Skip to content
Get Started

Legal

Privacy policy.

We collect as little as we need and we tell you exactly what we do with it. Plain English, no legal jargon.

Last updated: 20 May 2026

1. Who we are

The Fresh Site is a sole-trader web design studio based in Paignton, Devon (TQ3). For any questions about this policy or your data, email hello@thefreshsite.com.

For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller for any personal data you share with us through this website.

2. What data we collect

We only collect what we need to do our job:

  • Via the contact form — your name, business name (optional), email address, phone number, current website URL (optional), the service you're interested in, your message, and how you heard about us.
  • Via Stripe payment links — your card details are handled entirely by Stripe. We never see or store them. We do receive your name, email and billing address for accounting purposes after a successful payment.
  • During project delivery — anything you choose to share with us (brand assets, copy, photos, login details for existing services, etc.) to do the work you've hired us for.
  • Standard server logs — kept by our hosting provider and used for security and debugging.

3. How we use it

We use your personal data to:

  • Reply to your enquiry or quote request
  • Deliver the website, branding or ad work you've purchased
  • Send project updates, drafts for review, and invoices
  • Respond to support requests after launch
  • Keep records HMRC requires us to keep for tax purposes

We do not sell your data, use it for advertising, share it with marketing companies, or train AI models on it.

4. Our lawful basis

Under UK GDPR, we rely on one of three lawful bases for processing your data:

  • Consent — when you submit our contact form, you're giving us permission to reply.
  • Contract — once you've paid for a package, we need your data to deliver it.
  • Legitimate interest — limited use for business administration (invoicing, fraud prevention, replying to client enquiries about existing projects).

5. Who we share it with

We use a small number of trusted third-party services to run our business:

  • Our hosting provider — hosts this website and processes contact form submissions on our behalf. US-based. Transfers safeguarded under UK Standard Contractual Clauses.
  • Stripe — handles all payments. Card data goes directly to Stripe, never through us. Their privacy policy applies to anything you enter on their checkout pages.
  • Google LLC — supplies the typefaces used on this site (briefly receives your IP to deliver them). May also supply Google Analytics, where you've given consent (see section 7).
  • Meta Platforms Ireland Ltd — supplies the Facebook Pixel for advertising measurement, where you've given consent (see section 7).
  • Our email provider — when you email us at hello@thefreshsite.com or we reply.

We never share your data with advertising networks, marketing companies, data brokers or anyone outside what's listed above.

6. How long we keep it

  • Enquiry-only data (you contacted us but didn't become a client) — kept for up to 24 months from your last contact, then deleted.
  • Client records — kept for 6 years after the end of your project, to meet HMRC tax record-keeping requirements.
  • Spam form submissions — deleted on sight.

7. Cookies, storage and analytics

Essential, always on

  • Browser sessionStorage is used by the exit-intent pop-up to remember it's already been shown to you this session. This data stays on your device and is deleted when you close the tab.
  • Browser localStorage is used to remember if you've dismissed our privacy notice banner. Stays on your device, never sent to us.
  • Essential cookies may be set by our hosting provider for security (anti-fraud, bot protection).
  • Stripe sets its own cookies on its own domain if you click through to a Stripe checkout page. Their privacy policy applies there.

Analytics and advertising — consent required

The tools below help us understand what's working on the site and measure the effectiveness of any advertising we run. They only load after you've given consent through our cookie banner. Until you opt in, neither tool is active and no data is sent.

  • Google Analytics (Google LLC) — anonymous statistics about which pages people visit, how they arrived, and the kind of device they're using. Sets cookies in your browser when active.
  • Facebook Pixel (Meta Platforms Ireland Ltd) — measures whether visitors who click our Facebook or Instagram ads then take an action on this site. Sets cookies in your browser when active.

You can revoke consent at any time by clearing cookies for this site from your browser settings, or by reaching out to us.

8. Your rights under UK GDPR

You have the right to:

  • Access — request a copy of the data we hold on you
  • Rectification — ask us to correct anything inaccurate
  • Erasure — ask us to delete your data ("right to be forgotten")
  • Restriction — ask us to pause using your data while we sort an issue
  • Portability — receive your data in a portable format to take elsewhere
  • Objection — opt out of any processing based on legitimate interest
  • Withdraw consent — at any time, for any consent-based processing
  • Complain to the ICO — the UK's data protection regulator, at ico.org.uk or 0303 123 1113. We'd appreciate the chance to put it right first though — email us before you go to the ICO.

To exercise any of these rights, email hello@thefreshsite.com with "Data Request" in the subject line. We'll respond within 30 days, as required by UK GDPR.

9. Security

This site is served exclusively over HTTPS. Form submissions are encrypted in transit. Payments are handled by Stripe (PCI-DSS Level 1 certified). Our hosting provider holds SOC 2 Type II certification and ISO 27001 compliance.

That said, no system is 100% secure. If we ever became aware of a data breach affecting your personal data, we would notify you and the ICO within 72 hours where required by law.

10. International data transfers

Some of our third-party processors (our hosting provider, Stripe, Google, Meta) are based outside the UK — primarily in the United States or the European Union. Transfers are safeguarded under UK Standard Contractual Clauses or relevant adequacy decisions published by the UK government.

11. Children

Our services are aimed at UK businesses, not individuals under 18. We don't knowingly collect personal data from children. If you believe a child has shared data with us, email us and we'll delete it.

12. Updates to this policy

We may update this policy occasionally — for example, if we change a hosting provider or add a new service. We'll always update the "Last updated" date at the top. For material changes that affect how we use your existing data, we'll email you where possible.

13. Contact us

Privacy or data-protection questions: hello@thefreshsite.com. Postal address available on request — we're a home-based studio and don't share the exact address publicly for security reasons.