Privacy Policy

The short version

We collect the minimum data needed to design, build, and host your website. Your data is stored on infrastructure based in the UK or EEA. We don't sell it, don't share it with advertisers, and don't profile you. You can ask for a copy of everything we hold, or ask us to delete it, at any time.

The full policy below explains the detail required by UK GDPR. If anything is unclear, email contact@staieltd.co.uk and we'll explain it in plain English.

Staie Ltd ("we", "us", "our") is the data controller for the personal data described in this policy. We are a company registered in England and Wales, company number 17195211.

Contact for any privacy matter: contact@staieltd.co.uk.

We are not currently required to appoint a Data Protection Officer, but the founders are directly responsible for data protection and respond to all enquiries personally.

We collect data in three contexts:

2.1 When you become a customer

To accept your application, build your site, and bill you, we collect:

• Identity and contact data: your name, business name, email address, phone number, and address where provided.
• Onboarding content: the text, images, branding, and other materials you supply for your website.
• Payment data: card details are entered directly into our payment processor's secure form and are never stored on our systems. We retain only the last four digits, card type, and expiry date for billing reference.
• Communications: any emails, support messages, or notes from calls with you.

2.2 When someone visits a website we host for you

If your website collects data from your visitors (for example, through a contact form, sign-up form, or user registration), that data is processed on our hosting infrastructure on your behalf. You are the data controller for your visitors' data — we are the data processor. The technical safeguards described in this policy apply equally to that data, but the privacy notice your visitors see should be your own.

2.3 When you visit our website

We collect basic technical data automatically when you load our site: IP address, browser type, device type, the pages you visit, and the page you arrived from. This is used for security, error tracking, and understanding aggregate usage patterns.

We do not use your data for automated decision-making or profiling.

We use a small number of trusted suppliers to operate the service. Each is bound by GDPR-compliant data processing terms. The categories of supplier we work with include:

• Payment processing providers — to collect and manage subscription payments.
• Hosting and infrastructure providers — to store and serve your website.
• Email and communications providers — to send you transactional and support messages.
• Analytics and error monitoring providers — to keep our service stable and improve it.
• AI-assisted productivity tools — used to help draft, build, and deliver your website. We only use AI providers whose terms confirm they do not train their models on customer data.
• Professional advisers — such as accountants and legal advisers, where necessary.

The specific suppliers we use may change over time as our service evolves. A current list of named subprocessors is available on request by emailing contact@staieltd.co.uk.

Beyond these processors, we share data only where legally required (for example, in response to a valid court order or to comply with HMRC obligations), or in the unlikely event of a sale or restructuring of the business — in which case any acquirer would be bound by the same commitments. We do not sell your personal data to anyone.

Our hosting infrastructure is based in UK or EEA data centres, where UK GDPR equivalence applies. We choose providers that operate within these jurisdictions wherever practicable.

Where data does need to leave the UK/EEA (for example, certain payment processing or email routing), we rely on the UK government's adequacy regulations or the International Data Transfer Agreement / EU Standard Contractual Clauses, as appropriate.

• While you are an active customer: for the duration of your subscription.
• After you cancel: account data and website content are retained for 30 days to allow data export, then permanently deleted unless you request earlier deletion.
• Billing and tax records: kept for 6 years to comply with HMRC requirements, as required by UK law.
• Marketing consent records: kept for as long as the consent is active, plus 2 years for audit purposes.
• Anonymised analytics data: may be kept indefinitely, as it cannot be linked back to you.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct any data that is wrong or incomplete.
• Delete your data, subject to any legal retention obligations.
• Restrict or object to certain types of processing.
• Receive a copy of your data in a portable format.
• Withdraw consent for any processing based on consent (such as marketing) at any time.

To exercise any of these rights, email contact@staieltd.co.uk. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (the UK data protection regulator) if you believe we have mishandled your data. Their contact details are at ico.org.uk or 0303 123 1113.

Our own website uses only essential cookies required for the site to function and basic, privacy-respecting analytics that do not identify individual visitors. We do not use advertising cookies, retargeting pixels, or third-party advertising trackers on our marketing site.

The websites we build for our customers may use cookies depending on the customer's chosen functionality. Each customer is responsible for the cookie disclosure on their own site.

We protect your data using:

• HTTPS/SSL encryption on all websites and admin areas as standard.
• Encrypted backups taken daily.
• Access controls limiting who within Staie can view customer data.
• Card data handled exclusively by a PCI-DSS compliant payment processor — we never see or store full card numbers.

No system is completely secure, and we cannot guarantee absolute protection against every conceivable threat. If a breach occurs that affects your data, we will notify you and the ICO within 72 hours, as required by law.

Our services are intended for businesses, organisations, and adults aged 18 or over. We do not knowingly collect personal data from children under 16. If a website we host is intended to include users under 16, the customer operating that website is responsible for ensuring appropriate parental consent mechanisms are in place.

In the interest of being clear about commitments, not just obligations:

• We do not sell, rent, or trade your personal data to anyone.
• We do not share your data with advertising networks.
• We do not build profiles of you for marketing purposes.
• We do not use your website's content or visitor data to train AI models, and we only use AI tools whose providers contractually commit not to train on inputs.
• We do not access customer-hosted data except where necessary for support, billing, or legal compliance.

We may update this policy as our service evolves or as the law changes. Material changes will be notified by email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

For any questions, concerns, or requests relating to your personal data, contact us at contact@staieltd.co.uk.