Last updated 20 June 2025
We respect your privacy and comply with the EU's General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable laws. This policy explains how we collect, use, and protect your information in a clear way - no jargon - just the essentials.
Your privacy matters to us as much as our own. We only collect what we need to build and manage your website, and we'll never use your information for anything beyond what you've agreed to. We won't share it unless required by law.
We collect your name and email address when you sign up for an account on our website to build your website.
We also collect additional contact information (e.g. phone number, business address, social media handles) that you provide for display on the website we build for you. This information is intended to be public, as per your instructions.
We use Stripe to process payments and never store your credit card details ourselves. See Stripe's Privacy Policy for details.
For your account, we store:
For your website, we store any additional contact information you provide (e.g. phone number, business address, social media handles) to display publicly on the site you've commissioned.
When you make a payment, Stripe processes and stores your payment details. We only store transaction records (e.g. receipts) containing your name and email address.
We store your account and website information in a MySQL database on a secure Digital Ocean Virtual Private Server (VPS) located in the UK.
Payment-related data is handled by Stripe, which stores it according to their privacy policy.
We use your name and email address to:
We use additional contact information you provide solely to display on your website as requested. We won't use it for any other purpose.
We won't spam you or send unsolicited marketing emails. If we contact you, it's only about your account or website.
Our Data Protection Officer is responsible for your information's security. Contact them at enquiries@businesscardy.com with any concerns.
Only our team members who need your information to build your website or manage your account have access. We restrict access to the minimum necessary.
Stripe has access to payment-related data, as outlined in their privacy policy.
Your data is stored on a secure Digital Ocean VPS in the UK with encrypted connections. We use strong, unique passwords for all systems, stored in an encrypted password manager. Our devices are protected with passcodes, biometric authentication, and encryption, requiring re-authentication after 10 minutes of inactivity.
We limit access to your data within our team and use secure protocols for data transmission. Stripe handles payment data with industry-standard security measures.
Under GDPR and the UK Data Protection Act 2018, you have the right to:
To exercise these rights, email enquiries@businesscardy.com. We'll respond within 30 days.
If you're unhappy with how we handle your data, please contact our Data Protection Officer at enquiries@businesscardy.com. You can also lodge a complaint with the UK Information Commissioner's Office (ICO) at www.ico.org.uk or your local data protection authority.
We may update this policy to reflect legal or operational changes. Updates take effect when published on our website. We'll notify you of significant changes via email.
This privacy policy is based on (Data) Protection Racket , adapted to comply with GDPR and the UK Data Protection Act 2018.