Back to Home

Privacy Policy

Last updated: 26 March 2026

1. Who We Are

Shopfront Digital ("we", "our", "us") is a website design and hosting service for local businesses. Our registered address is in the United Kingdom. For any privacy-related queries, contact us at info@shopfrontdigital.co.uk.

2. Information We Collect

We collect the following categories of information to run our business:

  • Contact information: Name, business address, email address, and phone number when you submit a form or subscribe to our service.
  • Payment information: Processed securely through Stripe or GoCardless. We do not store your raw card details or bank account numbers on our servers.
  • Usage data: Anonymous website analytics via privacy-first tools (e.g., Plausible Analytics or Netlify Analytics, which are cookie-free and GDPR-compliant by design).
  • Communications: Email correspondence and support requests.

3. How We Use Your Information

  • To provide and maintain our website hosting and design services.
  • To process your payments through Stripe or GoCardless.
  • To communicate with you about your subscription, technical updates, and support.

4. Legal Basis (UK GDPR)

Under the UK GDPR, we process your data on the following legal bases:

  • Contract: To fulfil our subscription agreement with you.
  • Legitimate interest: To improve our services and communicate relevant system updates.
  • Consent: For marketing emails, which you can unsubscribe from at any time.

5. Data on Client Websites

When we build a website for your business, you (the Client) are the Data Controller for any information collected from your own customers (e.g., via contact forms on your Shopfront Digital website). Shopfront Digital acts only as the Data Processor. It is your responsibility to ensure your business complies with GDPR regarding your own customers' data. We do not access, sell, or use data submitted by your customers.

6. Data Retention

We retain your personal data for the duration of your active subscription plus 12 months. Financial and payment records are retained for 7 years to comply with UK accounting and tax obligations.

7. Your Rights

Under UK GDPR, you have the right to: access your data, rectify inaccuracies, erase your data, restrict processing, request data portability, and object to processing. Contact us at info@shopfrontdigital.co.uk to exercise any of these rights.

8. Third Parties

We share necessary operational data with the following secure processors: Stripe & GoCardless (payments), Resend (transactional emails), Netlify & GitHub (hosting and code storage). Each operates under their own strict privacy policies and GDPR compliance frameworks.

9. Contact

For questions about this policy or update requests, contact us at info@shopfrontdigital.co.uk.