Legal

Privacy Policy

Last updated: 4 April 2026

armsbydigital.co.uk | jack@armsbydigital.co.uk

This Privacy Notice explains how ArmsbyDigital ('we', 'us', or 'our'), operated by Jack Armsby, collects, stores, uses, and protects your personal information when you use our website at https://armsbydigital.co.uk or engage with our services. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Questions or concerns? Contact us at jack@armsbydigital.co.uk.

Table of Contents

  1. What information do we collect?
  2. How do we process your information?
  3. What legal bases do we rely on?
  4. When and with whom do we share your information?
  5. Do we use cookies and tracking technologies?
  6. How long do we keep your information?
  7. How do we keep your information safe?
  8. Do we collect information from minors?
  9. What are your privacy rights?
  10. Do we make updates to this notice?
  11. How can you contact us?
  12. How can you review, update, or delete your data?

1. What Information Do We Collect?

Information you provide to us

We collect personal information that you voluntarily provide when you fill out our intake form, register for an account, make a purchase, or otherwise contact us. This may include:

  • Name (first and last)
  • Email address
  • Phone number
  • Business name, trade, and address
  • Postcode and location information
  • Company registration number and VAT number (if applicable)
  • Account password (stored securely, never in plain text)
  • Design and style preferences
  • Business information including services, work types, and USP
  • Social media links and Google Reviews links
  • Referral codes

Information collected automatically

When you visit our website, we may automatically collect certain technical information, including:

  • Browser type and version
  • Pages visited and time spent on the site
  • Referring URLs
  • Device and operating system information
  • IP address (via Google Analytics — see Section 5)

We do not process sensitive personal information (such as racial or ethnic origin, health data, or political opinions).

2. How Do We Process Your Information?

We process your information to:

  • Create and manage your client account
  • Build and deliver your website and associated services
  • Process your payments via Stripe
  • Send you service-related communications (e.g. account setup emails, invoice receipts, build updates)
  • Enable trade network connections between clients
  • Manage referral rewards
  • Respond to your support requests or enquiries
  • Comply with our legal obligations
  • Improve and administer our services

3. What Legal Bases Do We Rely On?

Under UK GDPR, we rely on the following legal bases to process your personal information:

  • Contract performance — processing your information is necessary to deliver the services you've purchased (website build, hosting, network access).
  • Legitimate interests — to operate and improve our business, prevent fraud, and communicate relevant service updates to clients.
  • Legal obligation — where we are required to retain or process data to comply with UK law (e.g. financial records).
  • Consent — where you have opted in to specific communications or features, such as joining the trade network.

You can withdraw consent at any time by contacting us at jack@armsbydigital.co.uk. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

4. When and With Whom Do We Share Your Information?

We do not sell your personal data. We share information only where necessary with the following third-party service providers:

  • Supabase — our database and authentication provider. Your account data and client information is stored securely in Supabase's infrastructure.
  • Stripe — our payment processor. Stripe handles all payment transactions. We do not store your full card details. Stripe's privacy policy applies to payment data.
  • Make.com — our automation platform. Used to send automated emails (account setup, payment confirmations, network notifications). Email content may include your name and relevant account details.
  • Google Analytics — used to understand website traffic and usage patterns. Data is anonymised and aggregated. See Section 5 for more detail.
  • Calendly — used for consultation booking. When you book a consultation, your name and email are passed to Calendly to pre-fill the booking form.

All third-party providers are required to handle your data securely and only for the purposes we specify. We do not share your data with any other third parties without your explicit consent, except where required by law.

5. Do We Use Cookies and Tracking Technologies?

Yes. We use cookies and similar tracking technologies on our website for the following purposes:

  • Essential cookies — required for the site to function, including authentication sessions (managed by Supabase).
  • Analytics cookies — Google Analytics (GA4) uses cookies to collect anonymised data about how visitors use our site. This helps us improve the experience. Google Analytics may process data outside the UK/EEA; Google applies Standard Contractual Clauses to such transfers.

You can control or disable cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the site. Our cookie banner allows you to manage your preferences.

6. How Long Do We Keep Your Information?

We keep your personal information only for as long as necessary for the purposes outlined in this policy, or as required by law. Specifically:

  • Active clients — your data is retained for the duration of your subscription plus any required legal retention period.
  • Cancelled accounts — as stated in our Terms of Service, all account data is permanently deleted from our systems within 96 hours of cancellation confirmation.
  • Financial records — payment records may be retained for up to 7 years to comply with HMRC requirements, even after cancellation.
  • Intake form submissions without payment — retained for up to 12 months, after which they are deleted.

When your data is no longer needed, it is securely deleted from our systems.

7. How Do We Keep Your Information Safe?

We implement appropriate technical and organisational measures to protect your personal information, including:

  • All data stored in Supabase with Row Level Security (RLS) policies
  • HTTPS encryption across the entire website
  • Passwords hashed and never stored in plain text
  • Access to client data restricted to authorised personnel only
  • Secure API key management — admin operations use elevated service-role keys, never exposed to the client

However, no method of transmission over the internet or electronic storage is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. In the event of a data breach, we will notify affected individuals and the ICO as required by UK GDPR.

8. Do We Collect Information From Minors?

No. Our services are intended exclusively for trade business owners and are not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly.

9. What Are Your Privacy Rights?

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your data ('right to be forgotten'), subject to legal retention requirements.
  • Right to restrict processing — request that we limit how we use your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at jack@armsbydigital.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the UK's data protection regulator, the Information Commissioner's Office (ICO), at ico.org.uk.

10. Do We Make Updates to This Notice?

We may update this Privacy Notice from time to time. The 'Last updated' date at the top of this page will reflect any changes. If we make material changes, we will notify active clients by email at least 14 days before the changes take effect. We encourage you to review this notice periodically.

11. How Can You Contact Us?

If you have questions, concerns, or requests regarding this Privacy Notice or your personal data, contact us at:

12. How Can You Review, Update, or Delete Your Data?

You can review and update certain information directly through your client portal. To request full access to, correction of, or deletion of your personal data, contact us at jack@armsbydigital.co.uk. We will process your request in accordance with UK GDPR and respond within 30 days.