1. Who We Are

Sophfree is operated by Sophie Sherwin, providing content automation build services to small business owners and solo founders.

Contact: studio@contentglitch404.com

Sophfree is the data controller for personal data collected through this website and its services.

2. Who This Policy Applies To

This policy applies to:

• Visitors to contentglitch404.com
• Individuals who submit a trial or application form
• Clients who purchase and use Sophfree's services

Sophfree's services are intended for individuals aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at studio@contentglitch404.com.

3. What Data We Collect

3.1 Trial and Application Forms

• First name and email address
• Business description and content goals
• Any other information voluntarily submitted in free text fields

3.2 Voice Notes

• Audio recordings submitted via Speakpipe
• Transcripts generated from those recordings via OpenAI Whisper

3.3 Client Briefs and Onboarding

• Business information, brand details, audience descriptions
• Content briefs submitted by voice or in writing

3.4 Payment Information

• Payment is processed by a third party provider. Sophfree does not store card numbers or full payment details. We retain records of payment amounts and dates for accounting purposes.

3.5 System Access Credentials and API Keys

• With your consent, I may store login credentials, API keys, and access tokens for third party tools required to deliver and support the build.
• All credentials and keys belong to you. They are held solely for the purpose of building and supporting your system during the agreed service period.
• Credentials and keys are transferred exclusively via Bitwarden Send — a self-destructing encrypted link that expires after a single use. They are never shared by email or any unencrypted method.
• Once received, credentials and keys are stored exclusively in an encrypted Bitwarden vault. They are never stored in email, spreadsheets, or unencrypted documents.
• You choose at onboarding whether to provide stored credentials or to supply temporary access on a per-request basis.
• I will not access your system unless a support request has been made.
• All stored credentials and API keys are permanently deleted at the end of the 6-month support window. You will be reminded to rotate your credentials and regenerate API keys at offboarding.

4. Why We Collect It and Our Legal Basis

Contractual necessity

To deliver the services agreed — including building, configuring, and handing over your content automation system.

Legitimate interests

To respond to trial submissions and applications, to assess suitability for our services, and to improve how we deliver those services.

Legal obligation

To maintain financial records as required by law.

Consent

Where I contact trial users or applicants with follow-up information about Sophfree's services, I do so on the basis of consent. You can withdraw consent at any time by emailing studio@contentglitch404.com or clicking unsubscribe in any email.

5. How Long We Keep Your Data

• Trial and application data: up to 12 months from submission, unless you ask us to delete it sooner.
• Client data and project files: for the duration of the contract plus 12 months after the support window closes.
• System access credentials and API keys: deleted at the end of the 6-month support window.
• Payment records: 6 years, as required by HMRC.
• Voice notes and transcripts: retained for the duration of the project and deleted at offboarding.

6. Who We Share Your Data With

Sophfree does not sell your data. We share data only where necessary to deliver our services, with the following third party tools:

• Airtable — data storage and workflow management
• n8n — workflow automation
• OpenAI — content generation and voice transcription via Whisper API
• Vercel — approval page hosting
• Speakpipe — voice note intake
• Buffer — social media scheduling
• Bitwarden — encrypted credential and API key storage

All third party tools are subject to their own privacy policies. Where tools are based outside the UK or EEA, we rely on their published compliance with UK GDPR adequacy standards or standard contractual clauses.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access — you can request a copy of the data we hold about you.
• Right to rectification — you can ask us to correct inaccurate data.
• Right to erasure — you can ask us to delete your data, subject to any legal obligations we have to retain it.
• Right to restriction — you can ask us to limit how we use your data.
• Right to data portability — you can ask for your data in a portable format.
• Right to object — you can object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at studio@contentglitch404.com. We will respond within 30 days.

8. Complaints

If you have a concern about how we handle your data, please contact us first at studio@contentglitch404.com and we will do our best to resolve it.

If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

Sophfree's website may use basic cookies for functionality. We do not use tracking or advertising cookies. If this changes, this policy will be updated and visitors will be notified.

10. Changes to This Policy

We may update this policy from time to time. The current version will always be available at contentglitch404.com/privacy. Where changes are material, existing clients will be notified by email.