeping | Legal obligation (Art. 6(1)(c)) | Financial and tax records |
Where we rely on legitimate interest, you have the right to object at any time by emailing hello@vimsy.io. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
How Long We Keep Your Data
| Data type | Retention period | Basis |
|---|---|---|
| Customer account and service records | 7 years from last transaction | Legal and tax obligations |
| Support conversation records | 3 years from last interaction | Legitimate interest in service history |
| Newsletter subscriber records | Until you unsubscribe, then deleted within 30 days | Consent |
| Payment records | 7 years (held by Stripe) | Legal obligation |
| Website analytics — GA4 | 14 months (GA4 default, configured by us) | Consent |
| Session recordings — Microsoft Clarity | 90 days (Clarity default) | Consent |
| WordPress and hosting credentials | Deleted or formally revoked upon project completion, or within 14 days of your written request | Our credential handling policy |
| Prospect/lead records (non-customers) | 2 years from last interaction, unless you request earlier deletion | Legitimate interest |
After the applicable retention period, data is deleted or anonymised so it can no longer be attributed to you.
Who We Share Your Data With
We do not sell your data. We do not share your data with advertisers or data brokers.
We share personal data only with:
Service providers listed in Section 2.3 (Stripe, MailerLite, Crisp, Attio, Google, Microsoft) — strictly for the purposes described, under contractual obligations equivalent to those in this policy
Legal and regulatory authorities — where required by law, valid court order, or to comply with regulatory requirements; we will notify you where legally permitted to do so
Business successors — if SociiLabs LLC is acquired, merges, or transfers assets, your data may transfer to the acquiring entity, which will be required to honour this privacy policy
All sub-processors and service providers are required by contract to process your data only as instructed by us and to implement appropriate technical and organisational security measures.
International Data Transfers
SociiLabs LLC is incorporated in Wyoming, United States. When we transfer personal data from the EEA or UK to the US or other countries without an adequacy decision, we rely on:
Standard Contractual Clauses (SCCs) adopted by the European Commission, as incorporated into our agreements with US-based sub-processors (Google, Microsoft, Stripe, MailerLite, Crisp, Attio)
The UK International Data Transfer Agreement (IDTA) for transfers from the UK where applicable
You may request details of the transfer mechanisms we rely on by emailing hello@vimsy.io.
Cookies
We use cookies and similar tracking technologies on vimsy.io.
| Cookie / technology | Provider | Purpose | Category |
|---|---|---|---|
| _ga, _ga_* | Google Analytics 4 | Distinguish users, session tracking, traffic source attribution | Analytics (consent required) |
| _clsk, _clck | Microsoft Clarity | Session recording, heatmap, interaction tracking | Analytics (consent required) |
| crisp-client/* | Crisp | Maintain chat session state, identify returning users | Functional (necessary for chat) |
| Stripe session and fraud cookies | Stripe | Fraud prevention, secure payment flow | Necessary for payment processing |
Necessary cookies (Stripe payment flow) are set when you access our checkout. These cannot be disabled as they are required for secure payment processing.
Functional cookies (Crisp) are set when you interact with our chat widget. These enable the chat to function correctly.
Analytics cookies (GA4, Microsoft Clarity) are set only after you provide consent via our cookie banner on first visit. You can withdraw consent at any time by clicking "Cookie Preferences" in our website footer, which will prevent new analytics cookies from being set. Withdrawing consent does not delete cookies already set — you can delete these through your browser settings.
Your Rights
Depending on where you are located, you have the following rights regarding your personal data:
To exercise any of these rights, email hello@vimsy.io with the subject line "Privacy Request — [Right Type]". We will acknowledge your request within 5 business days and respond substantively within 30 days (extendable by a further 60 days for complex requests, with notice to you). We may ask you to verify your identity before we process your request — this is to protect your data from unauthorised access.
Right to access (Art. 15 GDPR / Section 45 UK GDPR)
Request a copy of the personal data we hold about you, along with information about how and why we process it.
Right to correction (Art. 16)
Ask us to correct inaccurate or incomplete personal data.
Right to deletion / "right to be forgotten" (Art. 17)
Ask us to delete your personal data. We will comply unless we are legally required to retain it (e.g., financial records we must keep for 7 years).
Right to restriction of processing (Art. 18)
Ask us to pause processing of your data in certain circumstances (e.g., while you contest accuracy).
Right to data portability (Art. 20)
Request your personal data in a structured, commonly used, machine-readable format where technically feasible.
Right to object (Art. 21)
Object to processing based on legitimate interest. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to withdraw consent
Where processing is based on consent (newsletter, analytics cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to complain to a supervisory authority
You have the right to lodge a complaint with your local data protection authority at any time. In the UK: the Information Commissioner's Office (ico.org.uk). In the EU: your national data protection authority.
California Residents (CCPA / CPRA)
SociiLabs LLC is a small business and does not currently meet the revenue or data volume thresholds that trigger full CCPA/CPRA obligations. However, as a matter of good practice:
We do not sell personal information as defined under the CCPA.
We do not share personal information for cross-context behavioural advertising.
California residents may contact us at hello@vimsy.io to request information about what personal data we hold or to request deletion.
We will update this section if our processing activities change and we become subject to CCPA/CPRA obligations.
Children's Privacy
Our services are directed at businesses and adult individuals. We do not knowingly collect personal data from anyone under the age of 16. If you believe a person under 16 has provided us with personal data, contact us at hello@vimsy.io and we will delete it promptly.
Security
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, or disclosure, including:
HTTPS enforced on all pages of vimsy.io
Access controls limiting customer data access to team members who require it for service delivery
Credential handling procedures restricting access to client site credentials to the individual performing the relevant service
Regular review of third-party sub-processor security practices
No method of electronic transmission or storage is completely secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify relevant supervisory authorities within 72 hours of discovery (where required) and notify affected individuals without undue delay.
Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated by email to your registered address at least 14 days before taking effect. The date at the top of this page reflects the most recent update.
Contact
For privacy questions, data subject requests, or concerns:
hello@vimsy.io (subject line: "Privacy Request — [topic]")
+1 (307) 888-9783
Hours
Monday – Friday, 9am – 6pm PST
If you are unsatisfied with our response, you may contact your local data protection authority. In the UK: the ICO (ico.org.uk). In the EU: your national supervisory authority.