Privacy Policy

Last Updated: 29 April 2026

JR Digital (“we”, “us”, “our”) is committed to protecting the privacy of our website visitors, prospective clients, and paying clients. This Privacy Policy explains how we collect, use, store, and protect personal data when you interact with our website or use our services.

We operate under the laws of the United Kingdom and comply with the UK GDPR and applicable data protection regulations. Where relevant, this policy is intended to align with EU GDPR principles for international users.

1. Information We Collect

1.1 Contact & Enquiry Information

When you contact us via our website, email, or telephone, we may collect:

• Name
• Email address
• Telephone number
• Message or enquiry details

Contact form submissions are delivered directly to us by email and stored on Microsoft’s email servers.

---

1.2 Project Form Data

When you complete our online project form to start a website project, we collect the following categories of information:

Personal & contact information (required to process your enquiry and payment):

• Full name
• Email address
• Phone number
• Business or organisation name (if provided)
• Referral source — how you heard about JR Digital (if provided)

Project & preference information (used to scope and deliver your project):

• Website type (e.g. personal, business, e-commerce) and whether this is a new site or a redesign
• Current website URL (if applicable)
• Description of your business or project
• Website goals and target audience
• Page requirements, content readiness, and asset availability
• Design preferences, including brand colours (hex values), style choices, and inspiration website links
• Feature and add-on selections, including any specific integrations, languages, or products described
• E-commerce details such as product type and estimated product count (where applicable)
• Domain name and technical requirements
• Preferred timeline and payment model
• Any additional notes you choose to share

This data is submitted to our secure backend and stored in a database hosted on Microsoft Azure using HTTPS. The form is not intended to collect highly sensitive personal or financial information, and data is not encrypted at rest as it is not expected to contain sensitive personal data.

When you proceed to pay your deposit, your contact details and a summary of your project selections are also included in the Stripe checkout session to enable payment processing and to link the payment to your project.

While completing the form, your progress is automatically saved as a draft in your browser's local storage. This draft data remains only on your device and is automatically removed when you complete or reset the form. No draft data is transmitted to our servers unless you proceed to submit.

---

1.3 Cloud Solutions (Microsoft 365 Setup)

If you purchase our Cloud Solutions service, JR Digital may briefly handle Microsoft 365 configuration credentials (such as temporary admin passwords) during the setup process. These credentials are used solely to configure your tenant and are not stored by JR Digital once setup is complete. Full ownership and control of your Microsoft 365 tenant remains with you at all times.

---

1.4 Payments

All payments are processed exclusively through Stripe. We do not collect or store card details or payment credentials on our own systems.

2. How We Use Your Information

We use the information we collect to:

• Respond to enquiries and communicate with you
• Assess project requirements and provide services
• Manage client relationships and ongoing projects
• Process payments via Stripe
• Maintain website functionality, performance, and reliability
• Comply with legal obligations and prevent misuse or fraud

We do not use personal data for newsletters, marketing emails, or unsolicited promotional messages.

Lawful Basis for Processing (UK GDPR Article 6)

We process your personal data on the following lawful bases:

• Contract performance (Article 6(1)(b)) — processing your contact and project information is necessary to assess, agree, and deliver the services you have requested or are considering purchasing
• Consent (Article 6(1)(a)) — analytics cookies and visitor tracking are only activated if you accept via our cookie banner; you may withdraw this consent at any time
• Legitimate interests (Article 6(1)(f)) — fraud prevention, security monitoring, and maintaining the reliability and integrity of our services, where your interests are not overridden by ours

3. Analytics & Cookies

3.1 Google Analytics & Looker Studio

We use Google Analytics (GA4) to understand how visitors interact with our website and to improve performance and usability. Analytics is non-essential and is used in an aggregated manner.

You can accept or decline analytics cookies via our cookie banner. If you decline, your activity is not tracked by Google Analytics.

For clients on a Data Analytics plan, we also use Google Looker Studio to present your website data as a visual dashboard. Data displayed in Looker Studio is drawn from your Google Analytics account and is used solely to provide the agreed analytics service.

---

3.2 Cookies

Cookies may be used for:

• Basic website functionality
• Analytics (only if you consent)

You can manage or withdraw cookie consent at any time using your browser settings or our cookie controls (where available).

4. Hosting & Data Storage

Our website and project infrastructure are hosted on Microsoft Azure, primarily in the UK South region.

Where appropriate, client projects may be hosted in other Azure regions closer to the client’s location to improve speed and reliability.

5. Client-Provided Content & Responsibility

Clients may provide logos, branding, content, credentials, or other materials for use in their project. While we take reasonable care in handling client data:

• Clients are responsible for ensuring they have lawful rights to use any materials they provide.
• We are not responsible for copyright or licensing issues arising from client-provided content.

Content we create for clients is produced in line with applicable regulations and professional standards.

6. Access to Client Data

For live websites and hosted services, we may access databases or infrastructure only when necessary for:

• Debugging and troubleshooting
• Maintenance and performance checks
• Security reviews
• Support requests

Access is limited to what is required to complete the task and is not used for any other purpose.

7. Data Retention

We retain personal data only for as long as necessary:

• Enquiry and form data is kept until the enquiry or project is resolved, or until deletion is requested.
• Client data is retained for the duration of the service relationship.

You may request deletion of your data at any time, subject to legal or contractual obligations.

8. Your Rights

Under UK GDPR, you have the right to:

• Request access to the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your data (where applicable)
• Object to or restrict certain processing in specific circumstances
• Withdraw consent for analytics cookies at any time via our cookie banner or browser settings — this does not affect the lawfulness of processing based on consent before withdrawal
• Data portability — request a copy of the personal data you provided to us in a structured, commonly used format, where processing is based on consent or contract
• Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled unlawfully

Legal and data-related requests will be responded to within 30 days.

9. Data Security

We implement reasonable technical and organisational measures to protect personal data from unauthorised access, misuse, or disclosure. However, no system is completely secure, and we cannot guarantee absolute security of data transmitted or stored electronically.

10. Third-Party Services

We may rely on third-party services such as:

• Stripe (payments) — Privacy Policy
• Microsoft Azure (hosting and infrastructure) — Microsoft Privacy Statement
• Microsoft 365 (cloud solutions — email, Teams, OneDrive) — Microsoft Privacy Statement
• Google Analytics (GA4) (website analytics) — Google Privacy Policy
• Google Looker Studio (analytics dashboards) — Google Privacy Policy

These providers process data in accordance with their own privacy policies and security standards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date. Continued use of our website or services indicates acceptance of the updated policy.

12. Contact Us