Do you integrate with Fresha, Booksy, or Treatwell?

Yes — we can either replace them (you keep more of the booking fee and own the client list) or sit alongside them. Most of our clients move off the marketplace tools within a few months.

How long does setup take?

Most salons are live within five working days. We get a staging link to you on day two, you give feedback, we ship the changes, and it goes live by the end of the week.

Can clients book directly from Instagram?

Yes. Your booking link sits in your Instagram bio, in story-link stickers, and in any DMs. Clients tap, pick a service, pick a stylist, pick a slot — done. No app downloads.

What happens to my existing website?

If it's working, we migrate the parts that earn their keep — Google reviews, your domain, anything ranking in search. If it's not, we replace it. You never have two websites live at the same time.

Do you handle Google reviews and SEO?

Yes — review-request automation is included in every package, and on-page SEO (titles, headings, schema, internal linking, image alt text) is baked into every site. Ongoing SEO is included in the Grow and Full Digital Partner tiers.

Privacy Policy | Meridian Digital

Meridian Digital (“we”, “us”) is a digital agency based in Exeter, Devon. This policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it. If anything is unclear, email us at wandj@meridian-digital-partners.com.

1. Who is the data controller?

Meridian Digital, contactable at wandj@meridian-digital-partners.com. For UK GDPR and the Data Protection Act 2018, we are the controller of personal data described in this policy.

2. What data we collect

Contact & account data — name, email address, phone number, company name, and login credentials when you sign up to the Meridian dashboard or contact us through the website.
Lead data— when one of our client websites captures a form submission, we store the submitter’s name, email, phone number, and message on behalf of that client.
Usage data — pages visited, referrer, country (derived from IP), browser user-agent, and timestamps. We do not store full IP addresses.
Advertising & analytics data — when authorised by the account owner, we read campaign performance data (spend, impressions, clicks, conversions) from Meta Marketing API, Google Ads API, and Google Analytics 4. We do not write or modify ads without explicit authorisation.
OAuth tokens — when you connect a Meta, Google Ads, or Google Analytics account, we store the access and refresh tokens issued by those platforms so we can read campaign data on your behalf. Tokens are stored server-side with row-level access controls and are never exposed to other clients.

3. Why we use it (lawful basis)

Contract — we process account data, lead data, and connected-platform data to deliver the services you have engaged us for.
Legitimate interest — to monitor service health, detect abuse, improve the product, and respond to support enquiries.
Consent — for marketing emails (you can withdraw at any time) and for non-essential cookies.
Legal obligation — to keep records required by HMRC and applicable UK law.

4. Third parties we share data with

We use the following processors, each bound by data-processing agreements:

Supabase (US/EU) — hosts our Postgres database and authentication.
Vercel (US/EU) — hosts the website and dashboard.
Resend (US/EU) — sends transactional and lead-notification emails.
Meta Platforms Inc. — when you authorise a Meta Marketing API connection.
Google LLC — when you authorise Google Ads or Google Analytics connections.
Stripe (US) — only if and when we use it for billing.

We do not sell personal data and we do not share it with advertising networks.

5. International transfers

Some processors are located outside the UK and EEA. Where transfers occur, we rely on UK International Data Transfer Agreements and the EU Standard Contractual Clauses to provide an adequate level of protection.

6. Retention

Account data: retained while your account is active and for up to 6 years after closure for tax/legal records.
Lead data: retained until the client (lead owner) deletes it or terminates the engagement.
Pageview data: 24 months, after which it is aggregated and anonymised.
OAuth tokens: until you disconnect the integration, after which they are immediately deleted.

7. Your rights

Under UK GDPR you have the right to:

Access a copy of your personal data.
Correct inaccurate data.
Delete your data (see Data Deletion).
Restrict or object to processing.
Receive your data in a portable format.
Withdraw consent at any time where processing is based on consent.
Lodge a complaint with the UK Information Commissioner’s Office (ICO).

To exercise any of these rights, email wandj@meridian-digital-partners.com. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management, and (with your consent) analytics cookies to understand how the site is used. You can change cookie preferences via the banner at the bottom of any page or by clearing your browser cookies for this domain.

9. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Database access is gated by row-level security policies. Privileged operations require authenticated admin sessions. We follow industry standard practice for credential storage and rotation.

10. Children

Our services are intended for businesses. We do not knowingly collect data from anyone under the age of 16.

11. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated by email to active account holders.

12. Contact

Meridian Digital
Exeter, Devon
Email: wandj@meridian-digital-partners.com