Sitemate Studio
Legal

Privacy Policy

Last updated: 13 June 2026

Who we are

Sitemate Studio is a UK-based web design and systems business for local businesses.

Data controller for this website: Sitemate Studio

Email: hello@sitematestudio.com

Postal address: 1, 23, The Limes, 23 Station Rd, Stoke Mandeville, Aylesbury HP22 5TZ.

When Sitemate Studio builds or manages a client website that collects that client's customer data, the client is normally the data controller and Sitemate Studio acts as a data processor under a separate agreement.

What this policy covers

This policy explains how we handle personal data when you:

  • visit sitematestudio.com;
  • send an enquiry or contact form;
  • book or request a demo call;
  • become a client or potential client;
  • receive a business-to-business outreach message from us; or
  • interact with a website, demo, report, or proposal prepared by Sitemate Studio.

It does not replace the privacy policy of any client website we build. Client websites should have their own privacy policy.

Personal data we collect

We collect only what we need for normal business operations.

Enquiries and contact forms

If you contact us, we may collect:

  • your name;
  • business name;
  • email address;
  • phone number if you provide it;
  • website URL;
  • the content of your message; and
  • basic technical data needed to deliver the form safely.

Calls, proposals, and client work

If we discuss or provide services, we may collect:

  • business contact details;
  • project requirements;
  • website, hosting, domain, CMS, booking, and integration details;
  • proposal and contract records;
  • invoices, payment status, and accounting records;
  • support requests; and
  • messages, files, or assets you send to us.

Do not send passwords, payment card details, bank details, government ID documents, or sensitive customer records through general email or website forms.

Website analytics

We may collect website usage data such as:

  • pages viewed;
  • device and browser type;
  • approximate location at city or regional level;
  • referral source; and
  • interaction events.

Analytics cookies are optional and should only run if you accept them through the cookie banner.

Business prospecting

Sitemate Studio may research publicly available business information for business-to-business outreach and lead qualification. This may include:

  • business name;
  • public website URL;
  • public business contact details;
  • business location;
  • publicly visible website quality signals; and
  • notes about whether Sitemate Studio services may be relevant.

We do not buy consumer marketing lists, scrape private customer data, bypass logins, or collect sensitive personal data for prospecting.

Where we get personal data from

We may receive personal data:

  • directly from you when you contact us, book a call, send files, or become a client;
  • from your business website, Google Business Profile, public directories, public social media pages, Companies House, or other public business sources;
  • from someone in your organisation who introduces you or includes you in a project;
  • from referral partners or existing contacts, where they have a lawful reason to share your business contact details; and
  • from service providers that help run the website, forms, analytics, bookings, CRM, payments, or email delivery.

We do not knowingly collect private customer data from third-party websites during prospecting.

Social media and direct messages

If you contact us through LinkedIn, Instagram, Facebook, X, WhatsApp, or another third-party platform, that platform may also process your personal data under its own privacy policy.

We may keep a record of business messages where needed to respond, manage a lead, prepare a proposal, deliver a project, or maintain a business record.

AI-assisted drafting and research

We may use AI-assisted tools to summarise public business information, draft internal notes, prepare demo concepts, or draft outreach. A person remains responsible for deciding whether to use the output. We do not use AI to make solely automated decisions about individuals with legal or similarly significant effects.

If you do not provide personal data

You do not have to provide personal data to browse this website. If you do not provide details requested in a form, email, proposal process, or client onboarding process, we may not be able to respond, book a call, quote accurately, deliver a project, or provide support.

How we use personal data

  • Enquiry details — To respond to your message and discuss your project. Lawful basis: Legitimate interests.
  • Demo call details — To arrange and prepare for a call you requested. Lawful basis: Legitimate interests / steps before a contract.
  • Client contact and project data — To deliver agreed services and support. Lawful basis: Contract / legitimate interests.
  • Billing and accounting records — To invoice, receive payment, and keep tax records. Lawful basis: Contract / legal obligation.
  • Website analytics — To understand and improve the website. Lawful basis: Consent for analytics cookies; legitimate interests for aggregated analysis.
  • Cookie consent records — To remember and evidence your cookie choices. Lawful basis: Legal obligation / legitimate interests.
  • Public business prospect data — To assess potential business fit and send relevant B2B outreach. Lawful basis: Legitimate interests.
  • Security and spam-protection data — To protect the website and forms from abuse. Lawful basis: Legitimate interests.

We do not sell personal data. We do not use personal data for third-party advertising.

Marketing and outreach

If you ask to receive updates, we may contact you using the details you provide. You can unsubscribe or ask us to stop at any time.

For business-to-business outreach, we may contact publicly listed business addresses or business contacts where we believe the message is relevant to the business. Every outreach message should make it clear who we are and how to opt out.

Sole traders and some partnerships have stronger electronic marketing protections than limited companies. Where we contact a sole trader or individual business contact, we aim to do so only where we have consent, a relevant previous relationship, or another lawful route that applies. We keep suppression records where needed to avoid contacting people or businesses that have opted out.

Who we share personal data with

We use trusted service providers to run the website and the business. They process data only where needed to provide their service.

  • Vercel — Website hosting and deployment
  • Cloudflare — DNS, CDN, security, and Turnstile spam protection
  • Resend — Transactional email delivery
  • Google Analytics — Website analytics, where accepted
  • Google Search Console — Search performance reporting
  • CookieHub — Cookie consent management
  • Notion — Internal CRM and business records
  • Stripe — Card payment processing, if used
  • GoCardless — Direct debit payment processing, if used
  • Cal.com — Booking links or calendar scheduling, if used
  • Twilio — SMS notifications, if agreed for a client project
  • Neon / database hosting provider — Website or client-system database hosting, if used
  • n8n / automation hosting provider — Workflow automation, if used
  • Professional advisers — Accounting, legal, insurance, or compliance advice

Some providers may process data outside the UK. Where that happens, we rely on appropriate safeguards such as UK-approved transfer mechanisms, standard contractual clauses, adequacy regulations, or the provider's published data-transfer terms.

We may also disclose information if required by law, regulation, court order, or to protect our legal rights.

Links to other websites

This website may link to third-party websites, platforms, booking tools, payment pages, social media profiles, or client websites. This privacy policy only applies to Sitemate Studio's own website and business operations. Other websites and platforms have their own privacy policies.

Client customer data

For client websites, Sitemate Studio may process customer enquiries, booking details, form submissions, or notification data on behalf of the client. In that situation:

  • the client is normally the data controller;
  • Sitemate Studio is normally the processor;
  • processing should be covered by a written client agreement and data processing agreement;
  • we process the data only for the agreed client website/system purpose; and
  • we do not use client customer data for Sitemate Studio marketing.

How long we keep data

  • Unsuccessful enquiries — Up to 24 months after the last meaningful contact
  • Client records — For the client relationship, then up to 6 years for contract, tax, and legal records
  • Proposal and sales notes — Up to 24 months unless a client relationship begins
  • B2B prospecting notes — Up to 24 months unless you ask us to delete or suppress your details
  • Analytics data — Usually up to 14 months, depending on Google Analytics settings
  • Cookie consent records — For as long as needed to evidence consent choices
  • Client customer data processed for a client — As set out in the client agreement or data processing agreement

We may keep limited suppression records where needed to honour an opt-out request.

How we protect data

We use reasonable technical and organisational measures, including:

  • HTTPS on the website;
  • access controls for business systems;
  • spam and abuse protection on forms;
  • environment variables or secure systems for credentials;
  • limiting access to people and providers who need it; and
  • avoiding storage of passwords, payment card details, or unnecessary sensitive data in this repository.

No internet service can be guaranteed completely secure, but we take reasonable care to protect the data we handle.

Automated decisions and profiling

We do not use personal data to make solely automated decisions that have legal or similarly significant effects on individuals.

We may use analytics, CRM notes, lead scores, or AI-assisted summaries to prioritise business development and improve our services. These are internal business tools and do not make final decisions without human review.

Children

Sitemate Studio services are aimed at businesses, not children. We do not knowingly collect personal data from children through this website. If you believe a child has provided personal data to us, contact hello@sitematestudio.com and we will review it.

Your rights

Under UK data protection law, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • ask us to delete your data;
  • restrict how we use your data;
  • object to certain processing, including direct marketing;
  • receive a copy of data you provided in a portable format;
  • withdraw consent where we rely on consent; and
  • complain to the Information Commissioner's Office.

To exercise your rights, email hello@sitematestudio.com. We may need to verify your identity before responding.

We aim to respond within one month. If a request is complex, UK data protection law may allow more time.

Rights may be limited in some circumstances, for example where we need to keep records to comply with law, establish or defend legal claims, honour an opt-out, or protect another person's rights.

Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to fix it.

You can also complain to the Information Commissioner's Office:

Cookies

We use cookies and similar technologies. See the Cookie Policy for details.

Changes to this policy

We may update this policy as the website, services, providers, or legal requirements change. The latest version will be posted on this page with the updated date.

Contact

Questions about this policy: hello@sitematestudio.com