Privacy Policy

Last updated: 17 April 2026

1. Introduction

Inuvate ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website at inuvate.co.uk and our hosting and design services.

We process your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

2. Data Controller

Inuvate is the data controller for the personal data we collect from you. If you have any questions about how we handle your data, please contact us:

• Email: hello@inuvate.co.uk
• Website: inuvate.co.uk

3. What Data We Collect

3.1 Data You Provide to Us

When you use our services, we may collect the following personal data:

• Account information: Your name, email address, phone number, and business name when you create an account or complete the onboarding process.
• Business information: Details about your business, industry, services, and preferences that you provide during the website design process.
• Payment information: Billing details processed by Stripe. We do not store your full credit card number on our servers.
• Communication data: Messages you send to us via email, WhatsApp, or the customer portal, including change requests for your website.
• Content you provide: Text, images, logos, and other content you provide for your website.

3.2 Data Collected Automatically

When you visit our website, we may automatically collect:

• Technical data: IP address, browser type and version, operating system, and device type.
• Usage data: Pages visited, time spent on pages, and navigation paths.
• Cookie data: See our Cookies section below for further details.

3.3 Data from Third Parties

We may receive data from:

• Stripe: Payment confirmation and subscription status.
• WhatsApp (via Twilio): Messages you send to us for website change requests.

4. How We Use Your Data

We use your personal data for the following purposes:

• To provide our services: Designing, building, hosting, and maintaining your website. Legal basis: performance of a contract.
• To process payments: Charging your subscription fee and managing your billing. Legal basis: performance of a contract.
• To communicate with you: Responding to your enquiries, sending service updates, and processing change requests. Legal basis: performance of a contract and legitimate interests.
• To improve our services: Analysing usage patterns to improve our platform and user experience. Legal basis: legitimate interests.
• To comply with legal obligations: Maintaining financial records, responding to legal requests, and meeting regulatory requirements. Legal basis: legal obligation.
• To protect our services: Detecting and preventing fraud, abuse, and security incidents. Legal basis: legitimate interests.

5. Data Sharing

We do not sell your personal data. We may share your data with the following third parties:

• Stripe: For payment processing. Stripe's privacy policy applies to data they process.
• Twilio: For WhatsApp messaging functionality. Twilio's privacy policy applies to data they process.
• Anthropic: For AI-powered website generation. We send business information (not personal customer data) to generate website content.
• Hosting infrastructure providers: Our servers may be hosted with third-party cloud providers who process data on our behalf under data processing agreements.
• Legal authorities: Where required by law, regulation, or court order.

6. Data Retention

We retain your personal data as follows:

• Active account data: For the duration of your subscription plus 30 days after cancellation.
• Financial records: For 7 years after the transaction, as required by HMRC.
• Communication records: For 2 years after the last communication, or the end of your subscription, whichever is later.
• Website content: For 30 days after cancellation, after which it may be permanently deleted.
• Technical logs: For up to 12 months.

7. Your Rights

Under the UK GDPR, you have the following rights:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct inaccurate or incomplete data.
• Right to erasure: You can ask us to delete your personal data in certain circumstances.
• Right to restrict processing: You can ask us to limit how we use your data.
• Right to data portability: You can request your data in a structured, commonly used, machine-readable format.
• Right to object: You can object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at hello@inuvate.co.uk. We will respond to your request within one month.

8. Cookies

Our website uses the following cookies:

• Essential cookies: Required for the website to function. These include session cookies that maintain your login state. These cookies cannot be disabled.
• Stripe cookies: Used by Stripe for payment processing and fraud prevention.

We do not use advertising cookies, tracking cookies, or analytics cookies that require consent under PECR.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit using SSL/TLS
• Secure password hashing using bcrypt
• Regular security updates and monitoring
• Access controls limiting who can access personal data
• Secure payment processing via Stripe (PCI DSS compliant)

While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee the absolute security of your data.

10. International Transfers

Some of our third-party service providers may process data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office (ICO), or the service provider is located in a country with an adequacy decision.

11. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by email or through a notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113

We would appreciate the opportunity to resolve any concerns before you contact the ICO. Please reach out to us at hello@inuvate.co.uk first.

14. Contact Us

For any questions about this Privacy Policy or your personal data, please contact us:

• Email: hello@inuvate.co.uk
• Website: inuvate.co.uk