axlo.
The work About Free check Care plans Contact Get started
Legal

Privacy Policy

Last updated: 10 July 2026 · Applies to axlo.studio and the services provided by Axlo
Draft for review. This policy is a starting template, not legal advice. Please fill every highlighted placeholder, confirm the processors listed match what you actually use, and have it reviewed by a solicitor or the ICO's resources before publishing. Remove this box before going live.

This policy explains how Axlo collects, uses, shares and protects your personal data when you visit our website, request a free health check, contact us, or become a client. We are committed to handling your data lawfully and transparently under the UK GDPR and the Data Protection Act 2018.

Contents

  1. Who we are
  2. What we collect
  3. How & why we use it
  4. Who we share it with
  5. International transfers
  6. How long we keep it
  7. Your rights
  8. When we handle client data
  9. Cookies
  10. Security
  11. Children
  12. Changes & contact

1. Who we are

For the purposes of data protection law, the data controller is [Axlo Ltd — your exact registered company name], trading as “Axlo” (“Axlo”, “we”, “us”, “our”), a company registered in England and Wales under company number [company number], with its registered office at [registered office address].

You can reach us about privacy at enquiries@axlo.studio. Where required, we are registered with the Information Commissioner's Office (ICO) under registration number [ICO registration number — register at ico.org.uk if you process personal data].

2. What personal data we collect

Information you give us

  • When you contact us or request a project: your name, email address, business name, business type, current website address, a description of what you need, and anything else you choose to include in your message.
  • When you run a free health check: the website address you submit, and — if you ask for the full report — your email address and the summary results of the check.
  • If you become a client: billing and contact details, information about your business, and access or account details you share so we can build and maintain your site or app. Card payments are handled by our payment provider (see below); we do not store full card numbers.

Information we collect automatically

  • Technical & usage data: when you visit the site, our hosting provider records standard server information such as your IP address, browser type, device information, referring pages and timestamps, for security and to keep the site running.
  • Bot-protection data: our forms use Cloudflare Turnstile to tell humans from automated abuse. This may process your IP address and interaction signals and set a short-lived cookie or token.

3. How and why we use your data

We only use your personal data where the law allows us to. The table below sets out our purposes and the lawful basis for each under Article 6 of the UK GDPR.

PurposeLawful basis
Responding to your enquiry and running a health check you requestedLegitimate interests, and/or taking steps at your request before entering a contract
Providing, managing and monitoring the services you buy, and taking paymentPerformance of a contract
Protecting our site and forms from spam and abuse (Turnstile)Legitimate interests (security)
Occasional follow-up about services you enquired aboutLegitimate interests; consent where required. You can opt out at any time
Meeting our legal, tax and accounting obligationsLegal obligation

Where we rely on legitimate interests, we have considered whether those interests are overridden by your rights, and we believe our processing is proportionate. You can object at any time (see “Your rights”).

4. Who we share your data with

We do not sell your personal data. We share it only with the service providers (“processors”) that help us run our business, and only as needed. These currently include:

ProviderWhat they do
Cloudflare, Inc.Website hosting, content delivery, and bot protection (Turnstile)
Resend (Plus Five Five, Inc.)Sending our transactional and enquiry emails
Google (Google Workspace, Firebase / Google Cloud, Google Fonts)Our business email, hosting of booking-system data, and web fonts
Stripe Payments Europe / Stripe, Inc.Processing card payments securely

Each processor acts on our instructions under a contract that requires them to protect your data. We may also disclose data where required by law, or to establish, exercise or defend legal claims. Please confirm this list matches the tools you actually use before publishing, and add or remove providers as needed: [review processor list].

5. International transfers

Some of our providers are based outside the UK (for example, in the United States). Where personal data is transferred outside the UK, we rely on appropriate safeguards such as UK adequacy regulations or the International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses, so your data receives an equivalent level of protection.

6. How long we keep your data

We keep personal data only for as long as we need it. Enquiry and health-check details are kept while we are in contact and for a reasonable period afterwards in case you get back in touch, then deleted. Client records and anything required for tax and accounting are kept for at least six years, as UK law requires. You can ask us to delete your data sooner (see below), subject to any legal retention obligations.

7. Your rights

Under UK data protection law you have the right to: access a copy of your data; have inaccurate data corrected; have your data erased; restrict or object to processing; data portability; and, where we rely on consent, to withdraw it at any time. To exercise any of these, email enquiries@axlo.studio. We will respond within one month.

If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office at ico.org.uk or by calling their helpline. We would appreciate the chance to address your concerns first.

8. When we handle your customers' data on your behalf

When we build and operate a booking system, website or app for a business client, that client is the data controller of their own customers' information (such as bookings and contact details), and Axlo acts as a data processor on their behalf. In those cases we process that data only on the client's documented instructions, under a data processing agreement, and this policy does not govern how the client uses their customers' data — the client's own privacy policy does.

9. Cookies

Our website uses only a small number of strictly-necessary cookies, mainly for security and bot protection. We do not currently use advertising or analytics cookies. For details, see our Cookie Policy.

10. Security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), reputable hosting and payment providers, and limiting access to your information. No online service can be completely secure, but we work to protect your data and will notify you and the ICO of any breach where the law requires.

11. Children

Our services are aimed at businesses and are not directed at children. We do not knowingly collect data from children through this website. Where a client's booking system processes data about their own customers, responsibility for any age-related requirements rests with that client as controller.

12. Changes to this policy & how to contact us

We may update this policy from time to time. The “last updated” date at the top shows when it last changed. For any privacy question or request, contact [Axlo Ltd — registered company name] at enquiries@axlo.studio, or write to us at our registered office, [registered office address].

axlo. — beautifully built, endlessly watched.
enquiries@axlo.studio · The work · Care plans · Contact
© 2026 Axlo · Privacy · Terms · Cookies