Privacy Policy
Fernside Studio respects your privacy. This notice explains the personal information we collect, why we collect it, and the steps we take to keep it secure in accordance with UK GDPR and the Data Protection Act 2018.
1. Contact Information
2. Information We Collect
2.1 Information You Provide
Enquiry & Funnel Forms
Name, company, email, phone number, project details, goals, budget range, preferred timeline, and answers to the questions in our guided enquiry funnels
Newsletter Sign-up
Email address and optional first name when you subscribe to our updates
Website Chat
Messages you send to our website assistant, and your email if you choose to share it for a follow-up. Replies are automated and AI-generated. Your messages may be processed by Cloudflare Workers AI to generate a reply, and personal details (such as names, emails, and phone numbers) are automatically redacted before your message is stored and before it is sent to the model. We also store a random first-party identifier in your browser (localStorage) so we can recognise a returning chat visitor and keep your conversation history together. It is functional only, not used for advertising, and not shared with third parties; clearing your browser storage removes it. Please do not share sensitive personal or confidential information in the chat
Bookings
Name, email, and any notes when you book a call, used to create the calendar event and meeting link
Email & Calls
Additional context you share when we speak via email, phone, or video call
Billing Details
Contact information and payment references required to issue invoices and contracts
2.2 Data Collected Automatically
Analytics
Anonymised visitor data (pages viewed, device type, approximate location) collected through privacy-friendly analytics providers
Technical Logs
IP address, browser version, error logs, and security events generated by our hosting services
Cookies
Essential cookies that keep the site functioning, plus optional analytics cookies if you consent
3. How We Use Your Information
3.1 Legal Basis
Contract
Delivering design and development services, preparing statements of work, and managing projects
Legitimate Interests
Responding to enquiries, improving our website, and safeguarding our platform against misuse
Consent
Sending optional updates or resources, only when you opt in
3.2 Practical Uses
- Replying to enquiries within one business day
- Producing proposals, quotes, and contracts
- Carrying out commissioned work and providing support
- Processing invoices and bookkeeping
- Monitoring site performance and preventing abuse
- Sharing Fernside Studio news or resources when requested
8. Cookies
8.1 What Are Cookies
Cookies are small files stored on your device that help websites function and understand usage patterns.
8.2 Types We Use
Essential Cookies
Keep the site secure and functional. These cannot be disabled.
Analytics Cookies
Anonymous usage data that helps us improve layouts and content.
Preference Cookies
Remember your settings (such as cookie consent choices) for future visits.
8.3 Managing Cookies
You can block or delete cookies in your browser settings. Disabling essential cookies may affect site functionality.
8.4 Conversion & Advertising Tracking
With your consent we use measurement and advertising tools to understand how visitors find us and which of our pages lead to enquiries. These fire only after you accept via our cookie consent banner. The lawful basis is your consent, which you can withdraw at any time.
Google Analytics 4 (G-8K6QTNCF55)
Measures site usage and conversion events such as form submissions, bookings, newsletter sign-ups, and chat leads
Google Tag Manager (GTM-WVGJQB2H)
Manages and triggers our measurement and advertising tags
OpenAI Advertising Pixel
Used for advertising measurement and retargeting once you have consented
Alongside these events we send UTM campaign attribution and a form identifier so we can tell which campaign and which form a conversion came from. No tracking or advertising tags load until you accept on the consent banner.
4. When We Share Data
We never sell or rent your personal information. We only share it when necessary to deliver our services or meet legal obligations.
Hosting & Infrastructure
Providers such as Cloudflare and Vercel that power our sites, forms, and databases
Email Delivery
An email delivery provider (Resend) used to send confirmations, notifications, and any updates you have asked for
Spam & Bot Protection
Cloudflare Turnstile, which verifies that form and chat submissions are from real people
AI Services
Our website assistant uses Cloudflare Workers AI to generate automated responses. Messages you send may be processed by Cloudflare to produce a reply. Personal details in your messages are automatically redacted before storage and before they are sent to the model
Calendar & Meetings
When you book a call we use Google Calendar and Google Meet to schedule the meeting and generate the video link
Professional Services
Accountants, legal advisors, or payment processors who help us operate compliantly
Legal Requirements
Situations where we must disclose information to comply with law enforcement or regulatory requests
Our Sub-processors
Cloudflare
Hosting, security, and Workers AI for our website assistant
Google Calendar and Google Meet for bookings, plus Google Analytics and Google Tag Manager for measurement
OpenAI
Advertising pixel used for conversion measurement and retargeting
Resend
Email delivery for confirmations and notifications
Upstash
Rate limiting to protect our forms and chat from abuse
9. International Transfers
Some of our providers operate outside the UK/EEA. When data leaves the UK, we rely on adequacy decisions or Standard Contractual Clauses to keep it protected.
US-based Services
Some processors are US-based (Cloudflare, Google, OpenAI, Resend, and Upstash) and store limited data in the United States. Transfers to them rely on Standard Contractual Clauses
EU Data Centres
Most project assets remain within the UK/EU wherever possible
We regularly review third-party partners to ensure they follow strong privacy standards.
Security Protocol
How we keep personal data safe:
- SSL encryption across every form and page
- Strong authentication on accounts and hosting platforms
- Access limited to personnel who need it to deliver services
- Regular backups stored in encrypted locations
- Ongoing reviews of vendors and internal processes
Data Retention
Prospect Enquiries
Kept for 18 months in case you revisit the project
Client Project Files
Stored for at least 7 years to meet legal and tax obligations, unless you request deletion earlier and regulations allow it
Chat Lead Transcripts
Kept for around 18 months, the same as other prospect enquiries, so we can follow up
Assistant Improvement Logs
Logs of unanswered questions used to improve the assistant are stored with personal data redacted
Email Subscriptions
Retained until you unsubscribe or request removal
Analytics Data
Aggregated and anonymised after 14 months
Statutory Rights
Access
Request the data we hold about you
Rectify
Correct inaccurate information
Erase
Ask us to delete data when it’s no longer needed
Restrict
Limit how we process your information
Portability
Receive data in a machine-readable format
Object
Object to processing when we rely on legitimate interests
Withdraw Consent
Opt out of marketing at any time