Last update: September 5, 2025
Privacy Policy
Who we are: Spell Agency (“Spell”, “we”, “us”, “our”)
Address: 208 Street, Degla Square, Maadi, Egypt
Contact: hello@spell.agency
The Short Version
We collect only what we need to build, launch, and grow your store.
You control your data—access, fix, download, or delete it anytime.
We don’t sell personal data.
We work with vetted providers under strict contracts and security.
1) What This Policy Covers
This explains what we collect when you visit spell.agency, contact us, become a client, or receive our messages, why we collect it, how we use it, who we share it with, and your choices.
2) Data We Collect
You share: name, email, phone, company, role; project details; files you send.
We log automatically: IP, device, pages viewed, language, referrer; cookie IDs for analytics/ads (see Cookies).
If you are a client: billing records (no full card details), and store data strictly needed to deliver work (e.g., product/order/events for analytics, testing, flows, and reporting).
3) Why We Use It (Legal Bases)
To provide services and support (contract/legitimate interest).
To reply to inquiries and book calls (legitimate interest).
To improve our site and performance (consent/legitimate interest).
To send marketing you opt into (consent; opt out anytime).
To meet legal and accounting duties (legal obligation).
4) Cookies
We use:
Essential (security, consent).
Analytics (site performance, GA4/server-side).
Advertising (to measure our own campaigns).
Your choices: set preferences in our cookie banner, use browser settings, or email hello@spell.agency.
5) How We Use Client/Store Data
Only for the work you approve: build/migrate, redesign, testing & UX, media buying, email/SMS/WhatsApp, payments/COD setup, speed & data, automation.
We never sell or repurpose your customer data.
6) Who Processes Data For Us
Under data-processing agreements and minimum access: Shopify, Klaviyo, Google (GA4/Ads), Meta, TikTok, Snapchat, Cloudflare/hosting, payment processors for our invoices, and project/admin tools (e.g., docs, e-signature, accounting).
Request the current list at hello@spell.agency.
7) International Transfers
Data may be processed outside Egypt (e.g., EU/UK/US/UAE/KSA) by our providers. Where required, we use Standard Contractual Clauses or equivalent safeguards.
8) Retention
Website inquiries: 18 months from last contact.
Client/project records: contract term + up to 7 years (legal/accounting).
Analytics/ads: per-tool settings or your consent.
When no longer needed, we delete or anonymise
9) Security
Least-privilege access, MFA, encryption in transit/at rest where supported, secure credential handling, vendor reviews, and incident response procedures. No method is perfect, but we work to prevent, detect, and respond quickly.
10) Your Rights
Where applicable (e.g., UAE PDPL, KSA PDPL, GDPR/UK GDPR, CPRA equivalents), you can access, correct, delete, object/limit, port, and withdraw consent.
Email hello@spell.agency—we’ll respond within maximum 3 days.
11) Marketing Choices
Every email/SMS/WhatsApp message includes a way to unsubscribe. You can also email hello@spell.agency to stop all marketing.
12) Children
Our site and services are for businesses. We don’t knowingly collect data from children.
13) Changes To This Policy
If we make material changes, we’ll update the date at the top and, when appropriate, notify you on-site or by email. The newest version always applies.