This Privacy Policy explains how Black Sail Labs collects, uses, shares and protects personal information when you visit blacksaillabs.com, request a free preview, or use our services as a client. We’ve tried to keep it clear and honest. It forms part of our Terms of Service.
1. Introduction & scope
This policy applies to personal information we handle about: (a) visitors to our website; (b) prospective and current clients and their representatives; and (c) individuals whose information our clients provide to us so we can deliver the services (for example, a client’s own customers or leads). It does not apply to the practices of third parties we do not control (see Section 15).
2. Who we are
Black Sail Labs is a sole proprietorship based in the Commonwealth of The Bahamas, with its principal place of business at 41 Frank Edgecombe Road, Fox Hill, Nassau, The Bahamas. For the purposes of applicable data-protection law, Black Sail Labs is the “controller” of the personal information described in this policy that we collect about visitors and clients. Where we process personal information about a client’s own customers or leads on the client’s behalf, the client is the controller and we act as a “processor” (see Section 3.4). You can reach us at [email protected].
3. Information we collect
3.1 Information you provide to us
When you contact us, request a preview, or become a client, you may give us: your name, business name, email address, phone number, business details, the content and materials you want on your website (text, images, logos), and any other information you choose to share in your communications with us.
3.2 Payment information
Payments are processed by Paddle as our Merchant of Record. When you pay, you provide your payment details directly to Paddle (and its payment processors), not to us. We do not collect or store your full card number. We receive limited information from Paddle to manage your account, such as your name, billing country, the plan purchased, the last few digits or card type, and transaction and subscription status. Paddle’s handling of your data is governed by Paddle’s own privacy policy.
3.3 Information we collect automatically
When you use our website, we and our analytics providers may automatically collect usage and device information, such as your IP address, browser and device type, operating system, referring pages, the pages you view, and the dates and times of your visits. Some of this is collected through cookies and similar technologies (see Section 6).
3.4 Data clients provide about their own customers or leads
To deliver certain services (such as review requests, lead-capture forms, messaging or managed outreach), our clients may provide us with, or direct us to process, personal information about their own customers, contacts or leads — for example, names, email addresses, phone numbers and enquiry details. We process this information on the client’s behalf and on their instructions, as their processor. The client is responsible for having a lawful basis and any required notices or consents for that information.
4. How we use information
We use personal information to:
- Provide, operate, maintain and improve our website and services;
- Prepare free previews and respond to your enquiries;
- Set up, build, host and manage your website and connected services (Google Business Profile, WhatsApp, reviews, SEO, content, and any add-ons);
- Process orders, manage subscriptions, and handle billing and refunds (with Paddle);
- Communicate with you about your account, projects, support requests and service updates;
- Send you information about our services where permitted (you can opt out of marketing at any time);
- Understand how our website is used and improve its performance and security; and
- Comply with law, enforce our terms, and protect our rights and the rights of others.
5. Legal bases for processing
Where data-protection law (such as the GDPR or UK GDPR) applies, we rely on one or more of the following legal bases:
- Contract: to provide the services you request and manage our relationship with you;
- Consent: for certain activities, such as optional cookies/analytics and marketing communications — you may withdraw consent at any time;
- Legitimate interests: to operate, secure, understand and improve our business and services, in a way that is balanced against your rights; and
- Legal obligation: to comply with laws that apply to us.
Where we process data about a client’s customers or leads as a processor, the client is responsible for establishing the legal basis for that processing.
6. Cookies & analytics
Our website uses cookies and similar technologies. Strictly necessary cookies are needed for the site to function. We may also use analytics and performance cookies to understand how visitors use the site so we can improve it. Analytics may be provided by services such as Google. You can control or block cookies through your browser settings, and where required we will ask for your consent to non-essential cookies. Disabling some cookies may affect how the site works. To learn about the cookies used by third parties (such as Paddle at checkout or Google analytics), please see their respective policies.
7. How we share information
We do not sell your personal information. We share it only as needed to run our business and deliver the services, including with the categories of service providers (“processors”) below, each of which handles data under its own terms and privacy policy:
- Paddle — our Merchant of Record, for payments, billing, tax, invoicing and refunds;
- Cloudflare — website hosting, content delivery and security;
- Google — Business Profile, Places/Maps and analytics services used to set up and understand your online presence;
- Meta / WhatsApp — where WhatsApp messaging is part of your service;
- Domain registrars — to register and manage domains on your behalf;
- Anthropic and other artificial-intelligence providers — to generate and process content that helps us deliver the service (see Section 8); and
- Email and communications providers — to send account, support, review-request and (where authorised) outreach messages.
We may also share information with our professional advisers (such as accountants and lawyers) and as described in Sections 9 and 10.
8. AI processing of business data
We use artificial-intelligence providers, such as Anthropic, to help produce and process content (for example, website copy and social posts) in order to deliver the services. Business and content data may be sent to these providers for processing. These providers process the data to return the requested output and, under their applicable API/commercial terms, do not use business data submitted through their API to train their models. AI-generated content may contain inaccuracies and is reviewed and approved as described in our Terms of Service.
9. Legal & compliance disclosures
We may disclose personal information if we believe in good faith that doing so is necessary to: comply with a law, regulation, legal process or governmental request; enforce our agreements and policies; detect, prevent or address fraud, security or technical issues; or protect the rights, property or safety of Black Sail Labs, our clients, or others.
10. Business transfers
If we are involved in a merger, acquisition, financing, reorganisation, or sale of all or part of our assets, personal information may be transferred as part of that transaction. We will take reasonable steps to ensure it remains protected and, where required, notify you of any material change.
11. Data retention
We keep personal information for as long as needed to provide the services, maintain our business records, comply with legal, tax and accounting obligations, resolve disputes and enforce our agreements. When information is no longer needed, we take reasonable steps to delete or anonymise it. Data we process on behalf of a client is retained and deleted in line with our agreement with that client and their instructions.
12. Security
We take the security of personal information seriously and use reasonable technical and organisational measures designed to protect it against loss, misuse, unauthorised access, disclosure and alteration. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping any credentials we share with you confidential.
13. International transfers
We are based in the Commonwealth of The Bahamas and work with clients and service providers located in the Bahamas, the Caribbean, the United States and internationally. As a result, your personal information may be transferred to, stored in, and processed in countries other than your own, which may have different data-protection laws. Where required by law, we take appropriate steps to ensure such transfers are subject to suitable safeguards.
14. Your privacy rights
Depending on where you live and the law that applies to you, you may have some or all of the following rights in respect of your personal information: to access it; to correct inaccurate information; to delete it; to object to or restrict certain processing; to data portability; and to withdraw consent where we rely on it. To exercise any of these rights, email us at [email protected]. We will respond within the timeframe required by applicable law and may need to verify your identity first. You will not be discriminated against for exercising your rights. Where the request relates to data we process on behalf of a client (as their processor), we will refer the request to that client.
14.1 EU / UK (GDPR)
If you are in the European Economic Area or the United Kingdom, you have the rights described above under the GDPR / UK GDPR. You also have the right to lodge a complaint with your local data-protection supervisory authority. We would appreciate the chance to address your concerns first, so please contact us.
14.2 California (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it, to request access to and deletion of your personal information, to correct inaccurate information, and to not be discriminated against for exercising your rights. We do not sell your personal information, and we do not “share” it for cross-context behavioural advertising as those terms are defined under California law. You may exercise these rights by contacting us as described above.
15. Third-party links
Our website and services may link to or integrate with third-party websites and services. We are not responsible for their privacy practices or content. We encourage you to read the privacy policies of any third party before providing them with your information.
16. Children’s privacy
Our website and services are directed to businesses and are not intended for children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.
17. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or the law. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of our website or services after an update takes effect means you accept the revised policy.
18. Contact us
Questions about your privacy?
Contact us any time and we’ll be glad to help:
Black Sail Labs — a sole proprietorship
Attn: Data Protection Officer
41 Frank Edgecombe Road, Fox Hill, Nassau, Commonwealth of The Bahamas
Email: [email protected]