Legal

Privacy Policy

Last updated: 6 April 2026

1. Who we are

BuiltWeb ("we", "us", "our") is the data controller responsible for any personal data we collect about you when you use our website at builtweb.co.uk or purchase our services.

Address: 5 Claremont Road, Harrow HA3 7AU, United Kingdom
Email: admin@builtweb.co.uk
Phone: 07564 623326

This policy explains what personal data we collect, how we use it, who we share it with, how long we keep it and what your rights are under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What data we collect

We collect the following categories of personal data:

Account & profile data

  • Full name
  • Email address
  • Hashed password (we never see your password in plain text)
  • Business name and description
  • Industry and target audience
  • Phone number (if provided)

Project & service data

  • Quiz answers, project requirements and add-on configurations
  • Domain name and email setup preferences
  • Logo files, brand colours and design assets you upload
  • Content updates, change requests and notes
  • Messages exchanged with our team via the dashboard

Payment data

  • We do not store your card details. All payments are processed securely by Stripe (Stripe Payments UK Ltd). We only receive a token, your billing email, country, and a record of successful/failed payments.

Technical data

  • IP address
  • Browser type and device information
  • Pages visited and time spent on the site
  • Cookies and similar technologies (see section 6)

3. How we use your data

We use your personal data for the following purposes:

PurposeLawful basis
Creating and managing your accountContract
Delivering the services you have subscribed toContract
Processing payments and managing billingContract
Sending service notifications (welcome, payment failed, project updates)Contract / Legitimate interest
Responding to your messages and support enquiriesContract / Legitimate interest
Improving our services through analyticsLegitimate interest / Consent
Sending marketing emails about new features (only with consent)Consent
Fraud prevention and securityLegitimate interest / Legal obligation
Complying with legal obligations (e.g. tax records)Legal obligation

4. Who we share your data with

We never sell your data. We share data only with trusted service providers who help us run BuiltWeb:

  • Stripe — payment processing (PCI-DSS compliant)
  • Supabase — secure database and authentication hosting (EU region)
  • Resend — transactional and notification emails
  • Vercel — website hosting and CDN
  • Hostinger — email hosting for our business addresses

All of these providers are bound by data processing agreements and process your data only on our instructions in accordance with UK GDPR.

We may also disclose your data if required by law, court order, or to protect our rights, property or the safety of others.

5. International transfers

Some of our service providers (such as Stripe and Resend) process data in the United States or other countries outside the UK. Where this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions recognised by the UK Information Commissioner's Office (ICO).

6. Cookies

We use the following types of cookies:

Essential cookies (always on)

Required for the site to function — authentication, session management, security, cart state and consent preferences. These cannot be turned off.

Optional cookies (require consent)

Anonymous analytics that help us understand how visitors use the site so we can improve it. We will only use these if you give consent via the cookie banner. You can change your choice at any time by clearing your browser data and revisiting the site.

We do not use third-party advertising cookies.

7. How long we keep your data

  • Active subscribers: for as long as your subscription is active, plus the durations below.
  • Cancelled accounts: we keep your account and project data for 90 days after cancellation in case you want to reactivate. After that, project files are deleted.
  • Billing & tax records: we are legally required to retain financial records for 6 years after the end of the relevant tax year.
  • Email correspondence: kept for 2 years for support and legal purposes.

8. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal retention requirements
  • Right to restrict processing — ask us to stop processing your data in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests or for marketing purposes
  • Right to withdraw consent — where we rely on consent, you can withdraw it at any time
  • Right not to be subject to automated decision-making — we do not make decisions that significantly affect you using only automated processing

To exercise any of these rights, email us at admin@builtweb.co.uk. We will respond within one calendar month.

9. Complaints

If you are unhappy with how we have handled your personal data and we cannot resolve your concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Phone: 0303 123 1113
Website: ico.org.uk

10. Security

We take the security of your data seriously and use industry-standard measures including encryption in transit (TLS), encrypted database storage, secure authentication, regular backups and access controls. While we cannot guarantee absolute security, we follow best practices to protect your data from unauthorised access, loss or misuse.

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO without undue delay (within 72 hours where feasible).

11. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top of this page reflects the latest version. Material changes will be communicated to active subscribers by email.

13. Contact us

If you have any questions about this privacy policy or how we handle your data:

BuiltWeb
5 Claremont Road
Harrow HA3 7AU
United Kingdom

Email: admin@builtweb.co.uk
Phone: 07564 623326