1. Who we are
This site and the Spotlight platform are operated by SkyHigh Creatives Ltd (“SkyHigh”, “we”, “us”), a company registered in England & Wales. We act as the data controller for personal data we collect from visitors to skyhighcreatives.com and from the people who use the Spotlight workspace as part of an active SkyHigh retainer.
Privacy queries: privacy@skyhighcreatives.com.
2. What we collect
Information you give us
- Account & profile: your name, work email, job title, and the workspace you belong to.
- Client content: brand assets, narratives, briefs, pitches, journalist contacts, coverage records, comments and any documents or media you upload.
- Communications: messages you send through the platform, replies you submit to journalist requests, support emails.
Information collected automatically
- Authentication state: a session cookie set when you log in.
- Service logs: request paths, status codes, timestamps and error traces, retained for security and operational debugging.
- Usage events: in-product actions (e.g. “pitch sent”, “coverage logged”) used to render dashboards, enforce per-tier quotas, and improve the product.
Information from public or third-party sources
To provide research and discovery features, we ingest publicly available information (journalist bylines, podcast episode metadata, news headlines, social posts) from public web sources and licensed data providers. Where this information identifies an individual (e.g. a journalist’s name and outlet), it is processed as part of our legitimate interest in helping clients reach the right reporters.
3. How we use your data
- Provide the service: render workspaces, run pitch and coverage workflows, generate AI drafts, surface relevant opportunities.
- Account administration: billing, contract management, support, security alerts.
- Service improvement: aggregated, de-identified analytics to understand which features get used.
- Legal compliance: to meet tax, accounting and statutory record-keeping obligations.
4. Lawful bases (UK GDPR / EU GDPR)
- Contract performance — to deliver the SkyHigh retainer or Spotlight subscription you have signed up to.
- Legitimate interest — to operate, secure and improve the platform; to identify journalists and outlets relevant to your stories.
- Legal obligation — for tax, fraud-prevention and statutory record-keeping.
- Consent — for any optional marketing email; you can withdraw consent at any time.
5. Subprocessors we share data with
We rely on a small number of trusted infrastructure partners to run the platform. Each is bound by a written data-processing agreement, and we describe their role here by category rather than by vendor name. A current list of named subprocessors is available on request from privacy@skyhighcreatives.com.
| Category | Purpose | Region |
|---|---|---|
| Cloud hosting | Running the application and serving it from edge locations | EU / US |
| Database & auth | Storing your workspace data, files and sign-in state | EU |
| AI processing | Generating drafts, scoring, transcription where used | EU / US |
| Transactional email | Account, security and pitch-related email delivery | EU / US |
| Payments | Subscription billing and (where applicable) creator payouts | EU / US |
| Public-web ingestion | Aggregating publicly available signals (news, social posts) | EU |
| Specialist data | Verified creator metrics, backlink & rank data, podcast catalogue lookups | EU / US |
We do not sell personal data and we do not share it with third parties for their own marketing purposes.
6. International transfers
Some subprocessors above are based outside the UK and EEA, principally in the United States. Where data is transferred internationally, we rely on the UK’s International Data Transfer Agreement and the European Commission’s Standard Contractual Clauses, with supplementary technical measures as appropriate.
7. How long we keep data
- Account data: for the life of your subscription, and 12 months after closure for accounting and dispute purposes.
- Workspace content: until you delete it, or until 30 days after subscription closure (whichever is earlier).
- Service logs: 30–90 days for security and operational diagnostics.
- Statutory records (invoices, tax): 6 years per UK HMRC requirements.
8. Your rights
Under the UK GDPR / DPA 2018 you have the right to access, rectify, erase, restrict or port your personal data, and to object to certain processing. To exercise any of these rights, email privacy@skyhighcreatives.com. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk).
9. Security
Spotlight runs on encrypted infrastructure (HTTPS in transit, AES-256 at rest), uses tenant-scoped database access, and audits sensitive admin actions. No system is ever fully impenetrable; if you become aware of a security issue please contact security@skyhighcreatives.com.
10. Cookies
We use a small number of strictly-necessary and functional cookies to keep you logged in and remember your preferences. See our Cookie Policy for the full list.
11. Changes to this policy
We will update this page when our practices change. Material changes will be flagged in-product and via email to active workspace owners.
12. Contact
SkyHigh Creatives Ltd
Email: privacy@skyhighcreatives.com
General enquiries: info@skyhighcreatives.com