HomePrivacy Policy

Privacy Policy

Last updated: 16-12-2025

This Privacy Policy (“Policy“) explains how Panda Media Group Limited (“Forest Stump“, “we“, “us“, “our“, or “Company“) collects, processes, uses, and protects personal data when you use our website and platform at foreststump.io (the “Service“).

We are committed to protecting your privacy and being transparent about our data practices. Please read this Policy carefully.

1. Who We Are & Our Role

Company:

  • Panda Media Group Limited
  • Registered in England and Wales 
  • Email: hello@foreststump.io

Our Role: Forest Stump is an intermediary platform. We provide service businesses with access to GoHighLevel’s communication infrastructure, phone number management, and billing services.

  • We are the data controller for data you provide about your business (registration, billing, usage analytics)
  • Your customers’ personal data (their end-users) is controlled by GoHighLevel and/or you, the service business
  • We are not responsible for how you use the platform or their compliance with data protection laws

Legal Basis:

  • This Policy is compliant with the UK General Data Protection Regulation (UK GDPR), General Data Protection Regulation (GDPR), Data Protection Act 2018, Privacy and Electronic Communications Regulations (PECR), and equivalent laws in other jurisdictions.

2. What Data We Collect

2.1 Data You Provide Directly

Your Account Registration & Business Profile:

  • Full name and email address
  • Business name, business address, business type
  • Company registration number, tax ID
  • Phone numbers you purchase through us (for attribution and call tracking)
  • Payment information (name, billing address, card details—processed by payment processor)
  • Account preferences and settings

Communications & Support:

  • Messages you send us (emails, support tickets, chat)
  • Call recordings (if you contact us by phone)
  • Feedback, surveys, or complaints

2.2 Data Collected Automatically

Technical Data:

  • IP address and device information (type, operating system, browser)
  • Cookies and similar tracking technologies
  • Log files (pages visited, time spent, clicks, error logs)
  • Device identifiers and browser fingerprinting
  • Internet activity (referring website, pages accessed, duration)

Usage Analytics About Your Account:

  • Phone numbers assigned to your account
  • Call volume and SMS message volume sent through your numbers
  • Feature usage (which tools you use, frequency)
  • Login times and account activity
  • Account status and billing history

Location Data:

  • Approximate location based on IP address (not precise location)
  • Country or region of access

2.3 Data We Do NOT Collect or Control

Your End-Customer Data:

  • Names, phone numbers, email addresses of people you message or call
  • Message content or call recordings between you and your customers
  • Customer enquiries or responses
  • Website content or customer data you store in GoHighLevel

Important: This data is controlled by GoHighLevel (the underlying platform) and/or you (as the service business). Please refer to GoHighLevel’s Privacy Policy for how they process this data.

2.4 Data from Third Parties

Payment Processors:

  • Payment status, transaction history, billing information

GoHighLevel:

  • Phone number status and availability
  • Service usage data and integration status
  • API logs and system performance data

Analytics Providers:

  • Aggregated usage data and performance metrics

Law Enforcement & Regulators:

  • Data required by legal process or regulatory demand

3. Why We Collect Data (Legal Basis)

We process personal data based on the following legal grounds:

3.1 Contract Performance (GDPR Article 6(1)(b))

  • Processing your account information to provide the Service
  • Processing payment information to bill you
  • Processing customer data you input to enable messaging/calls
  • Maintaining your website and account

3.2 Legal Obligation (GDPR Article 6(1)(c))

  • Complying with tax and accounting requirements
  • Responding to legal process (warrants, subpoenas, court orders)
  • Complying with telecommunications regulations
  • Fraud prevention and AML (Anti-Money Laundering) requirements

3.3 Legitimate Interests (GDPR Article 6(1)(f))

  • Improving our Service and platform features
  • Detecting and preventing fraud, abuse, and misuse
  • Enforcing our Terms of Service
  • Security and system integrity
  • Customer support and troubleshooting
  • Analytics and performance monitoring
  • Marketing our Service (email newsletters, updates)

3.4 Consent (GDPR Article 6(1)(a))

  • Marketing emails (you can opt out anytime)
  • Optional analytics and tracking
  • Cookies beyond those strictly necessary

4. How We Use Your Data

4.1 Service Delivery

  • Creating and managing your account
  • Processing payments and billing
  • Providing customer support
  • Delivering messaging, calls, and communications features
  • Hosting and maintaining your website
  • Storing your data securely

4.2 Legal & Compliance

  • Complying with legal obligations and court orders
  • Investigating fraud, abuse, or violations of our Terms
  • Enforcing our Terms of Service
  • Protecting against legal liability
  • Meeting tax and accounting requirements
  • Complying with telecommunications regulations

4.3 Service Improvement

  • Analyzing how you use the Service
  • Identifying bugs and performance issues
  • Developing new features and improvements
  • Conducting user research (with consent)
  • A/B testing and optimization
  • Aggregating data for anonymized insights

4.4 Security & Fraud Prevention

  • Detecting unauthorized access and account abuse
  • Preventing spam, fraud, and misuse
  • Securing our infrastructure
  • Monitoring for suspicious activity
  • Complying with carrier and network security standards

4.5 Marketing & Communications

  • Sending you newsletters about our Service
  • Notifying you of updates, changes, or policy updates
  • Requesting feedback or conducting surveys
  • Promotional communications (you can opt out)
  • Account administration emails

4.6 Legitimate Business Interests

  • Understanding user behavior and trends
  • Optimizing our business operations
  • Protecting our reputation and brand
  • Defending against claims and legal action

5. Data Retention

5.1 Your Account Data

  • While active: Retained for the duration of your account
  • After termination: Deleted within 90 days unless:
    • Required by law (tax, accounting, legal hold)
    • Subject to an active dispute or legal claim
    • Needed for fraud prevention or security

5.2 Customer Data You Upload

  • Duration: Retained as long as necessary to provide the Service
  • After deletion: Permanently deleted from our systems
  • Backups: May be retained in backup systems for up to 30 days after deletion

5.3 Support Communications

  • Duration: Retained for 3 years for customer service and legal purposes
  • After 3 years: Deleted unless required by law

5.4 Technical Logs

  • Duration: Retained for 90 days for security and troubleshooting
  • After 90 days: Deleted or anonymized

5.5 Payment & Billing Records

  • Duration: Retained for 6 years to comply with UK tax law
  • After 6 years: Deleted unless required by law

5.6 Marketing & Analytics Data

  • Duration: Retained while you have an active account or have opted in
  • After opt-out: Deleted within 30 days

6. Data Sharing & Disclosure

6.1 We Do NOT Sell Your Data

Forest Stump does not sell, trade, or rent personal data to third parties for marketing purposes.

6.2 Data Processors (Third Parties)

We share data with trusted third-party service providers who process data on our behalf:

Service Purpose Location
Payment Processors (Stripe, etc.) Processing payments EU / US
Email Service Provider Sending newsletters and support emails EU / US
Cloud Hosting (AWS, etc.) Infrastructure and data storage EU / US / Global
Analytics Provider Website and platform analytics EU / US
SMS Carriers Delivering text messages Global
Call Carriers Delivering voice calls Global
Customer Support Tools Managing support tickets EU / US

All processors are contractually bound to protect your data and comply with GDPR and applicable laws.

6.3 Legally Required Disclosure

We may disclose your data if required by:

  • Court order or legal process (warrant, subpoena, government demand)
  • Law enforcement investigation
  • Regulatory authorities (ICO, FCA, FTC, etc.)
  • Prevention of fraud, abuse, or illegal activity
  • Protection of public safety or security

We will notify you of legal requests unless prohibited by law.

6.4 Business Transfers

If Forest Stump is acquired, merged, or assets sold:

  • Your data may be transferred as part of that transaction
  • We will notify you and provide choice if required by law
  • Your rights under this Policy will continue to apply

7. Your Rights Under GDPR & Data Protection Laws

7.1 Your Data Subject Rights

If you are in the UK, EU, or another GDPR-equivalent jurisdiction, you have the right to:

Right of Access (GDPR Article 15)

  • Request a copy of the personal data we hold about you
  • Request in writing; we’ll respond within 30 days

Right to Rectification (GDPR Article 16)

  • Correct inaccurate or incomplete data
  • Update your information anytime in your account settings

Right to Erasure (GDPR Article 17)

  • Request deletion of your data in certain circumstances
  • We will delete within 30 days unless legal obligations prevent it

Right to Restrict Processing (GDPR Article 18)

  • Request we stop using your data temporarily while a dispute is resolved

Right to Data Portability (GDPR Article 20)

  • Receive your data in a structured, machine-readable format
  • Transfer it to another service provider

Right to Object (GDPR Article 21)

  • Object to marketing emails—opt out anytime by clicking “unsubscribe”
  • Object to processing based on legitimate interests

Right to Automated Decision-Making (GDPR Article 22)

  • Not be subject to decisions based solely on automated processing
  • Request human review of automated decisions

Right to Lodge a Complaint

  • File a complaint with your national data protection authority:
    • UK: Information Commissioner’s Office (ICO) — ico.org.uk
    • EU: Your national Data Protection Authority
    • Australia: Office of the Australian Information Commissioner (OAIC)
    • Canada: Office of the Privacy Commissioner of Canada

7.2 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: [INSERT DATA PROTECTION CONTACT EMAIL]
Mail: [INSERT MAILING ADDRESS]
Online: [INSERT ONLINE FORM/PORTAL URL]

We will verify your identity and respond within 30 days (extendable to 60 days for complex requests).

8. International Data Transfers

8.1 Data Storage & Processing Locations

Your data is stored and processed in:

  • United Kingdom (primary storage)
  • European Union (backup and redundancy)
  • United States (third-party cloud providers)
  • Other jurisdictions as needed for service delivery

8.2 Transfers Outside the UK/EEA

If we transfer data outside the UK/EEA to jurisdictions without equivalent data protection (e.g., US):

  • We use Standard Contractual Clauses (SCCs) approved by regulators
  • We conduct Transfer Impact Assessments (TIAs)
  • We ensure equivalent safeguards are in place

You acknowledge that countries outside the EEA may have different privacy laws, and your data may be subject to foreign government access requests.

8.3 Your Consent to Transfers

By using Forest Stump, you consent to the transfer of your personal data outside the UK/EEA as necessary to provide the Service.

9. Cookies & Tracking Technologies

9.1 What Are Cookies?

Cookies are small files stored on your device that track your activity and preferences.

9.2 Types of Cookies We Use

Type Purpose Required?
Strictly Necessary Authentication, security, account functions Yes
Functional Remembering preferences, language settings No
Analytics Google Analytics, usage tracking No (consent required)
Marketing Tracking conversions, retargeting ads No (consent required)
Third-Party Social media pixels, external tracking No (consent required)

9.3 Cookie Consent

  • Strictly necessary cookies are used without consent
  • All other cookies require your consent before being set
  • You can withdraw consent anytime in your cookie settings or browser

9.4 How to Control Cookies

In Your Browser:

  • Most browsers allow you to disable cookies or delete them
  • You can set your browser to refuse all cookies (may affect Service functionality)
  • See your browser’s help menu for instructions

In Your Account:

  • Visit your account settings to manage cookie preferences
  • Opt out of analytics and marketing cookies

10. Children & Minors

Forest Stump is not intended for children under 18 years old. We do not knowingly collect data from minors.

If we discover we have collected data from a child under 18:

  • We will delete that data immediately
  • We will notify you of the deletion
  • Parents or guardians can contact us to request deletion

11. Data Security

11.1 Security Measures

We implement industry-standard security practices to protect your data:

  • Encryption: Data in transit (HTTPS/TLS) and at rest (AES-256)
  • Access Controls: Role-based access, password authentication
  • Infrastructure: Secure cloud hosting with firewalls and DDoS protection
  • Monitoring: Intrusion detection and continuous security monitoring
  • Backups: Automated daily backups with encryption
  • Incident Response: Documented breach response procedures
  • Staff Training: Data protection training for all employees

11.2 No Guarantee of Security

While we take security seriously, no system is completely secure. We cannot guarantee protection against all unauthorized access, hacking, or data loss. You use Forest Stump at your own risk.

11.3 Data Breach Notification

If we experience a data breach affecting your personal data:

  • We will notify you without undue delay (within 72 hours where required by law)
  • We will provide details of the breach, data affected, and mitigation steps
  • We will cooperate with regulatory authorities

12. Your Responsibilities as Data Controller

Important: When you use Forest Stump to collect and store customer data (names, emails, phone numbers), you become the data controller and are responsible for:

  • Obtaining proper consent before collecting customer data
  • Providing privacy notices to your customers
  • Complying with GDPR, PECR, CCPA, and other data protection laws
  • Responding to customer data requests
  • Ensuring you have lawful basis to process customer data
  • Implementing security measures for customer data
  • Reporting data breaches to your customers and regulators

Forest Stump is a data processor. We process data on your instructions. You are responsible for lawful use.

See our Terms of Service (Section 6) for the Data Processing Addendum.

13. Changes to This Privacy Policy

We may update this Policy to reflect:

  • Legal or regulatory changes
  • Changes to our data practices
  • Platform updates or new features
  • Clarifications or improvements

We will provide 30 days’ notice of material changes via:

  • Email notification
  • In-app notification
  • Updated publication on this page

Continued use of Forest Stump after changes take effect constitutes acceptance of the updated Policy. If you do not agree, you may cancel your account.

14. Contact Us

14.1 Data Protection Questions

For questions about this Policy, your data, or to exercise your rights:

Email: hello@foreststump.io

We will respond within 30 days.

14.2 Complaints

If you believe we have violated your privacy rights, you can:

  1. Contact us directly (see above)
  2. Lodge a complaint with your data protection authority:
    • UK: Information Commissioner’s Office (ico.org.uk)
    • EU: Your national Data Protection Authority
    • Australia: OAIC (oaic.gov.au)
    • Canada: Office of the Privacy Commissioner (priv.gc.ca)

15. Glossary

Data Controller: The organization that decides how and why personal data is processed (you, the business using Forest Stump)

Data Processor: The organization that processes data on behalf of the controller (Forest Stump)

Personal Data: Any information relating to an identified or identifiable natural person

Processing: Any action performed on personal data (collection, storage, use, deletion, etc.)

GDPR: General Data Protection Regulation (EU and UK data protection law)

Consent: Freely given, specific, informed, and unambiguous agreement to process data

Legitimate Interests: A legal basis for processing data when it serves the organization’s interests and doesn’t override individual rights

 

Book a call