Last updated: February 2026
Who we are Shinimini Ltd is a private limited company registered in England and Wales (company number 15190504). Our registered office is at 167-169 Great Portland Street, 5th Floor, London, England, W1W 5PF.
We develop and provide SaaS tools, web portals, AI-powered automations, lead generation solutions, business development software, and consulting services to help businesses save time, generate leads, streamline operations, and increase revenue. Examples include tools under brands such as The Scaling Firm.
We act as the data controller for the personal data we collect and process in connection with our website(s), services, SaaS products, consultations, and marketing.
How to contact us Email: hello@shinimini.com or info@scalingfirm.com]
Post: Shinimini Ltd, 167-169 Great Portland Street, 5th Floor, London, W1W 5PF
You can also contact the UK Information Commissioner’s Office (ICO) if unsatisfied (ico.org.uk).
What personal data we collect We collect the following categories of personal data:
- Identity & contact data: name, job title, company name, email address, phone number, postal address.
- Business & professional data: company details, industry, business size, role/responsibilities, interests in SaaS/AI/automations/lead generation.
- Account & service usage data: username, password (hashed), subscription plan, login history, features used, API keys/tokens (where applicable), support tickets/chats.
- Billing & payment data: company billing details, payment references (we do not store full card details — processed via secure third-party providers).
- Marketing & communication data: preferences, consent records, email opens/clicks, webinar/event attendance, enquiry history.
- Technical & usage data: IP address, browser/device type, operating system, pages visited, time spent, referral source, cookies/analytics data (see Cookie Policy).
- Other: any information you provide in messages, forms, demos, consultations, feedback, or uploaded content (e.g. business requirements documents).
How we collect your data
- Directly from you — when you visit our website, sign up for trials/accounts, request demos/consultations, fill contact/enquiry forms, subscribe to newsletters, attend webinars, or communicate with us.
- Automatically — via cookies, server logs, analytics tools (e.g. Google Analytics), tracking pixels in emails.
- From third parties — business directories (for lead generation outreach — where lawful), partners/introducers (with consent or legitimate interest), public sources (LinkedIn/company websites).
Why we process your data & our lawful basis We process personal data for these purposes and under these UK GDPR lawful bases:
| Purpose | Lawful basis (UK GDPR Article 6) |
|---|---|
| To provide access to, manage, and support our SaaS products, web portals, automations, and consulting services | Performance of a contract (Art 6(1)(b)) or steps prior to entering a contract |
| To process subscriptions, invoices, payments, and refunds | Performance of a contract / legal obligation (Art 6(1)(c)) |
| To respond to enquiries, demos, support requests, and deliver consultations | Performance of a contract / steps prior to contract / legitimate interests (providing business services) |
| To send service-related communications (updates, feature announcements, support notices) | Performance of a contract / legitimate interests |
| Direct marketing (newsletters, product updates, offers about SaaS/AI/lead gen tools) | Consent (opt-in) — or legitimate interests (B2B soft opt-in where conditions met under PECR) |
| To improve our website, products, and services (analytics, user experience research) | Legitimate interests (developing and improving business offerings) |
| Fraud prevention, security, debugging, service integrity | Legitimate interests / legal obligation |
| Compliance with legal obligations (tax, accounting, disputes, regulatory requests) | Legal obligation |
We carry out legitimate interests assessments (LIA) where we rely on this basis to ensure our interests are balanced against your rights.
Who we share your data with We share data only where necessary and under strict controls:
- Cloud/SaaS infrastructure providers (e.g. hosting, database, email delivery — e.g. AWS, Google Cloud, SendGrid — all under data processing agreements).
- Payment processors (e.g. Stripe, GoCardless).
- Analytics & marketing tools (e.g. Google Analytics, HubSpot, LinkedIn Ads — pseudonymised where possible).
- Professional advisers (accountants, lawyers).
- Business partners/affiliates (only with your consent or as part of a contracted service).
- Regulators, authorities, or courts when legally required.
We do not sell personal data.
International transfers Some recipients are located outside the UK (e.g. US-based cloud providers). We ensure appropriate safeguards: UK International Data Transfer Agreement (IDTA), UK Addendum to EU SCCs, or reliance on UK adequacy regulations (where applicable). All transfers comply with UK GDPR Chapter V.
How long we keep your data We retain data only as long as necessary:
- Active customer / account data → duration of subscription + up to 90 days after termination (for reactivation/support).
- Trial / enquiry data (no contract) → 12 months.
- Marketing data → until you unsubscribe / object (or 2 years inactivity for legitimate interest outreach).
- Financial / tax records → 6–7 years (UK legal requirement).
- Logs / technical data → up to 2 years (security & improvement).
Thereafter, we securely delete or anonymise data.
Your rights under UK GDPR You have rights including:
- Access to your data
- Rectification of inaccurate data
- Erasure (in certain cases)
- Restriction of processing
- Data portability
- Objection (e.g. to marketing or legitimate interests processing)
- Withdraw consent (where we rely on it)
To exercise rights, email [your contact email]. We respond within one month (free unless manifestly unfounded/excessive).
Security We implement appropriate technical and organisational measures (encryption in transit/rest, access controls, regular testing, secure hosting) to protect data. No internet transmission is 100% secure.
Cookies & tracking Our websites use cookies and similar technologies for functionality, analytics, and marketing. See our separate Cookie Policy [link on site] for details and consent management.
Changes to this notice We may update this notice. Changes are posted here with the updated date. Significant changes may be notified via email or website notice.
Thank you for trusting Shinimini Ltd with your information. Contact us with any questions.