Privacy notice

How we handle your data.

Plain English. No dark patterns. We collect the minimum we need, store it in the EU, and delete it when we're done with it.

Version 2 · Effective 24 May 2026

1. Who we are

MTMN Digital ("MTMN", "we", "us", "our") is the data controller for personal data submitted through mtmn.ie and its subdomains. We are an independent studio based in Co. Cork, Republic of Ireland.

Contact for data-protection matters: hello@mtmn.ie. Postal address available on request via the same email.

2. What we collect, why, and how long we keep it

Personal data we collect, why we collect it, the lawful basis for processing, and how long we retain it.
DataWhyLawful basisRetention
Name, email, phone, business type, the free-text "anything you'd like us to know" fieldTo respond to your booking request and prepare for the call you've bookedContract / pre-contractual measures (Art. 6(1)(b) GDPR)24 months from submission if you don't become a client; for the lifetime of the engagement plus 7 years for tax records (Revenue requirement) if you do
IP address and basic request metadata (timestamps, user agent)Security: rate-limiting, CAPTCHA verification, abuse detection, audit logLegitimate interest (Art. 6(1)(f)), running a service that isn't trivially abused≤ 12 months in audit log; ≤ 24 hours in rate-limit windows
Login email + password hash for staff portal usersOperating the staff dashboardContract / employmentFor the duration of the engagement; account deleted on departure
Google Ads conversion tracking (fires only on the booking-confirmation page, /booking-confirmed): your IP address, browser user-agent, the Google Ads click identifier (gclid) if you arrived from a Google ad, and the URL of the confirmation page are sent to Google. Cookies (_gcl_au, NID) are set in your browser to attribute the booking back to the originating ad clickTo measure which Google Ads spend actually results in booked consultations, so we can stop running ads that don't workConsent (Art. 6(1)(a) GDPR / Reg. 5(3) of the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011). The Google tag runs with Consent Mode v2 default-denied, no cookies are set and no identifiers are sent unless you acceptPer Google's published retention: click-identifier records up to 13 months; the _gcl_au cookie expires 90 days after your last interaction with the site. None of this is stored on MTMN's own servers

Other than the Google Ads conversion tracking described above – which fires only on the booking-confirmation page, and only if you consent – this site runs no analytics, no behavioural tracking, and no advertising pixels. We do not sell, rent, or trade personal data to anyone, ever.

3. Who else processes your data on our behalf

Personal data is stored and processed by the following sub-processors. All have been chosen because they are GDPR-compliant and host data inside the EU/EEA.

4. International transfers

Personal data submitted through the booking form is stored in the European Economic Area (Supabase EU-West) and is not transferred outside the EEA. The one exception is the Google Ads conversion-tracking data described in section 2, which is processed by Google LLC in the United States. That transfer relies on the EU-US Data Privacy Framework adequacy decision (Art. 45 GDPR, in force since July 2023), to which Google LLC is a certified participant. If we ever introduce another sub-processor outside the EEA we will rely on a Chapter V transfer mechanism (e.g. Standard Contractual Clauses) and update this notice.

5. Your rights

Under the GDPR you have the right to:

To exercise any of these rights, email hello@mtmn.ie. We will respond within one month and won't charge you for it.

Right to complain If you're unhappy with how we handle your data, you can lodge a complaint with the Irish Data Protection Commission at dataprotection.ie. We'd appreciate the chance to fix things first, but it's your right either way.

6. Security

Personal data is encrypted in transit (TLS 1.2+) and at rest (Supabase managed encryption). Access to the staff dashboard is protected by hashed passwords (PBKDF2 via werkzeug) and short-lived signed sessions. We rate-limit public endpoints, run CAPTCHA on form submissions, and write an audit log of staff access to records containing personal data.

7. Automated decision-making

None. No decision affecting you is made automatically by this website.

8. Changes to this notice

If we change this notice in any material way, we will publish a new version with an updated effective date and version number at the top of this page. The current version applies to all data we hold; older versions are archived for reference.

9. Contact

Questions, requests, or complaints – hello@mtmn.ie.