Privacy Policy

Your data, explained. Plain English.

We only collect what we need to run the business — no ad tracking, no data sales. This page sets out exactly what we hold, why we hold it, how long for, and the rights you have under UK GDPR.

Last updated: 14 April 2026

Who we are

PageLaunch (“we”, “us”, “our”) is a small web-design and website-hosting business based in Crawley, West Sussex, United Kingdom. We build and host affordable websites for small businesses across the UK. You can contact us at hello@pagelaunch.co.uk.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, PageLaunch is the data controller of the personal data described below.

What this policy covers

This privacy policy explains what personal data we collect when you use pagelaunch.co.uk or buy a website or hosting plan from us, why we collect it, what we do with it, who we share it with, how long we keep it, and what rights you have under UK law.

It does not cover third-party websites we link to. If you follow a link to another site, please read their own privacy policy.

What personal data we collect

We only collect what we need to run the business. In practice that is:

  • Enquiries: when you fill in the contact form or email us, we receive your name, email address, phone number (if you provide one), your message, and any files or images you attach.
  • Orders: when you buy a website package or hosting subscription, we receive your name, business name, email address, billing address, and the plan you have chosen. Payment card details are entered directly into Stripe and are never seen or stored by PageLaunch — we only receive a reference to the transaction and the last four digits of the card.
  • Hosting account: if we build and host your website, we hold the content you give us (text, images, logos, business information) and any domain records we manage on your behalf.
  • Email correspondence: messages you send us and our replies.
  • Website analytics (only with consent): if you accept the cookie banner, Google Analytics 4 records anonymised, aggregated information about how you use pagelaunch.co.uk — pages viewed, approximate UK region, device type and referrer. IP addresses are anonymised and we do not use analytics to identify individuals.
  • Server logs: our hosting provider automatically records standard technical information (IP address, timestamp, pages requested, browser user-agent) for security and abuse prevention. These logs are retained for a short period and not combined with other data to identify you.

We do not knowingly collect any special-category data (for example health, ethnicity, political opinions). Please don’t send us any, and if you do so accidentally we will delete it.

Why we collect it — and our lawful basis

Under UK GDPR we have to tell you the legal basis for each use of your data. Ours are:

  • To respond to enquiries (name, email, phone, message) — legitimate interests: answering people who contact us is essential to running the business.
  • To deliver services you’ve ordered (design, hosting, support, invoicing) — performance of a contract.
  • To take and refund payments via Stripe — performance of a contract, and legal obligation where we must keep invoices for HMRC.
  • To keep accounting records for the statutory period — legal obligation (UK tax law).
  • To send service emails about your account, renewal, uptime or billing — performance of a contract.
  • To send marketing emails (for example occasional tips or new-feature announcements) — only with your consent, which you can withdraw at any time via the unsubscribe link in every email.
  • Website analyticsconsent, collected through the cookie banner. Denied by default.
  • Preventing fraud and abuse (server logs, payment risk checks) — legitimate interests in protecting the business and our customers.

Who we share it with

We use a small set of reputable third-party service providers (“data processors”) to run the business. Each has its own privacy policy and, where applicable, we have a data-processing agreement in place.

  • Stripe Payments Europe, Ltd. — takes card payments and runs subscriptions. Stripe is a PCI-DSS Level 1 certified processor. See Stripe’s Privacy Policy.
  • Microsoft Azure (Azure Static Web Apps and Azure Functions) — hosts our website and our form-submission API. See Microsoft Privacy Statement.
  • Google (Google Analytics 4, Google Fonts, Google reCAPTCHA) — analytics (consent only), web fonts, and spam-protection on the contact form. See Google’s privacy policy.
  • Email delivery provider — we use a standard UK/EU email service to send and receive transactional and support email.
  • Domain and DNS registrars — where we register or manage a domain on your behalf, your registration details are shared with the relevant registrar as required by ICANN and Nominet rules.
  • Accountant and HMRC — limited invoice data is shared to meet statutory reporting obligations.

We never sell your data. We never share it with advertising networks or data brokers.

International transfers

Most of our processing happens in the UK or the European Economic Area. Some of our processors (notably Google and Stripe) may transfer data outside the UK/EEA. Where that happens, transfers are covered by the UK International Data Transfer Agreement, UK Addendum to the EU Standard Contractual Clauses, or an equivalent safeguard approved by the Information Commissioner’s Office (ICO).

How long we keep your data

  • Enquiries that don’t lead to a sale: up to 12 months, then deleted.
  • Customer records and project files: while you are a customer, plus up to 6 years after the end of the relationship (to cover statutory limitation periods).
  • Invoices, receipts and financial records: 6 years plus the current tax year, as required by HMRC.
  • Marketing-consent records: until you unsubscribe, plus a short period afterwards to prove we honoured your request.
  • Server logs: 30–90 days.
  • Website analytics: Google Analytics is configured with a 14-month retention window.

How we protect your data

Security is built in, not bolted on. Our site and form API run on Microsoft Azure with TLS encryption in transit. Card data is handled entirely by Stripe and never touches our servers. Administrative access is protected by multi-factor authentication. We keep software patched, use principle-of-least-privilege, and regularly review who has access to what.

Despite best efforts, no system is perfectly secure. If a data breach affects your rights we will notify the ICO within 72 hours, and contact you where the law requires.

Your rights under UK GDPR

You have the right to:

  • Ask for a copy of the personal data we hold about you (“subject access request”).
  • Have inaccurate data corrected.
  • Ask us to delete your data (“right to erasure”) where there is no overriding legal reason to keep it.
  • Restrict or object to certain types of processing, including direct marketing.
  • Withdraw consent for analytics or marketing at any time.
  • Ask for your data in a portable, machine-readable format.
  • Not be subject to automated decisions with legal or similarly significant effects (we do not make any such automated decisions).

To exercise any of these rights, email hello@pagelaunch.co.uk. We will respond within 30 days. There is no charge for a reasonable request.

Complaints

We’d always like the chance to put something right first — please contact us. But you also have the right to complain to the UK supervisory authority, the Information Commissioner’s Office, at ico.org.uk/make-a-complaint or by calling 0303 123 1113.

Cookies

For a separate, detailed breakdown of every cookie and tracker on this site, see our Cookie Policy.

Changes to this policy

If we make a material change to this policy, we’ll update the “Last updated” date at the top and, where the change affects how we use your data, we’ll let you know by email or a banner on the site.

Contact

Questions about your data or this policy? Email hello@pagelaunch.co.uk — we reply within two working days.