Customer Privacy Notice

Maskew Ltd (trading as Maskew Media)

This policy applies to all Maskew Media products and services, including Maskew Studio and the Video Revenue Blueprint.

Last updated: March 2026

1. Who We Are

Maskew Ltd (trading as Maskew Media) is the data controller for personal information collected through our website, services, and products. We are registered in England and Wales.

Registered address: 38 Kilbride Way, Orton Northgate, Peterborough, PE2 6SX

Contact email: hello@maskew.media

For data protection queries contact us at the email above. We will respond within one month.

2. Our Products and Services

This notice covers all personal data processed in connection with:

Maskew Media videography, photography, and audio production services
The Video Revenue Blueprint — a content strategy consultancy product
The Video Revenue Diagnostic — our interactive scorecard and lead generation tool, hosted on ScoreApp
Maskew Studio — a web-based content strategy and idea management tool
Our website at maskew.media and associated pages
Our podcast, The Business Engine

3. Information We Collect and Why

3a. Videography, Photography, and Audio Production Services

When you engage us for video production, photography, audio recording, filming, or editing services, we collect:

Your name, email address, phone number, and business address
Financial data including invoice records, payment history, and transaction references
Brand assets you supply such as logos, staff photographs, draft scripts, and storyboard files
Video footage, photographic images, and audio recordings produced or supplied during the project
Records of meetings, approvals, and project decisions
Discovery call recordings (only with your prior consent; you may request deletion at any time)
Employment details such as job title where relevant to the project

Photography and audio services are offered both as standalone services and as part of broader videography packages. All media assets produced or supplied are handled under the same terms as video footage.

3b. Video Revenue Blueprint

When you purchase or enquire about the Video Revenue Blueprint, we collect:

Your name and email address
Information about your business, target audience, and content objectives that you provide during the strategy process
Payment information processed via Stripe (we do not store full card details)

3c. Video Revenue Diagnostic (ScoreApp)

The Video Revenue Diagnostic is our interactive scorecard tool, hosted on ScoreApp. When you complete it we collect:

Your name and email address
Your business name and your responses to the scorecard questions
Your calculated Authority Score and associated results

We use this information to send you your personalised results, follow up with relevant advice, and contact you about services that may help your business. Your responses are processed by ScoreApp on our behalf (see Section 7). You can unsubscribe from follow-up communications at any time using the link in any email or by contacting hello@maskew.media.

3d. Maskew Studio

Maskew Studio is a web-based tool available by invitation only. When you use Maskew Studio, we collect:

Your email address used to log in
If you sign in via Google, your Google account email address
Your display name and company name if you choose to provide them
Content you enter into the tool including business context, buyer objections, content ideas, production notes, and performance metrics
Usage data including which features you use and when

Important: when you use the idea generation feature in Maskew Studio, the business context you have entered (what you do, who you help, and the problem you solve) is sent to Google’s Gemini API to generate content ideas. This data is processed by Google LLC in the United States. We do not send your name, email address, or any other identifying information to Gemini. See Section 7 for more detail on this transfer.

3e. Website and Contact Forms

When you contact us via our website, we collect your name, email address, and the content of your message. We use this solely to respond to your enquiry.

4. Our Lawful Bases Under UK GDPR

Under UK data protection law we must have a lawful basis for processing personal data. We rely on the following:

Contract

We process your data to enter into or perform a contract with you. This applies to production services (video, photography, and audio), the Video Revenue Blueprint, and Maskew Studio accounts. Most of your data protection rights apply under this basis.

Legitimate Interests

We process some data because it benefits you, our business, or both, without causing undue risk of harm. We rely on legitimate interests for:

Following up with people who have completed the Video Revenue Diagnostic with relevant advice and service information, as they reasonably expect given the nature of the tool
Sending occasional emails to existing clients and qualified B2B prospects about content strategy and service updates
Retaining project records for legal, insurance, and operational purposes
Analysing anonymised usage patterns in Maskew Studio to improve the product

You may object to processing based on legitimate interests at any time by contacting hello@maskew.media.

Legal Obligation

We retain certain financial and contractual records because we are required to by law, including HMRC requirements under the Companies Act 2006.

Consent

We rely on consent for marketing emails where you have not previously purchased from us, and for publishing testimonials or case studies featuring your name, role, image, or video content. You may withdraw consent at any time.

5. Your Data Protection Rights

You have the following rights under UK data protection law. To exercise any of them contact us at hello@maskew.media and we will respond within one month.

Right of access — request a copy of the personal data we hold about you
Right to rectification — ask us to correct inaccurate or incomplete data
Right to erasure — ask us to delete your data in certain circumstances
Right to restriction — ask us to limit how we use your data
Right to object — object to processing based on legitimate interests or for direct marketing
Right to data portability — ask us to transfer your data to another organisation
Right to withdraw consent — where we rely on consent, withdraw it at any time

Some rights are subject to exemptions. We will explain if an exemption applies when you make a request.

6. How Long We Keep Your Information

Invoices, receipts, and payment records — six years plus the current tax year, as required by HMRC
Signed contracts and statements of work — six years after project completion
Discovery call recordings — up to 12 months, then deleted
Marketing email list (name, email, opt-in status) — until you unsubscribe or 24 months of inactivity
Video Revenue Diagnostic responses and contact details — up to 24 months from completion
Maskew Studio account data (objections, ideas, production items, metrics) — retained for the duration of your active account and deleted within 90 days of account closure on request
Raw video footage, photographic images, and audio recordings — up to six years after project completion for legal and insurance purposes, and with your written consent for portfolio use

7. Who We Share Your Information With

Data Processors

We share data with the following organisations who process it on our behalf under data processing agreements:

Stripe Payments Europe Ltd

Purpose: Secure payment processing for our services and products. We never see or store your full card details. Based in Ireland — EEA adequacy decision applies.

Supabase Inc

Purpose: Database hosting and authentication for Maskew Studio. Your account data, content, and login credentials are stored on Supabase’s servers located in the European Union (Ireland). The EEA adequacy decision applies to this transfer.

ScoreApp

Purpose: Hosting and processing responses for the Video Revenue Diagnostic. When you complete our scorecard, your name, email address, and quiz responses are processed by ScoreApp on our behalf. ScoreApp operates under UK and EU data protection law. For more information on ScoreApp’s data practices see their privacy policy at scoreapp.com.

Google LLC — Google Workspace and Google Analytics

Purpose: Cloud storage, business email, and anonymised website analytics. Data is transferred to the United States under Standard Contractual Clauses with the UK Addendum.

Google LLC — Google OAuth

Purpose: If you choose to sign in to Maskew Studio using your Google account, Google authenticates your identity and shares your email address with us. This transfer is covered by Standard Contractual Clauses with the UK Addendum.

Google LLC — Gemini API

Purpose: AI-powered content idea generation within Maskew Studio. When you use the idea generator, the business context you have entered (a description of your business, audience, and the problem you solve) is sent to Google’s Gemini API to generate content ideas. No personally identifying information — name, email, or contact details — is included in these requests. Data is processed in the United States under Standard Contractual Clauses with the UK Addendum. Google’s use of this data is governed by their API terms of service.

Website Hosting Provider (currently Wix)

Purpose: Hosting our main website and contact forms. Our website is currently hosted on Wix. We intend to migrate to a new hosting provider (Framer) in the coming months, at which point this notice will be updated. Anonymised website statistics are collected. Transfers to the United States are covered by Standard Contractual Clauses.

Freelance editors, photographers, and designers

Purpose: Video editing, photo editing, audio post-production, and design. Based in the UK and EU, operating under non-disclosure agreements and data processing agreements where required. These contractors may incidentally access personal data contained in project assets such as footage or photographs.

Other Recipients

We may also share data with:

Insurance companies if we need to notify a claim
Professional or legal advisors under obligations of confidentiality
Regulatory authorities where required by law
Publicly on our website or social media, but only with your explicit written consent (for example, testimonials, case studies, or portfolio content)

8. Transferring Data Outside the UK

Some of our data processors are based outside the UK. Wherever this occurs we ensure appropriate safeguards are in place:

Ireland (Stripe, Supabase) — covered by the UK’s adequacy decision for the EEA
United States (Google LLC for Workspace, Analytics, OAuth, and Gemini API; Wix) — covered by Standard Contractual Clauses together with the UK Addendum to those clauses

To request a copy of the relevant safeguard for any transfer, contact us at hello@maskew.media.

9. How We Protect Your Data

We take the security of your personal data seriously. Measures include:

Maskew Studio accounts are protected by email-based magic link authentication and optionally Google OAuth — no passwords are stored
Access to Maskew Studio is by invitation only — we manually approve every user
All data in Maskew Studio is stored in encrypted cloud infrastructure (Supabase, EU region)
Row-level security ensures each user can only access their own data
Project files, video footage, photographic images, and audio recordings are stored in encrypted cloud drives with access restricted to senior staff and vetted subcontractors

Despite these measures, no system is completely secure. If you have concerns about the security of your data please contact us immediately at hello@maskew.media.

10. How to Complain

If you have concerns about how we use your personal data, please contact us first at hello@maskew.media. We will respond within one month.

If you remain unhappy after raising a complaint with us, you can complain to the Information Commissioner’s Office (ICO):

Website: ico.org.uk/make-a-complaint
Helpline: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF