1 . Overview
Sarmexa Limited (“Sarmexa”, “we”, “us” and “our”) is a company registered in the United Kingdom and operates worldwide as a managed service provider (MSP) and reseller of GoHighLevel’s marketing platform. We respect your privacy and are committed to protecting it through this Privacy Policy. This policy describes how we collect, use, disclose and protect your personal information when you use our websites, software platforms and any related services (collectively, the Services). By accessing or using the Services you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use the Services.

We act as a data controller when we determine the purposes and means of processing your personal information, such as when you create an account with us or communicate directly with us. We may also act as a data processor on behalf of our clients when they collect information from their own customers through our white‑labelled platform. When we process data on behalf of a client, that client is responsible for ensuring they have a lawful basis for the processing and for providing appropriate notices and consents to their customers.
2 . Information We Collect
We collect two broad categories of information, similar to HighLevel’s definitions of Personal Information and Non‑Personal Information:

-> Personal Information – data by which you may be personally identified, such as your name, postal address, e‑mail address, telephone number, employer or business, job title, payment information or other identifiers. We collect this information directly from you when you create an account, subscribe to a service, fill in forms, communicate with us, request support or otherwise provide it.
-> Non‑Personal Information – data that does not identify you by itself, such as IP address, browser type, device information, pages visited and usage statistics. If you merely browse our websites without actively providing information, we collect and store information about your visit that does not identify you personally. Non‑personal information may also include de‑identified or aggregated data derived from personal information.


We collect information:

1. Directly from you – when you register for an account, purchase services, subscribe to newsletters, participate in events or interact with us via e‑mail, phone or live chat. You may also submit personal data about other people; you are responsible for ensuring that you have their consent to do so.
2. Automatically – via cookies, pixels and similar technologies when you use our websites or platform. This includes log files, device identifiers, IP addresses and browser metadata. For more information see our Cookie Policy.
3. From third parties – such as payment processors, analytics providers, and our corporate affiliates. If you interact with our clients’ marketing funnels, appointment schedulers or websites that are powered by our platform, we may collect personal information on behalf of those clients. Our clients are responsible for notifying you and obtaining any necessary consents.
3 . How We Use Personal Information
We use personal information for the following purposes:

• Provide and improve the Services. We use your information to deliver the platform functionality, process transactions, administer accounts, provide customer support, personalise your experience, troubleshoot issues and develop new features. Some features may use artificial‑intelligence‑based tools to enhance performance, but we do not retain your personal information to develop or train generalised AI or machine‑learning models.

• Communications. We may send you service‑related messages (such as confirmations, invoices, security alerts, and support notifications) and marketing communications about our products, services or events. You may opt out of marketing emails at any time, though we may still send administrative messages.

• Analytics and research. We analyse usage of the Services to understand how our platform is used, to test, develop and improve features and to identify trends. We may aggregate or de-identify personal data for these purposes.

• Security and compliance. We use information to enforce our terms of service, prevent fraud, detect and mitigate malicious activity, and comply with legal obligations. This includes using your IP address to provide connectivity and security features.

• Legal and business purposes. We may process your information in connection with audits, regulatory requests, mergers, acquisitions or other corporate transactions. In the event of a merger or sale of assets, your information may be transferred as part of the transaction.
4 . Cookies and Similar Technologies
We use cookies, pixels and similar technologies to make our websites and platform function properly, remember your preferences, analyse usage and deliver relevant advertising. Cookies may be required for the site to operate and for security purposes. You can manage your cookie preferences through your browser settings or our cookie consent tool. For more information on the types of cookies we use and how to control them, please see our Cookie Policy.
5 . How We Protect Your Information
We implement reasonable and appropriate administrative, technical and organisational measures designed to protect personal information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include encryption, access controls, secure coding practices and regular security assessments. We require our vendors and sub‑processors to apply similar safeguards when they process personal information on our behalf. However, no system is completely secure. You are responsible for maintaining the confidentiality of your login credentials and implementing appropriate security measures when handling data within your own environment.
6 . Sharing Your Information
We share personal information only as described in this policy or with your consent:

• Service providers and sub‑processors. We may share information with vendors that provide services on our behalf, such as payment processors, hosting providers, email service providers, SMS carriers, analytics providers and our platform provider (HighLevel). These companies may use your information only as necessary to provide services to us.

• Clients and users. If you interact with one of our clients (for example, by booking an appointment through their marketing funnel), we will share your information with that client so they can manage their relationship with you. Clients are independently responsible for their own privacy obligations.

• Affiliates and business transfers. We may share information with our affiliates and in connection with a merger, sale, reorganisation or other corporate transaction. In such cases, the information would remain subject to this policy.

• Legal compliance and protection. We may disclose information if required to do so by law or in response to valid legal requests, such as subpoenas or court orders, or to protect our rights, property and safety or that of our clients or others.

We do not sell personal information to third parties for monetary consideration. We may, however, share de‑identified or aggregated data that does not identify individuals.
7 . International Transfers
Sarmexa is based in the United Kingdom and operates globally. We and our service providers may transfer personal information to countries outside the United Kingdom and the European Economic Area. When we transfer information internationally, we rely on appropriate safeguards such as standard contractual clauses, the Data Privacy Framework or other lawful transfer mechanisms. By using the Services you consent to the transfer of your information outside of your country of residence, including to the United States where HighLevel’s infrastructure is hosted.
8 . Your Rights
Your rights will depend on your location. Where applicable laws (such as the UK GDPR, EU GDPR or Swiss nFADP) apply, you may have the right to:

• Access – obtain confirmation of whether we hold personal information about you and request a copy of that information.

• Correction or deletion – ask us to correct inaccurate information or delete information where we have no lawful basis to continue processing it.

• Restriction or objection – object to certain processing or request that we restrict how your information is used.

• Portability – obtain a machine‑readable copy of your information and have it transferred to another controller.

• Withdraw consent – where we process information based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

Residents of some U.S. states and other jurisdictions may have additional rights, such as the right to opt out of certain data disclosures. To exercise your rights, please contact us using the details below. We will respond to requests as required by applicable law and may need to verify your identity. If you are not satisfied with our response, you have the right to lodge a complaint with your supervisory authority (e.g., the UK Information Commissioner’s Office).
9 . Children’s Privacy
Our Services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal information from children under the age of 16. If we discover that we have collected information from a child under 16, we will promptly delete it. If you believe we may have collected information from a child, please contact us.
10 . Third‑Party Links and Integrations
The Services may contain links to third‑party websites and allow integration with third‑party applications. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of every site you visit and service you use.
11 . Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will post the updated version on our website and indicate the date of the update. We encourage you to review this policy periodically. Your continued use of the Services after an update constitutes your acceptance of the updated policy.




12 . Contact Information
If you have any questions, concerns or would like to exercise your data‑protection rights, please contact us:

Sarmexa Limited
Registered Office: Off no.9, 7 Havelock Pl, Harrow, London, UK, HA1 1LJ
Email: support@sarmexa.com
Telephone: +44 7823853771

We will respond to your request as required under applicable law. If you are not satisfied with our response you may lodge a complaint with the Information Commissioner’s Office or your local data‑protection authority.