Privacy Policy
This policy explains how CJ Studio collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
CJ Studio is a web design and development business operated by Ollie Jackson and Josh Carter, based in the United Kingdom.
Contact: hello@cjstudio.co.uk
We are the data controller for the personal information we collect about you. We are registered with the Information Commissioner's Office (ICO) as required by UK law.
2. What data we collect
We collect the following personal data when you contact us or engage our services:
- Your name
- Your email address
- Your phone number (if provided)
- Your business name and website (if applicable)
- Details of the project or enquiry you submit
- Payment information (processed securely by Stripe — we do not store card details)
- Technical data such as IP address and browser type when you visit our website (via standard server logs)
3. How we use your data
We use your personal data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Responding to your enquiry | Legitimate interests |
| Providing web design and development services | Performance of a contract |
| Processing payments | Performance of a contract |
| Sending project updates and communications | Performance of a contract |
| Keeping financial records | Legal obligation (HMRC, 7 years) |
| Improving our services | Legitimate interests |
We do not use your data for automated decision-making or profiling. We do not send marketing emails without your explicit consent.
4. Who we share your data with
We only share your data with third parties where necessary to deliver our services:
- StripePayment processing. Stripe is PCI-DSS compliant. View their privacy policy at stripe.com/privacy.
- VercelWebsite hosting and deployment infrastructure. Your website is hosted on Vercel servers.
- GitHubSource code hosting for your project repository.
- GoogleBusiness email (Gmail) for project communications.
We do not sell your personal data to any third party.
5. How long we keep your data
We retain your data for the following periods:
- Project and payment records: 7 years (required by HMRC)
- Enquiry and contact data: 2 years from the date of last contact
- Website server logs: 90 days
After these periods, your data is securely deleted.
6. Your rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of the data we hold about you.
- Right to rectification: Ask us to correct inaccurate or incomplete data.
- Right to erasure: Ask us to delete your data (subject to legal obligations).
- Right to restrict processing: Ask us to limit how we use your data.
- Right to data portability: Request your data in a machine-readable format.
- Right to object: Object to processing based on legitimate interests.
To exercise any of these rights, email us at hello@cjstudio.co.uk. We will respond within 30 days.
7. Cookies
Our website uses only essential cookies required for the site to function correctly (set by Next.js and Vercel). We do not use tracking, advertising, or analytics cookies. No cookie consent banner is required for essential cookies under UK PECR.
8. Data security
We take reasonable technical and organisational measures to protect your personal data, including:
- All data transmitted via HTTPS (SSL/TLS encryption)
- Payment data processed exclusively by Stripe (PCI-DSS compliant)
- Source code stored in private GitHub repositories
- Email secured via Google Workspace
9. Complaints
If you are unhappy with how we have handled your personal data, please contact us in the first instance at hello@cjstudio.co.uk.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
10. Changes to this policy
We may update this policy from time to time. The current version will always be available at this URL. Last updated: 30 May 2026.