Privacy Policy
This policy explains how Axlo collects, uses, shares and protects your personal data when you visit our website, request a free health check, contact us, or become a client. We are committed to handling your data lawfully and transparently under the UK GDPR and the Data Protection Act 2018.
Contents
1. Who we are
For the purposes of data protection law, the data controller is [Axlo Ltd — your exact registered company name], trading as “Axlo” (“Axlo”, “we”, “us”, “our”), a company registered in England and Wales under company number [company number], with its registered office at [registered office address].
You can reach us about privacy at enquiries@axlo.studio. Where required, we are registered with the Information Commissioner's Office (ICO) under registration number [ICO registration number — register at ico.org.uk if you process personal data].
2. What personal data we collect
Information you give us
- When you contact us or request a project: your name, email address, business name, business type, current website address, a description of what you need, and anything else you choose to include in your message.
- When you run a free health check: the website address you submit, and — if you ask for the full report — your email address and the summary results of the check.
- If you become a client: billing and contact details, information about your business, and access or account details you share so we can build and maintain your site or app. Card payments are handled by our payment provider (see below); we do not store full card numbers.
Information we collect automatically
- Technical & usage data: when you visit the site, our hosting provider records standard server information such as your IP address, browser type, device information, referring pages and timestamps, for security and to keep the site running.
- Bot-protection data: our forms use Cloudflare Turnstile to tell humans from automated abuse. This may process your IP address and interaction signals and set a short-lived cookie or token.
3. How and why we use your data
We only use your personal data where the law allows us to. The table below sets out our purposes and the lawful basis for each under Article 6 of the UK GDPR.
| Purpose | Lawful basis |
|---|---|
| Responding to your enquiry and running a health check you requested | Legitimate interests, and/or taking steps at your request before entering a contract |
| Providing, managing and monitoring the services you buy, and taking payment | Performance of a contract |
| Protecting our site and forms from spam and abuse (Turnstile) | Legitimate interests (security) |
| Occasional follow-up about services you enquired about | Legitimate interests; consent where required. You can opt out at any time |
| Meeting our legal, tax and accounting obligations | Legal obligation |
Where we rely on legitimate interests, we have considered whether those interests are overridden by your rights, and we believe our processing is proportionate. You can object at any time (see “Your rights”).
4. Who we share your data with
We do not sell your personal data. We share it only with the service providers (“processors”) that help us run our business, and only as needed. These currently include:
| Provider | What they do |
|---|---|
| Cloudflare, Inc. | Website hosting, content delivery, and bot protection (Turnstile) |
| Resend (Plus Five Five, Inc.) | Sending our transactional and enquiry emails |
| Google (Google Workspace, Firebase / Google Cloud, Google Fonts) | Our business email, hosting of booking-system data, and web fonts |
| Stripe Payments Europe / Stripe, Inc. | Processing card payments securely |
Each processor acts on our instructions under a contract that requires them to protect your data. We may also disclose data where required by law, or to establish, exercise or defend legal claims. Please confirm this list matches the tools you actually use before publishing, and add or remove providers as needed: [review processor list].
5. International transfers
Some of our providers are based outside the UK (for example, in the United States). Where personal data is transferred outside the UK, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses, so your data receives an equivalent level of protection.
6. How long we keep your data
We keep personal data only for as long as we need it. Enquiry and health-check details are kept while we are in contact and for a reasonable period afterwards in case you get back in touch, then deleted. Client records and anything required for tax and accounting are kept for at least six years, as UK law requires. You can ask us to delete your data sooner (see below), subject to any legal retention obligations.
7. Your rights
Under UK data protection law you have the right to: access a copy of your data; have inaccurate data corrected; have your data erased; restrict or object to processing; data portability; and, where we rely on consent, to withdraw it at any time. To exercise any of these, email enquiries@axlo.studio. We will respond within one month.
If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office at ico.org.uk or by calling their helpline. We would appreciate the chance to address your concerns first.
8. When we handle your customers' data on your behalf
When we build and operate a booking system, website or app for a business client, that client is the data controller of their own customers' information (such as bookings and contact details), and Axlo acts as a data processor on their behalf. In those cases we process that data only on the client's documented instructions, under a data processing agreement, and this policy does not govern how the client uses their customers' data — the client's own privacy policy does.
9. Cookies
Our website uses only a small number of strictly-necessary cookies, mainly for security and bot protection. We do not currently use advertising or analytics cookies. For details, see our Cookie Policy.
10. Security
We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), reputable hosting and payment providers, and limiting access to your information. No online service can be completely secure, but we work to protect your data and will notify you and the ICO of any breach where the law requires.
11. Children
Our services are aimed at businesses and are not directed at children. We do not knowingly collect data from children through this website. Where a client's booking system processes data about their own customers, responsibility for any age-related requirements rests with that client as controller.
12. Changes to this policy & how to contact us
We may update this policy from time to time. The “last updated” date at the top shows when it last changed. For any privacy question or request, contact [Axlo Ltd — registered company name] at enquiries@axlo.studio, or write to us at our registered office, [registered office address].