Privacy Policy

1. Information We Collect

1.1 Information you provide directly

• Name, email address, telephone number, and company name
• Messages and project details submitted via contact forms
• Billing and payment information for service engagements
• Correspondence exchanged via email or other communication channels

1.2 Information collected automatically

• IP address, browser type, operating system, and device information
• Pages visited, time spent, referral source, and navigation paths
• Cookies and similar tracking technologies (see Section 5 below)

2. Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Contractual necessity: To perform a contract with you or take pre-contractual steps at your request (e.g., providing a quote, delivering Services).
• Legitimate interests: To operate, improve, and promote our business, website, and services, provided these interests do not override your rights.
• Consent: Where you have given explicit consent, for example by opting in to marketing communications. You may withdraw consent at any time.
• Legal obligation: To comply with applicable laws, regulations, or legal proceedings.

3. How We Use Your Information

We use the information we collect to:

• Respond to enquiries and provide quotations
• Deliver services and communicate project updates
• Process invoices and manage accounts
• Improve the functionality, security, and performance of the Site
• Send marketing communications where you have opted in (you may unsubscribe at any time)
• Comply with legal obligations and enforce our Terms of Service
• Analyse website usage to improve user experience

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share your data with trusted third-party service providers solely to the extent necessary to operate our business:

• Cloud infrastructure: Amazon Web Services (AWS) for hosting and data storage
• Analytics: Google Analytics or similar tools for website usage insights
• Payment processing: Stripe for secure payment handling
• Email services: Transactional and marketing email providers
• Professional advisors: Accountants and legal counsel as required

All third-party processors are contractually bound to process your data only on our instructions and in accordance with applicable data protection laws.

5. Cookies and Tracking Technologies

Our Site uses cookies and similar technologies to enhance your experience.

Types of cookies we use

• Strictly necessary: Required for the Site to function correctly. These cannot be disabled.
• Analytics: Help us understand how visitors interact with the Site, enabling us to improve performance and content.
• Functional: Remember your preferences and personalise your experience.

You can manage or disable cookies through your browser settings. Disabling certain cookies may affect the functionality of the Site.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom, including to cloud service providers located in the United States. Where such transfers occur, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) or adequacy decisions, to protect your data to the standard required by UK GDPR.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Typical retention periods include:

• Enquiry data: Deleted within 24 months if no engagement follows
• Client project data: Retained for 6 years after the end of the engagement (in line with HMRC requirements)
• Financial records: Retained for 6 years as required by UK tax legislation
• Marketing data: Until you unsubscribe or withdraw consent
• Analytics data: Anonymised and retained in aggregate form

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and secure development practices.

While we take all reasonable steps to protect your data, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data where there is no compelling reason for continued processing
• Right to restrict processing: Request that we limit processing of your data in certain circumstances
• Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes
• Rights relating to automated decision-making: Not be subject to decisions based solely on automated processing that produce legal effects

To exercise any of these rights, please contact us via our contact form. We will respond to your request within one month as required by law.

10. Children's Privacy

Our Site and Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

11. Links to Third-Party Websites

Our Site may contain links to external websites operated by third parties. We have no control over and accept no responsibility for the content, privacy policies, or practices of such websites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with the updated date. Where changes are significant, we will make reasonable efforts to notify you. Your continued use of the Site after changes are posted constitutes acceptance of the revised policy.

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK supervisory authority:

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at: