Privacy Policy

Last Updated: 4 December 2025

PixelWeave Limited ("PixelWeave", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with UK GDPR and the Data Protection Act 2018.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you:

• Contact us: Name, email address, phone number, company name, project details
• Create an account: Name, email address, password (encrypted), business information
• Use our services: Project requirements, content, images, documents you upload
• Communicate with us: Messages, support tickets, feedback
• Make payments: Billing information (processed securely via Stripe - we do not store card details)

1.2 Information Automatically Collected

When you visit our website, we automatically collect:

• Technical data: IP address, browser type, device information, operating system
• Usage data: Pages visited, time spent, navigation paths (via essential cookies only)
• Authentication data: Session tokens, login timestamps

1.3 Information We Do Not Collect

We do NOT collect:

• Sensitive personal data (health, race, religion, political opinions) unless specifically provided by you for a project
• Marketing tracking or advertising cookies (we only use essential cookies)

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

3. How We Use Your Information

We use collected information to:

• Provide services: Deliver web development projects, respond to enquiries, provide support
• Manage accounts: Create and maintain client accounts, authenticate users, manage projects
• Process payments: Handle invoicing and payment processing (via Stripe)
• Communicate: Send project updates, respond to messages, provide notifications
• Improve services: Analyze usage patterns, fix bugs, enhance user experience
• Legal compliance: Meet accounting, tax, and legal obligations
• Security: Detect and prevent fraud, protect against security threats

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored:

• Primary storage: Supabase (PostgreSQL database) - European region servers
• File storage: Supabase Storage - European region
• Email service: Resend (transactional emails only)
• Payment processing: Stripe (UK/EU servers - they are the data processor for payment data)

4.2 Data Transfers

All data is stored within the European Economic Area (EEA). We do not transfer personal data outside the UK/EEA except where necessary for payment processing via Stripe, which has appropriate safeguards in place.

4.3 Security Measures

We implement industry-standard security measures including:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure password hashing (bcrypt)
• Role-based access controls
• Regular security updates and patches
• Row Level Security (RLS) policies on database
• Secure authentication with session management

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share data with the following trusted third parties who act as data processors:

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change.

5.4 We Do Not Sell Data

We will never sell, rent, or trade your personal data to third parties for marketing purposes.

6. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Active clients: Duration of business relationship plus 6 years (UK tax/accounting requirements)
• Contact enquiries: 2 years from last contact (unless converted to client)
• Project files: 3 years after project completion (for support and warranty purposes)
• Account data: Until account deletion requested, then 30 days for backup purposes
• Legal/tax records: 6 years minimum (UK legal requirement)

After retention periods expire, data is securely deleted or anonymized.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, contact us at: dev@pixelweave.co.uk

We will respond to your request within one month. In complex cases, this may be extended to three months with notification.

8. Cookies and Tracking

8.1 Essential Cookies

We use essential cookies necessary for the website to function:

• Authentication cookies: Keep you logged in securely
• Session cookies: Maintain your session state
• Security cookies: Prevent fraud and protect your account

8.2 No Analytics or Marketing Cookies

We currently do NOT use analytics cookies, advertising cookies, or third-party tracking. If we decide to implement these in the future, we will:

• Update this Privacy Policy
• Implement a cookie consent banner
• Request your explicit consent before setting non-essential cookies

8.3 Managing Cookies

You can disable cookies in your browser settings, but this may affect the functionality of the website. Essential cookies are necessary for authentication and security.

For more information, see our Cookie Policy.

9. Children's Privacy

Our services are not intended for children under 13 years old. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at dev@pixelweave.co.uk and we will delete it.

If a client's website/project involves data about children, the client acts as the data controller for that data and must comply with relevant regulations.

10. Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will:

• Notify the ICO within 72 hours if required by law
• Inform affected individuals without undue delay if there is a high risk to their rights
• Provide information about the breach and steps being taken to address it
• Take immediate action to contain and remedy the breach

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated "Last Updated" date.

For material changes, we will notify you via email or prominent notice on our website at least 30 days before the changes take effect.

12. Contact Us

For questions, concerns, or to exercise your data protection rights, contact us:

13. ICO Complaint

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the UK Information Commissioner's Office: