What we collect
We collect only what is needed to respond to enquiries and deliver projects:
- Project brief data — name, email, company, project category and details you submit through the wizard.
- Payment data — handled entirely by Stripe; we never see or store full card details.
- Technical data — IP address (used for currency detection via Cloudflare), browser type, and basic usage telemetry.
- Communication data — emails, messages, and call notes during a live engagement.
Lawful basis
Processing is based on (a) contract performance when delivering a project, (b) legitimate interest when responding to enquiries and improving the site, and (c) consent for any optional analytics or marketing.
How we use your data
- To respond to your project brief with a quote.
- To deliver the project you commissioned and communicate during it.
- To take and reconcile payments via Stripe.
- To meet legal, tax, and accounting obligations.
We do not use your data for advertising and do not sell or share your data with third parties for marketing purposes.
Sub-processors
The site relies on the following providers, each with their own privacy commitments:
- Cloudflare — hosting, edge caching, IP-based country detection.
- Supabase — submission storage and admin authentication.
- Stripe — payment processing for the priority deposit.
- Google Workspace — email correspondence.
Retention
Project briefs are kept for as long as needed to respond and (if the project goes ahead) for 7 years after the last invoice for tax and audit purposes. Payment records are kept for 7 years as required by UK law. Marketing-related data is deleted on request.
Your rights
Under UK GDPR you have the right to:
- Request a copy of your data.
- Ask us to correct inaccurate data.
- Ask us to delete your data, subject to legal retention obligations.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on it.
- Lodge a complaint with the UK Information Commissioner's Office (ICO).
To exercise any of these rights, email dequavious.dev@gmail.com. We respond within 30 days.
International transfers
Some sub-processors (Cloudflare, Stripe, Supabase) may process data outside the UK/EEA. We rely on the providers' Standard Contractual Clauses or equivalent safeguards in line with UK GDPR.
Security
Submissions are stored in Supabase with row-level security and encrypted in transit. Stripe handles all card data under PCI-DSS Level 1. Admin access is restricted to a single account secured with strong authentication.
Changes
Material changes to this policy will be posted here and dated. Substantial changes affecting active engagements will be communicated by email.