Features Pricing About Contact
Login Start free trial

Privacy Policy

Last updated: 1 January 2026

Social Prysm ("we", "us", "our") respects your privacy and is committed to protecting the personal data of our customers, visitors and end users. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use smhub.com and our services (the "Services"). By using Social Prysm you agree to the practices described in this policy.

1. Who we are

Social Prysm Ltd is a company registered in England and Wales. Our registered address is 71–75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom. For the purposes of the UK GDPR and EU GDPR, we are the data controller of the personal data we process in relation to our website visitors and our direct customers, and the data processor for personal data that customers upload into the Services about their own clients and end users.

2. Information we collect

We collect the following categories of personal data:

  • Account data — name, email address, password (hashed), company name, job title, country.
  • Billing data — billing address, VAT number and the last four digits of payment cards. Full card numbers are handled directly by our PCI-DSS compliant payment processor Stripe and never stored on our servers.
  • Usage data — pages visited, features used, timestamps, IP address, browser type, device information and referring URL.
  • Customer content — any client records, posts, assets, reports, comments or files you upload into the platform.
  • Support data — messages, attachments and transcripts from conversations you have with our support team.

3. How we use your information

We use personal data to:

  • Provide, operate, maintain and improve the Services.
  • Process payments and manage subscriptions.
  • Communicate with you about your account, product updates, security alerts and customer support.
  • Send marketing emails (only with your explicit consent — you can opt out at any time).
  • Detect, prevent and address fraud, abuse, and security issues.
  • Comply with legal obligations and enforce our Terms of Service.

4. Legal basis for processing

Under the UK GDPR and EU GDPR we rely on the following lawful bases:

  • Contract — to deliver the Services you have subscribed to.
  • Legitimate interests — to improve our Services, keep them secure and grow our business, balanced against your rights.
  • Consent — for marketing communications and non-essential cookies.
  • Legal obligation — to comply with tax, accounting and other legal requirements.

5. Cookies and tracking

We use cookies and similar technologies to keep you logged in, remember your preferences, measure usage, and deliver a better experience. For details see our Cookie Policy. You can manage your preferences at any time.

6. Sharing your information

We never sell your personal data. We share data only with:

  • Sub-processors who help us deliver the Services — including hosting (AWS EU/UK regions), payment processing (Stripe), email delivery (Postmark), error tracking (Sentry) and customer support (Intercom). A full list is available on request.
  • Legal and regulatory authorities when required by law, subpoena or to protect our rights.
  • Acquirers in the event of a merger, acquisition or sale of assets, subject to standard confidentiality.

7. International transfers

Your data is primarily stored in the United Kingdom and European Union. Where data is transferred outside the UK/EEA, we rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum to provide appropriate safeguards.

8. Data retention

We keep personal data only for as long as necessary to deliver the Services and to comply with our legal obligations. Account data is retained for the duration of your subscription plus 90 days after cancellation, after which it is permanently deleted from production systems and within 30 additional days from encrypted backups. Invoices are retained for 7 years to comply with UK tax law.

9. Your rights

Under the UK GDPR and EU GDPR you have the following rights:

  • Right of access to your personal data.
  • Right to rectification of inaccurate data.
  • Right to erasure ("right to be forgotten").
  • Right to restrict processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with a supervisory authority (in the UK, the ICO at ico.org.uk).

To exercise any of these rights, email privacy@smhub.com. We respond within 30 days.

10. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), regular penetration testing, least-privilege access controls, audit logging and 24/7 monitoring. No system is 100% secure, but we take protecting your data very seriously.

11. Children

Social Prysm is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date and, for material changes, notify you by email or a prominent in-app notice.

13. Contact us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@smhub.com or write to Social Prysm Ltd, 71–75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.