SitePronto logo

Privacy Policy

Last updated: 24 May 2025

SitePronto (“we”, “us”, “our”) is a UK-based website building service for small businesses, operated as a trading name ofGenerativ AI Consulting Ltd, registered in England & Wales, with our registered office at 66 Paul St, London EC2A 4NA. We build professional industry-specific websites using modern tools (Next.js, Vercel, Stripe and third-party services).

This policy explains what personal data we collect when you use our website (sitepronto.co), enquire about a project, or become a care-plan client, what we do with it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Summary: We collect only what we need to build your website, reply to your enquiry and take payment. We do not sell your data. We use trusted processors only. You can ask us to correct or delete your data at any time.

1. What data we collect

The data we collect depends on how you interact with us.

a) Enquiry and brief forms

When you submit a project brief or enquiry form on sitepronto.co we collect:

  • Full name
  • Business name
  • Email address
  • Phone number
  • Business address, town and postcode
  • Service areas
  • Google Business Profile URL
  • Existing website URL (if applicable)
  • Domain ownership status and preferred domain name
  • Logo and brand colours (or links provided)
  • Services offered and main service to prioritise
  • Opening hours
  • Years trading
  • Accreditations and insurance details
  • Customer review links
  • Photo availability and any references submitted

b) Newsletter and marketing sign‑up

If you opt in to our newsletter or marketing updates we collect only your name and email address. We keep a record of your consent and any subsequent unsubscribe action.

c) Care‑plan clients

Care-plan subscribers additionally provide a billing address and payment details via Stripe. We never store full card numbers on our systems.

d) Automated technical data

As with virtually every website, our servers log: IP address, browser type and version, device type, page URLs visited,referring site, and timestamps. This is standard server log data used for security, performance monitoring and analytics.

2. How we collect your data

  • Directly from you via enquiry and intake forms on our site.
  • Via Stripe when you purchase a package or care plan — Stripe passes us your billing name, email and payment status.
  • Automatically through standard server logs and analytics cookies (with your consent where required).
  • From you directly in emails or calls to hello@sitepronto.co — we may log contact details and enquiry details from these exchanges.

3. Why we use your data (lawful basis)

Under UK GDPR we rely on the following lawful bases for processing:

Legitimate interest

  • To quote and build your website — processing your brief, estimate, design call and build workflow.
  • To provide care-plan support — hosting, uptime monitoring and basic maintenance.
  • To improve our offerings — understanding which industries and packages are most popular, which forms drop off and how visitors navigate our site. We only use aggregate / anonymised analytics for this purpose.
  • To protect our business — fraud prevention, abuse detection and security monitoring.

Contract

  • To take and process payment via Stripe when you purchase a package or add-on.
  • To deliver what you've paid for — fulfilling a website build, installing add-ons, managing DNS/hosting transfers and delivering care-plan services.

Consent

  • Marketing emails are only sent to contacts who have explicitly opted in. You can unsubscribe at any time via the link in any email we send.
  • Non-essential cookies (analytics, advertising) are only set after you give consent via our cookie banner. You can change your preferences at any time.

4. Who we share your data with

We use a small number of trusted third-party processors to deliver our service. We share only the minimum data each needs. We do not sell your data to any third party.

  • Stripe (stripe.com) — payment processing. Full card details pass directly to Stripe and are never received or stored by us. We receive payment status, customer reference and billing email.
  • Vercel / hosting provider — website hosting and delivery. Server logs are maintained for security and performance.
  • Supabase — project data storage and API services, where applicable.
  • Email service provider (e.g. Resend, SendGrid or equivalent) — transactional and consent-based marketing emails only.
  • Google Analytics / GTM (if opted in) — traffic analytics with IP anonymised. Only active after you consent via the cookie banner.
  • Meta / Facebook Pixel (if opted in) — advertising conversion tracking. Only active after you consent via the cookie banner.

All processors are Data Processor Agreements (DPAs) in place. We do not share data with any other entity without your consent, unless required by law.

5. How long we keep your data

  • Enquiry / brief data: retained for 24 months from last contact, so we can reference your project requirements if you return.
  • Active client data: retained for 6 years after project completion, in line with HMRC / UK tax record requirements.
  • Marketing opt‑in list: retained until you unsubscribe or we identify a hard bounce — whichever comes first.
  • Server / analytics logs: retained for a maximum of 14 months unless a security incident requires extended retention.

6. Your rights under UK GDPR

You have the following rights at any time:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct inaccurate or incomplete data.
  • Right to erasure — ask us to delete your data, subject to any legal obligations we have to retain it.
  • Right to restrict processing — ask us to pause certain processing of your data.
  • Right to data portability — request your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interest, and to direct marketing.
  • Right to withdraw consent at any time for marketing emails or cookie-based tracking — without affecting any prior processing carried out lawfully.
  • Right to complain — you may lodge a complaint with the Information Commissioner's Office (ICO)if you are unhappy with how we handle your data.

To exercise any of your rights, email hello@sitepronto.co. We will respond within one calendar month.

7. Data security

We use industry-standard security measures: TLS/HTTPS encryption in transit, encrypted storage via trusted providers, access controls and regular security updates. No system is completely infallible — if a breach occurs that risks your rights we will notify the ICO within 72 hours and you directly where legally required.

8. International data transfers

Our primary processors (Stripe, Vercel, Supabase) may transfer data outside the UK in order to provide their services. Each processor maintains SCCs or equivalent legal safeguards recognised by UK GDPR. Where relevant, we rely on adequacy decisions issued by the UK Government.

9. Automated profiling and decisions

We do not carry out fully automated decision-making or profiling that has legal or similarly significant effects on you. Basic analytics (e.g. counting visits to a page) does not constitute profiling under UK GDPR.

10. Changes to this policy

We may update this policy from time to time to reflect changes in our services, legal obligations or third-party processors. The “Last updated” date above shows the current version. We encourage you to review it periodically. Our Terms of Service also govern your use of our website and services.

11. Contact us

For questions about this policy, or to exercise your data rights:

  • Email: hello@sitepronto.co
  • Post: 66 Paul St, London EC2A 4NA, United Kingdom
  • Phone: 0115 647 2019