Privacy policy, Devonic Web

1. Information we collect

We collect the personal data you provide directly when you contact us, request an audit, or subscribe to our newsletter, typically your name, email address, company name, and any project details you share. We also collect basic technical data from your browser (IP address, user agent, referring URL) via privacy-respecting analytics (Plausible or Vercel Analytics, no cookies, no fingerprinting).

2. How we use your information

To respond to your enquiry, deliver any service you've requested, send you the content you've subscribed to, and improve our website. We never sell your data. We never share it with third parties for marketing. We never use it to target ads.

3. Legal basis under UK GDPR

We rely on three legal bases: (a) legitimate interest, when you contact us about a project; (b) consent, when you subscribe to our newsletter or request an audit; (c) contract, when you become a paying client. You can withdraw consent at any time.

4. Sharing your information

We share data only with the third-party services strictly needed to operate this site: our email provider (Google Workspace / Gmail), transactional email service (Resend), hosting provider (Vercel), analytics provider (Plausible or Vercel Analytics). All are GDPR-compliant and listed in our data processing register on request.

5. Data retention

Project enquiries: 24 months from last contact. Audit requests: 12 months from delivery. Newsletter subscriptions: until you unsubscribe. Client records: 7 years (UK statutory minimum for company records). We delete data sooner on request.

6. Cookies

This site uses no marketing cookies, no advertising cookies, and no third-party tracking cookies. The only cookies we set are strictly necessary for the site to function (e.g. session cookies for the contact form's CSRF protection). No cookie banner required.

7. Your rights under UK GDPR

You have the right to: (a) request a copy of the personal data we hold about you; (b) ask us to correct inaccurate data; (c) ask us to delete your data; (d) restrict or object to our processing of your data; (e) data portability, receive your data in a structured, machine-readable format; (f) complain to the ICO. Email contact@devonicweb.co.uk to exercise any of these.

8. Security

All data is transmitted over TLS 1.3. Our hosting (Vercel) and email (Google Workspace) providers are ISO 27001 / SOC 2 certified. We review access regularly and limit it to the minimum people needed.

9. Third-party links

Our site may link to third-party websites, case studies, tool recommendations, source citations. We're not responsible for their privacy practices. Read their policies before sharing data with them.

10. Changes to this policy

We'll update this page when we change anything material, and update the 'Last updated' date above. Substantial changes will be flagged on the homepage for a fortnight before they take effect.

11. Contact us

Questions about this policy, or your data? Email contact@devonicweb.co.uk. We're the data controller. Our registered entities are Digital Fusion Hub Ltd (Companies House 15582985, England & Wales) and Devonic Web LLC (Wyoming, USA).