Privacy Policy for EndorseHQ

Last updated: October 2025

At EndorseHQ Limited (“EndorseHQ”, “we”, “our”, or “us”), we are committed to protecting your privacy and ensuring that your personal data is handled securely, lawfully, and transparently.

This Privacy Policy explains what information we collect, how we use it, and the rights you have under data protection laws, including the UK GDPR and the Data Protection Act 2018.

1. Who we are

EndorseHQ Limited

Company number: 16654725

Registered office: 48 Lyndhurst Way, Istead Rise, Kent, DA13 9EW, United Kingdom

Website: https://endorsehq.com

Email: privacy@endorsehq.com

EndorseHQ is a software platform that helps service-based businesses collect, manage, and display client endorsements, testimonials, and reviews across multiple channels.

EndorseHQ Limited is the data controller for your personal data.

2. Information we collect

We collect and process data to operate our platform effectively and provide you with the best possible experience. This includes:

Account and business data

  • Name, email address, and password (when you create an account)
  • Business name, logo, and website URL
  • Company details such as sector or industry
  • User roles, permissions, and account activity logs

Endorsement and review data

  • Reviews and testimonials submitted through your account
  • Imported reviews from Google Business Profiles or LinkedIn recommendations
  • Review dates, reviewer names, and profile photos (if available)

Technical and usage data

  • IP address and browser user agent (for security and analytics)
  • Login timestamps, session duration, and activity logs
  • Error reports and diagnostic data

Billing and payment data

  • Subscription and billing details, processed securely by Stripe
  • We do not store or process card details directly on our servers

3. How we use your data

We use your data to:

  • Provide, operate, and improve the EndorseHQ platform
  • Authenticate users and maintain secure sessions
  • Send transactional communications (e.g. invites, password resets, notifications)
  • Process payments and manage subscriptions
  • Import and display reviews from authorised sources
  • Provide customer support and respond to technical issues
  • Analyse performance and improve usability
  • Comply with legal obligations and prevent misuse or fraud

4. Our lawful basis for processing

We process your personal data under the following lawful bases:

  • Contractual necessity – to provide the services you have signed up for
  • Legitimate interests – to improve our platform, prevent abuse, and enhance security
  • Consent – where you have opted in (e.g. marketing communications, cookies)
  • Legal obligation – when required by law or regulatory authorities

5. Analytics and monitoring tools

We use analytics tools to understand how users interact with our platform and to improve performance and usability.

  • Fathom Analytics – a privacy-focused, GDPR-compliant analytics platform that does not use cookies or collect personal data. It records only anonymised, aggregated usage data (such as page views and referrers) and does not track individuals.
  • Smartlook – records pseudonymised user sessions inside the EndorseHQ dashboard to help us identify usability issues and diagnose bugs. Sensitive fields (such as names, emails, and passwords) are automatically masked before recording. You can opt out of Smartlook by enabling “Do Not Track” (DNT) in your browser.
  • Google Search Console – monitors our website’s performance in search results and identifies technical issues.

6. Cookies

EndorseHQ uses only essential cookies required for login sessions, account authentication, and platform security.

These cookies are strictly necessary for the service to function and do not require user consent.

We do not use any marketing or tracking cookies.

Fathom Analytics operates fully cookieless, so no analytics cookies are stored or set.

You can manage or delete cookies through your browser settings at any time.

7. Data sharing

We do not sell or rent your data.

We only share it with trusted third-party processors that help us deliver the EndorseHQ service, including:

  • Stripe – payment processing and subscription billing
  • Amazon Simple Email Service (SES) – for sending secure transactional and system emails (e.g. invites, password resets, notifications)
  • Fathom Analytics / Smartlook – for aggregated usage analysis and usability monitoring
  • Backblaze and Cloudflare – for file storage, hosting, and network security

We may also share information if required by law, to enforce our terms, or to protect our users and platform integrity.

All processors are GDPR-compliant and operate under written data processing agreements.

8. Data retention

  • Account data is retained while your account remains active.
  • You can request complete deletion at any time by emailing support@endorsehq.com.
  • Reviews or testimonials may remain anonymised after account closure to preserve widget functionality.
  • Backups are retained securely for a limited time before being permanently deleted.

9. Your rights

Under the UK GDPR, you have the right to:

  • Access a copy of your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Withdraw consent at any time
  • Request portability of your data
  • Lodge a complaint with the Information Commissioner’s Office (ICO) via https://ico.org.uk

10. Data security

We take data protection seriously. Our measures include:

  • Full SSL/TLS encryption across all services
  • Two-factor authentication for admin users
  • Secure hosting in ISO-certified data centres
  • Regular vulnerability scans and software updates
  • Restricted staff access under strict confidentiality agreements

11. International data transfers

Some of our service providers (including Amazon Web Services, Stripe, and Smartlook) may transfer data outside the UK/EU under approved safeguards such as the EU–US Data Privacy Framework or Standard Contractual Clauses (SCCs).

12. Updates to this policy

We may update this Privacy Policy periodically.

Any significant changes will be notified by email or through your EndorseHQ dashboard.

The latest version is always available at https://endorsehq.com/privacy-policy/.

13. Contact us

If you have any questions about this Privacy Policy or wish to exercise your rights, contact:

Email: privacy@endorsehq.com

Company: EndorseHQ Limited

Registered office: 48 Lyndhurst Way, Istead Rise, Kent, DA13 9EW, United Kingdom