BuzzAgent

Turn happy customers into Google reviews

  • Pricing
  • About
  • Legal
  • Contact

© BuzzAgent Ltd

Registered in England and Wales (No. 16562822) · 86-90 Paul Street, London, EC2A 4NE, United Kingdom
built by Lumman

© 2026 BuzzAgent Ltd

Back to Legal

Privacy Policy

How BuzzAgent handles personal data for our website, Merchants, and their customers, and the rights you have.

Updated 30 Jun 2026

Privacy Policy

BuzzAgent Ltd

Last updated: 30 June 2026

1. Who we are

BuzzAgent Ltd ("BuzzAgent", "we", "us", "our") is a company registered in England and Wales under company number 16562822, with its registered office at 86-90 Paul Street, London, EC2A 4NE, United Kingdom.

We provide tools that help local businesses ("Merchants") collect genuine customer reviews and stay in contact with their customers through WhatsApp. This Policy explains what personal data we handle, how we use it, and the rights you have.

If you have any questions about this Policy or how we handle personal data, contact us at [email protected].

2. Scope of this Policy

This Policy applies to:

  • Visitors to our website at buzzagent.co.
  • Merchants who create an account, buy a BuzzPad, or subscribe to our services.
  • Customers of Merchants ("End Customers") whose personal data is processed when they interact with a Merchant through BuzzAgent's tools, including over WhatsApp.

The way we handle personal data, and our legal role, depends on which of these you are. Section 4 explains the difference.

3. A note on how the service works

BuzzAgent is a channel and a toolkit. When an End Customer scans a Merchant's BuzzPad, a WhatsApp conversation opens with that Merchant, sent from the Merchant's own WhatsApp number and in the Merchant's name. The Merchant decides who to contact and what to say. BuzzAgent provides the underlying automation, the review link, and the analytics, but the relationship is between the Merchant and their Customer.

4. Our role: controller and processor

Under the UK GDPR there is a difference between a "controller" (who decides why and how personal data is used) and a "processor" (who acts on a controller's instructions).

We are a controller for:

  • personal data of website visitors and Merchants;
  • account, billing and support data;
  • aggregated and operational data we use to secure, run and improve our services.

We are a processor acting on each Merchant's instructions for:

  • the personal data of that Merchant's End Customers that we handle so the Merchant can collect reviews and message customers, including phone numbers, message content, opt-in records and interaction events.

For that End Customer data, the Merchant is the controller. The Merchant is responsible for having a lawful basis to contact its customers and for telling its customers how their data is used. Our handling of that data for Merchants is governed by our Data Processing Agreement (see Section 12).

5. Personal data we collect

5.1 Website visitors

  • Technical data such as IP address, browser type, device information and pages viewed.
  • Cookie and similar identifiers (see Section 13).

5.2 Merchants

  • Identity and contact data: name, business name, email address, phone number, business address.
  • Account data: login credentials, settings, and the WhatsApp Business and Google Business Profile details you connect.
  • Billing data: payment records and transaction history. Card details are handled directly by our payment providers and are not stored by us.
  • Usage data: how you use the dashboard, scans by location and time, conversion metrics, and support correspondence.

5.3 End Customers (handled on behalf of Merchants)

  • Contact data: the WhatsApp phone number used to message the Merchant.
  • Message content: messages exchanged between the Customer and the Merchant through the service.
  • Interaction data: scan events, whether a review link was opened, reminders sent, and opt-out signals.

We do not seek to collect special category data (such as health, religion or political views), and we ask Merchants not to use the service to process it.

6. Where the data comes from

We receive personal data:

  • directly from you, when you visit our site, create an account, buy a BuzzPad or contact us;
  • from End Customers, when they message a Merchant through the service;
  • from the WhatsApp Cloud API operated by Meta, which carries messages between Merchants and their Customers;
  • from service providers that help us run the platform, such as payment, hosting and analytics providers.

7. How and why we use personal data, and our legal bases

  • Provide the website and respond to enquiries - visitor and contact data. Legal basis: legitimate interests.
  • Create and manage Merchant accounts - Merchant identity and account data. Legal basis: contract.
  • Deliver BuzzPads and provide the services - Merchant and usage data. Legal basis: contract.
  • Process payments and prevent fraud - billing data. Legal basis: contract; legal obligation; legitimate interests.
  • Enable review collection and customer messaging - End Customer data (as processor for the Merchant). Legal basis: the Merchant's lawful basis.
  • Provide analytics and reporting to Merchants - usage and interaction data. Legal basis: legitimate interests; contract.
  • Secure, maintain and improve our services - most categories. Legal basis: legitimate interests.
  • Send service and account communications - Merchant contact data. Legal basis: contract; legitimate interests.
  • Send marketing about our own products to Merchants - Merchant contact data. Legal basis: consent or legitimate interests, with opt-out.
  • Comply with law and handle disputes - data as needed. Legal basis: legal obligation; legitimate interests.

Where we rely on legitimate interests, we have weighed those interests against your rights, and you can ask us about that assessment at any time.

8. WhatsApp, Meta and Google

The service operates over the WhatsApp Cloud API provided by Meta Platforms Ireland Limited. When messages are sent or received through the service, they pass through Meta's systems and are also subject to Meta's and WhatsApp's own terms and privacy policies. We are not responsible for how Meta processes data under its own policies. You can read more in the WhatsApp Privacy Policy.

Review links direct End Customers to the Merchant's profile on Google. Once a Customer reaches Google, their use of Google's services is governed by Google's own terms and privacy policy.

We do not sell personal data to anyone, and we do not use personal data obtained through the WhatsApp Cloud API for any purpose other than providing the service, consistent with Meta's platform policies. If you want data we hold from the WhatsApp Cloud API deleted, see Section 15.

9. Who we share personal data with

We share personal data only as needed to run the service:

  • Service providers (sub-processors) that host, secure and operate the platform, process payments, and send notifications on our behalf. These act under contract and only on our instructions.
  • Meta, to the extent necessary to send and receive messages through the WhatsApp Cloud API.
  • Merchants, who receive the data of their own Customers.
  • Professional advisers, auditors, and authorities, where required by law or to protect our rights.
  • A buyer or successor, in connection with a merger, acquisition or reorganisation, subject to this Policy.

A current list of our sub-processors is published at buzzagent.co/legal/sub-processors and is also available on request at [email protected].

10. International transfers

Some of our service providers are located outside the United Kingdom, including in the United States. Where we transfer personal data outside the UK, we rely on an adequacy decision, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, together with appropriate safeguards. You can ask us for details of the safeguards we use.

11. How long we keep personal data

We keep personal data only as long as necessary for the purposes set out in this Policy:

  • Merchant account data: for the life of the account and up to 7 years afterwards, to meet legal, tax and accounting obligations.
  • End Customer data handled for Merchants: for as long as the Merchant instructs, and deleted or returned on termination in line with our Data Processing Agreement.
  • Website and analytics data: typically up to 26 months.

When personal data is no longer needed, we delete or anonymise it.

12. Data Processing Agreement

Where we act as a processor for a Merchant, our processing is governed by a Data Processing Agreement that forms part of our Terms of Use. It sets out the subject matter, duration, nature and purpose of processing, the types of data and categories of data subjects, and the security measures and sub-processing terms that apply.

13. Cookies and similar technologies

We keep cookies to a minimum. Our website uses only strictly necessary cookies - the ones that let you sign in, keep your session secure, and load pages reliably. These are exempt from consent under the Privacy and Electronic Communications Regulations (PECR), so we do not show a cookie banner.

We measure website traffic with privacy-friendly, cookieless analytics that report aggregate figures such as page views and load times. We do not track you across sites, build an advertising profile, or use advertising or marketing cookies, and we do not sell or share analytics data for advertising.

14. How we protect personal data

We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, least-privilege access, logging, and vetting of our service providers. No system is completely secure, but we work to protect personal data and to notify the relevant people and the regulator where the law requires it.

15. Your rights

Subject to the conditions in the UK GDPR, you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have data erased in certain circumstances;
  • restrict or object to certain processing;
  • data portability;
  • withdraw consent at any time, without affecting earlier processing;
  • not be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

To exercise your rights, contact [email protected]. If your data was handled by a Merchant using our service (for example, you received a message from a business), the Merchant is the controller and you may need to contact them directly; we will help where we can.

WhatsApp data deletion. If you messaged a Merchant through WhatsApp and want any data we hold about you removed, you can ask that Merchant directly or email us at [email protected], and we will action the request or pass it on. Where a deletion is started through WhatsApp, we provide a status page at buzzagent.co/legal/whatsapp-data-deletion where you can confirm the outcome using the code in your confirmation message.

You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113. We would welcome the chance to address your concerns first.

16. Children

Our services are intended for businesses and are not directed at children. We do not knowingly collect personal data from children under 16.

17. Changes to this Policy

We may update this Policy from time to time. We will post the updated version here and change the "Last updated" date. Where changes are significant, we will take reasonable steps to notify Merchants.

18. Contact

BuzzAgent Ltd 86-90 Paul Street, London, EC2A 4NE, United Kingdom Email: [email protected]

Skip to content
BuzzAgent
BuzzAgent
PricingStart collecting reviews