Background
Compliance

Privacy Policy

Last updated:
June 2026

Fernside Studio respects your privacy. This notice explains the personal information we collect, why we collect it, and the steps we take to keep it secure in accordance with UK GDPR and the Data Protection Act 2018.

Protocol 01

1. Contact Information

Data Controller Fernside Studio
Contact Person Liam Orrill
Address 124 City Road, London, England, EC1V 2NX, United Kingdom
Protocol 02

2. Information We Collect

2.1 Information You Provide

Enquiry & Funnel Forms

Name, company, email, phone number, project details, goals, budget range, preferred timeline, and answers to the questions in our guided enquiry funnels

Newsletter Sign-up

Email address and optional first name when you subscribe to our updates

Website Chat

Messages you send to our website assistant, and your email if you choose to share it for a follow-up. Replies are automated and AI-generated. Your messages may be processed by Cloudflare Workers AI to generate a reply, and personal details (such as names, emails, and phone numbers) are automatically redacted before your message is stored and before it is sent to the model. We also store a random first-party identifier in your browser (localStorage) so we can recognise a returning chat visitor and keep your conversation history together. It is functional only, not used for advertising, and not shared with third parties; clearing your browser storage removes it. Please do not share sensitive personal or confidential information in the chat

Bookings

Name, email, and any notes when you book a call, used to create the calendar event and meeting link

Email & Calls

Additional context you share when we speak via email, phone, or video call

Billing Details

Contact information and payment references required to issue invoices and contracts

2.2 Data Collected Automatically

Analytics

Anonymised visitor data (pages viewed, device type, approximate location) collected through privacy-friendly analytics providers

Technical Logs

IP address, browser version, error logs, and security events generated by our hosting services

Cookies

Essential cookies that keep the site functioning, plus optional analytics cookies if you consent

Protocol 03

3. How We Use Your Information

3.1 Legal Basis

Contract

Delivering design and development services, preparing statements of work, and managing projects

Legitimate Interests

Responding to enquiries, improving our website, and safeguarding our platform against misuse

Consent

Sending optional updates or resources, only when you opt in

3.2 Practical Uses

  • Replying to enquiries within one business day
  • Producing proposals, quotes, and contracts
  • Carrying out commissioned work and providing support
  • Processing invoices and bookkeeping
  • Monitoring site performance and preventing abuse
  • Sharing Fernside Studio news or resources when requested
Protocol 08

8. Cookies

8.1 What Are Cookies

Cookies are small files stored on your device that help websites function and understand usage patterns.

8.2 Types We Use

Essential Cookies

Keep the site secure and functional. These cannot be disabled.

Analytics Cookies

Anonymous usage data that helps us improve layouts and content.

Preference Cookies

Remember your settings (such as cookie consent choices) for future visits.

8.3 Managing Cookies

You can block or delete cookies in your browser settings. Disabling essential cookies may affect site functionality.

8.4 Conversion & Advertising Tracking

With your consent we use measurement and advertising tools to understand how visitors find us and which of our pages lead to enquiries. These fire only after you accept via our cookie consent banner. The lawful basis is your consent, which you can withdraw at any time.

Google Analytics 4 (G-8K6QTNCF55)

Measures site usage and conversion events such as form submissions, bookings, newsletter sign-ups, and chat leads

Google Tag Manager (GTM-WVGJQB2H)

Manages and triggers our measurement and advertising tags

OpenAI Advertising Pixel

Used for advertising measurement and retargeting once you have consented

Alongside these events we send UTM campaign attribution and a form identifier so we can tell which campaign and which form a conversion came from. No tracking or advertising tags load until you accept on the consent banner.

Protocol 04

4. When We Share Data

We never sell or rent your personal information. We only share it when necessary to deliver our services or meet legal obligations.

Hosting & Infrastructure

Providers such as Cloudflare and Vercel that power our sites, forms, and databases

Email Delivery

An email delivery provider (Resend) used to send confirmations, notifications, and any updates you have asked for

Spam & Bot Protection

Cloudflare Turnstile, which verifies that form and chat submissions are from real people

AI Services

Our website assistant uses Cloudflare Workers AI to generate automated responses. Messages you send may be processed by Cloudflare to produce a reply. Personal details in your messages are automatically redacted before storage and before they are sent to the model

Calendar & Meetings

When you book a call we use Google Calendar and Google Meet to schedule the meeting and generate the video link

Professional Services

Accountants, legal advisors, or payment processors who help us operate compliantly

Legal Requirements

Situations where we must disclose information to comply with law enforcement or regulatory requests

Our Sub-processors

Cloudflare

Hosting, security, and Workers AI for our website assistant

Google

Google Calendar and Google Meet for bookings, plus Google Analytics and Google Tag Manager for measurement

OpenAI

Advertising pixel used for conversion measurement and retargeting

Resend

Email delivery for confirmations and notifications

Upstash

Rate limiting to protect our forms and chat from abuse

Protocol 09

9. International Transfers

Some of our providers operate outside the UK/EEA. When data leaves the UK, we rely on adequacy decisions or Standard Contractual Clauses to keep it protected.

US-based Services

Some processors are US-based (Cloudflare, Google, OpenAI, Resend, and Upstash) and store limited data in the United States. Transfers to them rely on Standard Contractual Clauses

EU Data Centres

Most project assets remain within the UK/EU wherever possible

We regularly review third-party partners to ensure they follow strong privacy standards.

Security Protocol

How we keep personal data safe:

  • SSL encryption across every form and page
  • Strong authentication on accounts and hosting platforms
  • Access limited to personnel who need it to deliver services
  • Regular backups stored in encrypted locations
  • Ongoing reviews of vendors and internal processes

Data Retention

Prospect Enquiries

Kept for 18 months in case you revisit the project

Client Project Files

Stored for at least 7 years to meet legal and tax obligations, unless you request deletion earlier and regulations allow it

Chat Lead Transcripts

Kept for around 18 months, the same as other prospect enquiries, so we can follow up

Assistant Improvement Logs

Logs of unanswered questions used to improve the assistant are stored with personal data redacted

Email Subscriptions

Retained until you unsubscribe or request removal

Analytics Data

Aggregated and anonymised after 14 months

Statutory Rights

Access

Request the data we hold about you

Rectify

Correct inaccurate information

Erase

Ask us to delete data when it’s no longer needed

Restrict

Limit how we process your information

Portability

Receive data in a machine-readable format

Object

Object to processing when we rely on legitimate interests

Withdraw Consent

Opt out of marketing at any time