Legal

Privacy Policy

Last updated: 7 May 2026

Zepi Media is a performance marketing agency for healthcare practices, headquartered in Dubai, UAE. We help dentists, aesthetic clinics, mental health practices, primary care, physical therapists, and veterinary clinics find new patients through paid ads and AI-driven lead qualification.

This policy explains what data we collect when you visit zepimedia.com or interact with us, why we collect it, and what choices you have about it. If anything here is unclear, email info@zepimedia.com and a real person will reply.

Who we are

Zepi Media (“Zepi Media”, “we”, “us”) is the data controller for personal data collected through this website and through our marketing services. Our office is in Dubai, United Arab Emirates. We work with healthcare practices in the UK, EU, US, and the Gulf region.

What we collect

  • Identifying information you give us — name, email, phone, practice name — when you submit a form, book a call, download our playbook, or message us through the chat widget.
  • Conversation content — questions and answers exchanged with our PiperHQ chat widget when you use it.
  • Booking details — date, time, and time zone of any call you schedule via Calendly.
  • Technical data — IP address, browser type, device type, referring URL, pages visited, time on page.
  • Marketing attribution — UTM parameters, click IDs, and the campaign that brought you to the site.

Why we collect it

  • To respond to your enquiries and deliver the marketing services you’ve asked us to provide.
  • To qualify and route inbound leads to the right person on our team.
  • To run, measure, and improve our advertising campaigns on Meta and Google.
  • To detect abuse and keep the site secure.
  • To comply with our legal, accounting, and tax obligations.

Lawful basis (UK / EU)

We rely on (a) your consent for analytics and advertising cookies, (b) the necessity of taking steps to enter into or perform a contract for everything in the lead and client lifecycle, and (c) our legitimate interest in growing the business and protecting the site for everything else.

Cookies and tracking

The site uses Google Tag Manager to load:

  • Google Analytics 4 — aggregate traffic measurement.
  • Meta Pixel — Meta Ads conversion tracking and audience building.
  • Google Ads tag — Google Ads conversion tracking.

You can refuse non-essential cookies through your browser settings, or use the opt-outs offered by Google and Meta directly. Refusing them won’t break the site.

Third-party processors

We share personal data with the following processors, each of whom processes it on our behalf under a written agreement:

HubSpot
CRM. Stores contact records, lead pipeline state, and email history.
PiperHQ
AI lead qualification chat widget. Receives chat conversation content.
Meta (Facebook)
Advertising platform. Receives hashed conversion events.
Google Ads
Advertising platform. Receives hashed conversion events.
Google Tag Manager / Google Analytics
Tag loading and traffic analytics.
Vercel
Hosting infrastructure. Processes traffic and request logs.
Calendly
Call booking. Stores booking details for scheduled calls.
Resend
Transactional email delivery. Processes outbound email metadata.

How long we keep your data

We keep contact records for 24 months after the last meaningful interaction — a form submission, an email reply, a booked call. Records of clients we’ve worked with are kept for 7 years after the engagement ends to satisfy commercial and tax records requirements. Aggregate analytics data is retained according to the defaults set by Google Analytics. You can ask us to delete your data sooner — see “Your rights” below.

International transfers

Personal data we collect may be processed in the United States (HubSpot, Meta, Google, PiperHQ, Vercel, Calendly, Resend), the European Union (Vercel edge regions), or the United Arab Emirates (our office). Where data is transferred out of the UK or EU, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or an adequacy decision where one applies.

Your rights — UK and EU (GDPR / UK GDPR)

You have the right to:

  • access the personal data we hold about you,
  • correct anything that’s wrong,
  • request that we delete it (“right to be forgotten”),
  • receive it in a portable format,
  • object to processing based on legitimate interest,
  • withdraw consent at any time,
  • complain to a supervisory authority (in the UK, the ICO).

To exercise any of these, email info@zepimedia.com. We’ll respond within 30 days.

Your rights — California (CCPA / CPRA)

California residents have the right to:

  • know what personal information we have collected and how it’s used,
  • request deletion of your personal information,
  • opt out of the “sale” or “sharing” of your personal information — we do not sell personal information; we do share advertising identifiers with Meta and Google for targeted advertising, which CPRA treats as “sharing”,
  • non-discrimination for exercising any of these rights.

To exercise these, email info@zepimedia.com.

Children’s privacy

The site is not directed at anyone under 16, and we do not knowingly collect personal data from children under 16. If you believe we’ve inadvertently collected such data, contact us and we’ll delete it.

Security

We use HTTPS across the site, store credentials in encrypted vaults, and grant data access only to team members who need it. No system is perfectly secure, but we treat your data the way we’d want ours treated.

Changes to this policy

We’ll update this page when our processing changes materially. The “Last updated” date at the top tracks the most recent change. Substantial changes will be flagged on the homepage or via email if we have one for you.

Contact

For privacy questions or to exercise any of the rights above:

Email: info@zepimedia.com
Post: Zepi Media, Dubai, United Arab Emirates