Community Ad Accounts Media Buying Mentorship Affiliates
Get X/OS — $37 →
Legal

Privacy Policy

This policy explains how Exposcale Agency LLP collects, uses, and protects your personal information when you visit our website or use our services.

Exposcale Agency LLP Last updated: March 2026 Governed by UK & EU law
01

Who We Are

Exposcale Agency LLP ("Exposcale", "we", "us", or "our") is the data controller responsible for your personal information. We are registered in England and Wales.

Registered address: Exposcale Agency LLP, 27 Old Gloucester Street, London WC1N 3AX, United Kingdom

Contact: WhatsApp or via the contact details in Section 14.

We operate the website at expo-scale.org and the associated Shopify storefront, and we provide the following services: agency ad accounts (Meta, TikTok, Google), a paid community (Exposcale Discord), 1:1 mentorship, media buying services, and the X/OS digital product toolkit.

02

What We Collect

We collect personal information in the following ways:

Information you provide directly:

  • Name, email address, and phone number when you contact us via WhatsApp, email, or any contact form
  • Business name, website URL, and monthly ad spend when you apply for an agency ad account
  • Payment details processed securely through our payment providers (Stripe, PayPal, or Fanbasis) — we do not store card numbers directly
  • Messages and enquiries sent to us via WhatsApp or email
  • Information you provide when purchasing the X/OS toolkit via Fanbasis
  • Information submitted during mentorship or community onboarding

Information collected automatically:

  • IP address, browser type, device type, and operating system
  • Pages visited, time spent on site, and referral source
  • Cookie identifiers (see Section 6)
  • Meta Pixel and other advertising pixel data if you arrive via a paid ad

Information from third parties:

  • Data from Meta, TikTok, or Google when you grant access to your advertising accounts as part of our agency or media buying services
  • Transaction and usage data from Fanbasis, Whop, or Shopify in connection with product purchases or community membership
03

How We Use It

We use your personal information for the following purposes:

  • To provide and manage agency ad accounts, including onboarding, top-ups, and account maintenance
  • To deliver the X/OS toolkit and any associated digital products you have purchased
  • To administer your community membership and provide access to community content and calls
  • To deliver 1:1 mentorship or media buying services you have engaged us for
  • To process payments and send transaction confirmations
  • To communicate with you about your account, services, or enquiries
  • To send marketing communications about our products and services — only where you have consented or we have a legitimate interest
  • To improve our website and services through analytics
  • To comply with legal obligations including anti-money laundering, fraud prevention, and financial record-keeping

We will never sell your personal data to third parties, and we do not use your data for any purpose incompatible with those listed above.

04

Legal Basis for Processing

Under UK GDPR and EU GDPR, we rely on the following legal bases:

  • Contract performance — to fulfil your purchase of X/OS, to provide ad account services, and to deliver mentorship or media buying engagements
  • Legitimate interests — for fraud prevention, security, improving our services, and sending relevant marketing to existing customers where you have not opted out
  • Consent — for marketing emails or cookies where required by law; you may withdraw consent at any time
  • Legal obligation — for tax, financial record-keeping, and compliance with applicable law
05

Data Sharing

We do not sell your personal data. We share data only with trusted third parties who process it on our behalf, and only to the extent necessary:

  • Payment processors — Stripe, PayPal, Fanbasis, and Whop, for processing purchases and membership fees
  • Platform providers — Shopify (storefront), Whop (community platform), Discord (community communications)
  • Advertising platforms — Meta, TikTok, and Google, in connection with agency ad account provisioning and media buying services
  • Analytics providers — including Google Analytics, for website performance monitoring
  • Communication tools — WhatsApp (Meta) and email providers, for customer support and service delivery
  • Legal and regulatory authorities — where required by law, court order, or regulatory obligation

All third-party processors are required to handle your data in accordance with applicable data protection law and our instructions.

06

Cookies

Our website uses cookies — small text files stored on your device — to make the site function correctly and to understand how it is used.

We use the following types of cookies:

  • Essential cookies — required for the site to function (e.g. Shopify session cookies, cart functionality)
  • Analytics cookies — to understand visitor behaviour and improve the site (e.g. Google Analytics)
  • Advertising cookies — including the Meta Pixel and TikTok Pixel, to measure the performance of our paid advertising campaigns and to enable retargeting

You can control cookies through your browser settings. Disabling certain cookies may affect site functionality. Where required by law, we will request your consent before placing non-essential cookies.

07

Data Retention

We retain your personal information only for as long as necessary for the purposes set out in this policy, or as required by law.

  • Customer and transaction records — retained for 7 years in compliance with UK financial record-keeping obligations
  • Active service relationships — retained for the duration of the service plus 12 months following termination
  • Marketing contact data — retained until you unsubscribe or withdraw consent
  • Website analytics data — retained for up to 26 months in anonymised or aggregated form
  • Support and communications — retained for up to 3 years from the date of last contact

When data is no longer required, we securely delete or anonymise it.

08

Your Rights

Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your data where there is no compelling reason for continued processing
  • Right to restrict processing — to request that we limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — at any time, where processing is based on consent, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us using the details in Section 14. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

09

International Transfers

Some of our third-party service providers are based outside the UK and European Economic Area (EEA). Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the relevant authority
  • Adequacy decisions by the UK or European Commission where applicable
  • Other legally recognised transfer mechanisms

The primary third parties involved in international transfers include Meta (USA), Google (USA), and Shopify (Canada), all of which operate under recognised safeguards for cross-border data transfers.

10

Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

  • HTTPS encryption across all web properties
  • Access controls limiting who within our organisation can access personal data
  • Use of reputable, security-audited third-party platforms for payment processing and data storage
  • Regular review of our security practices

No method of transmission over the internet or electronic storage is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority as required by law.

11

Third-Party Links

Our website may contain links to third-party websites, including Meta, TikTok, Google, Shopify, Whop, and Discord. This privacy policy does not apply to those websites. We encourage you to read the privacy policies of any third-party sites you visit. We are not responsible for the content or privacy practices of external sites.

12

Children

Our services are not directed at, and we do not knowingly collect personal data from, individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

13

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, or best practice. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

14

Contact Us

For any questions about this privacy policy, to exercise your data rights, or to raise a concern, please contact us:

Data Controller

Exposcale Agency LLP

27 Old Gloucester Street
London WC1N 3AX
United Kingdom

WhatsApp: Message us directly

Response time: We aim to respond to all data-related requests within 30 days as required by UK GDPR.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) — the UK's data protection supervisory authority — at ico.org.uk or by calling 0303 123 1113.