Privacy Policy

01 Who we are

Tephra Digital (“we”, “us”, or “our”) is a digital agency providing web design, development, and creative services. This Privacy Policy explains how we collect, use, and protect personal information when you visit our website, enquire about our services, or engage us as a client.

We are committed to handling your data responsibly and in compliance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.

02 Information we collect

We may collect and process the following types of personal information:

  • Contact details — your name, email address, phone number, and company name when you submit an enquiry or sign a contract
  • Project information — briefs, requirements, and any assets or content you share with us for work purposes
  • Communications — records of emails, calls, or messages between you and Tephra Digital
  • Payment information — invoicing details such as billing address; card payments are processed by a third-party provider and we do not store card numbers
  • Website usage data — anonymised analytics including pages visited, referral sources, browser type, and approximate location
  • Cookie data — as described in Section 05 below

We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us so we can delete it promptly.

03 How we use your information

We use the information we collect for the following purposes:

  • To respond to enquiries and provide quotes or proposals
  • To deliver agreed services and manage client projects
  • To send invoices and process payments
  • To communicate project updates, feedback, and relevant information
  • To improve our website and understand how visitors use it
  • To comply with legal and regulatory obligations

We will only send you marketing communications if you have opted in, and you can unsubscribe at any time.

04 Sharing your information

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

  • Service providers — trusted third parties who assist us in operating our business (e.g. cloud storage, accounting software, project management tools), under strict confidentiality agreements
  • Subcontractors — freelancers or specialists engaged on a project basis, only with data necessary to fulfil the work
  • Legal obligations — when required by law, court order, or to protect our legal rights

Any third party we share data with is required to handle it securely and in accordance with applicable data protection law.

05 Cookies & tracking

Our website uses cookies — small text files stored on your device — to improve your experience and help us understand site usage. We use:

  • Essential cookies — necessary for the site to function (cannot be disabled)
  • Analytics cookies — anonymised data to understand visitor behaviour (e.g. Google Analytics)
  • Preference cookies — to remember your settings across visits

You can manage or disable cookies via your browser settings at any time, though some parts of the site may not function correctly as a result.

06 Data retention

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Specifically:

  • Client project data is retained for 6 years after project completion for legal and accounting purposes
  • Enquiries that do not proceed to a project are deleted after 12 months
  • Marketing preferences are retained until you unsubscribe or request deletion
  • Website analytics data is retained in anonymised form for up to 26 months

07 Your rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure — request deletion of your data (“right to be forgotten”)
  • Right to restriction — ask us to limit how we use your data
  • Right to data portability — receive your data in a structured, commonly used format
  • Right to object — object to processing based on legitimate interests or for direct marketing

To exercise any of these rights, please contact us using the details in Section 10. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

08 Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include encrypted file storage, secure communications, and limiting access to data to those who need it to perform their role.

While we strive to protect your information, no method of transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

09 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most current version will always be published on this page, along with the date it was last updated. For significant changes, we will notify active clients directly.