SourcerySourcery

Privacy Policy

Last updated: 7 June 2026

This Privacy Policy explains how Sourcery Marketing Ltd ("Sourcery", "we", "us" or "our") collects, uses, shares and protects personal information, and the rights you have over that information. It applies to our website at https://sourcery.agency (the "Website") and to the services, communications, proposals and events we provide (together, the "Services").

Please read this policy carefully. If you do not agree with it, please stop using the Website and Services. If anything here is unclear, contact us at privacy@sourcery.agency and we will be glad to help.

Summary of key points

  • We collect the information you give us (such as your name, email and enquiry), information collected automatically when you use the Website (such as device and usage data), and limited information from other sources.
  • We use that information to respond to you, deliver our Services, run and improve our business, send communications you have asked for, and meet our legal obligations.
  • We do not sell your personal information for money.
  • We use trusted providers (for hosting, email, analytics and CRM) who process data on our behalf under appropriate terms, some of which are based outside the UK.
  • You have rights over your information, including the right to access, correct, delete and object. To exercise them, email privacy@sourcery.agency.

The rest of this policy sets out the detail.

1. Who we are

Sourcery Marketing Ltd is a marketing operations consultancy registered in England and Wales (company number 11412924). Our registered office is 16a Mackets Lane, Halewood, Liverpool, England, L25 0LQ. We are registered with the UK Information Commissioner's Office (registration number 00014978080).

Where we say "Sourcery", "we", "us" or "our", we mean Sourcery Marketing Ltd. For the personal information described in this policy, Sourcery is the data controller. When we deliver Services inside a client's own systems, we may act as a data processor on that client's behalf, in which case the client's own privacy notice and our contract with them govern that processing.

2. What information we collect

Information you provide to us

  • Contact and enquiry details: your name, email address, telephone number, company name, job title, and anything you choose to tell us in a contact or enquiry form, when booking a call, or by email.
  • Service and client information: where you engage us, the information we need to deliver the work. This can include access to, and data held within, your own marketing, CRM and related platforms.
  • Communications: records of correspondence and notes from calls or meetings.

Information collected automatically

When you visit the Website, we (and our analytics providers) automatically collect certain technical information. This does not usually identify you by name, but may include:

  • Log and usage data: IP address, pages and files viewed, dates and times of access, referring URLs, and the actions you take on the Website.
  • Device data: browser type and settings, operating system, language preferences, and device identifiers.
  • Approximate location: a general location inferred from your IP address (not precise GPS location).
  • Cookies and similar technologies: see section 6 and our Cookie Policy.

Information from other sources

We may receive limited information about you from public sources (such as company websites, professional networks and public registers), from referral partners, and from business-data providers, in order to understand whether our Services may be relevant to your organisation and to keep our records accurate. We combine this only with the categories described above and only for the purposes set out in this policy.

3. How we use your information

We use personal information to:

  • respond to enquiries and prepare proposals;
  • deliver our Services, including marketing operations, automation, reporting, integration and related work;
  • manage our relationship with you, including project updates, invoicing and support;
  • operate, secure, maintain and improve the Website and Services;
  • send marketing communications where you have asked us to, or where we are otherwise permitted to, and always with a simple way to opt out;
  • understand how the Website is used through analytics; and
  • comply with our legal and regulatory obligations, enforce our terms, and protect our rights, our clients and the public.

4. Legal bases for processing (UK and EU)

Where the UK GDPR or EU GDPR applies, we rely on one or more of the following legal bases:

  • Performance of a contract: to provide the Services you have engaged us for, or to take steps at your request before entering into a contract.
  • Legitimate interests: to run, promote, secure and improve our business, where this is not overridden by your interests or rights. Where we rely on legitimate interests, we have considered the impact on you, and you can object (see section 11).
  • Consent: for certain marketing communications and for non-essential cookies. You can withdraw consent at any time, without affecting processing already carried out.
  • Legal obligation: to comply with applicable laws, such as tax, accounting and regulatory requirements.

We do not generally collect "special category" data. If we ever need to, we will rely on an appropriate additional condition under data-protection law and tell you at the time.

5. How we share your information

We do not sell your personal information. We share it only as set out below, and only with appropriate data-protection terms in place.

  • Service providers (processors): trusted suppliers who process data on our behalf so we can run the business and deliver the Services. These currently include, for example:
    • Website hosting and infrastructure: Vercel
    • Transactional and service email: Resend
    • Website analytics: Google Analytics 4 via Google Tag Manager
    • CRM and marketing automation: HubSpot
    • Session analytics: Inspectlet
    • Cookie consent management: Termly
  • Professional advisers: accountants, lawyers and insurers, where reasonably necessary.
  • Legal and safety: authorities, regulators or other parties where we are legally required to disclose information, or where disclosure is necessary to establish, exercise or defend legal claims, or to protect the rights, safety or property of any person.
  • Business transfers: if we are involved in a merger, acquisition, financing or sale of assets, your information may be transferred as part of that transaction, subject to this policy.
  • With your consent or at your direction: for any other disclosure you ask us to make.

6. Cookies and tracking technologies

The Website uses cookies and similar technologies to make it work, to remember your preferences, to understand how it is used, and (where you consent) for marketing and measurement. Essential cookies are always on because the Website cannot function without them. Non-essential cookies are set only after you give consent through our cookie banner, and you can change or withdraw your choices at any time. Full detail of the cookies we use is in our Cookie Policy.

7. International data transfers

Some of our providers are based outside the UK and the European Economic Area, including in the United States. Where we transfer personal information internationally, we put appropriate safeguards in place, such as the UK International Data Transfer Addendum, the European Commission's Standard Contractual Clauses, the UK extension to the EU-US Data Privacy Framework, or transfers to countries the UK or EU recognises as providing adequate protection. You can ask us for more detail about these safeguards using the contact details below.

8. How long we keep your information

We keep personal information only for as long as we need it for the purposes set out in this policy, or for as long as the law requires. In practice:

  • enquiry and prospect data is kept for as long as there is a realistic prospect of working together, and then deleted or anonymised;
  • client project records are typically kept for 6 years after the end of the relationship, for tax, accounting and legal reasons; and
  • marketing contact data is kept until you unsubscribe or ask us to stop, and then suppressed only as needed to honour your request.

When we no longer need information, we delete or anonymise it. Where that is not immediately possible (for example because it sits in a secure backup), we isolate it from further use until deletion is possible.

9. How we keep your information secure

We use appropriate technical and organisational measures to protect personal information against loss, misuse and unauthorised access, including access controls, encryption in transit, and supplier due diligence. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your information and to respond promptly if anything goes wrong.

10. Children

The Website and Services are intended for businesses and are not directed at children. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us at privacy@sourcery.agency and we will take reasonable steps to delete it.

11. Your privacy rights

UK and EU (and similar regimes)

Under the UK GDPR, EU GDPR and equivalent laws, you have the right to:

  • access the personal information we hold about you and receive a copy;
  • request correction of inaccurate or incomplete information;
  • request erasure of your information in certain circumstances;
  • restrict or object to our processing, including objecting to direct marketing at any time;
  • request portability of information you provided to us, in a structured, commonly used format; and
  • withdraw consent at any time, where we rely on consent.

To exercise any of these rights, email privacy@sourcery.agency. We will respond within one month, and will tell you if we need longer because a request is complex. We do not charge a fee unless a request is manifestly unfounded or excessive. We may need to verify your identity before we act.

If you are in the UK or EU and believe we have handled your information unlawfully, you can complain to your data protection authority. In the UK this is the Information Commissioner's Office (ico.org.uk). In the EU you can contact your local supervisory authority. We would, however, appreciate the chance to address your concerns first.

United States (California and other states)

If you are a US resident, you may have rights under state privacy laws such as the California Consumer Privacy Act, as amended by the CPRA, and comparable laws in states including Virginia, Colorado, Connecticut, Utah, Texas, Oregon and Montana.

Categories of personal information we collect. In the past 12 months we have collected the following categories, as defined by California law:

Category Examples Collected
A. Identifiers Name, email address, phone number, IP address, online identifiers YES
B. Customer records Name, contact details, company and professional information YES
C. Protected classifications Age, gender, and similar NO
D. Commercial information Services purchased or considered, billing records YES
E. Biometric information Fingerprints, voiceprints NO
F. Internet or network activity Browsing and interaction with the Website YES
G. Geolocation data Approximate location from IP address YES
H. Sensory data Audio, visual, similar recordings NO
I. Professional or employment information Job title, employer, work history YES
J. Education information Records subject to FERPA NO
K. Inferences Profiles drawn from the above about preferences and interests YES

Your US state rights may include the right to know what we collect and how we use and share it, the right to access and delete your information, the right to correct inaccurate information, the right to opt out of the "sale" or "sharing" of personal information and of targeted advertising, and the right to non-discrimination for exercising these rights.

Sale and sharing. We do not sell your personal information for money. Some analytics and advertising cookies may be treated as a "sale" or "sharing" under certain US state laws. You can opt out of these by adjusting your choices in our cookie banner and, where supported, through a Global Privacy Control signal (see section 12).

To exercise any US state right, email privacy@sourcery.agency. You may use an authorised agent to make a request, in which case we may ask for proof of authorisation and may verify your identity directly. We will not discriminate against you for exercising your rights, and we will respond within the timeframes required by the applicable law.

12. Do-Not-Track and Global Privacy Control

Most browsers offer a "Do-Not-Track" (DNT) setting. There is no agreed industry standard for DNT, so we do not respond to DNT signals. Where required by law, we do honour recognised opt-out preference signals such as the Global Privacy Control (GPC) as a request to opt out of the sale or sharing of personal information for the browser concerned.

13. Third-party links

The Website may link to third-party sites and services that we do not control. This policy does not apply to them. We encourage you to read the privacy notices of any site you visit.

14. Changes to this policy

We may update this policy from time to time. When we do, we will change the "Last updated" date above, and where changes are material we will take reasonable steps to bring them to your attention. Please review this policy periodically.

15. How to contact us

For any privacy question or to exercise your rights, contact us at privacy@sourcery.agency. For general enquiries, use hello@sourcery.agency. You can also write to us at:

Sourcery Marketing Ltd 16a Mackets Lane Halewood Liverpool England L25 0LQ United Kingdom

16. How to review, update or delete your information

You can ask us to review, update or delete the personal information we hold about you at any time by emailing privacy@sourcery.agency. We will respond in line with the rights and timeframes set out in section 11.