Privacy Policy

Glitch Guild ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website at www.glitchguild.co.uk (the "Site"), you agree to the collection and use of information in accordance with this policy.

Glitch Guild is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us via the contact form on our website.

We collect the following types of personal data when you use our contact form:

• Name: To identify you and personalize our communication
• Email Address: To respond to your enquiry
• Company Name: To understand the context of your business enquiry
• Message Content: The details of your enquiry or message

We only collect information that you voluntarily provide through our contact form. We do not use cookies, tracking pixels, or analytics tools that collect personal data.

We use your personal data for the following purposes:

• To Respond to Business Enquiries: We use your contact information solely to respond to your B2B (business-to-business) enquiries and communications
• To Provide Information: To send you information you have specifically requested about our services
• Legal Compliance: To comply with legal obligations and protect our legal rights

We do not:

• Sell your personal data to third parties
• Share your data with third parties for marketing purposes
• Use your data for automated decision-making or profiling
• Send unsolicited marketing communications

Under UK GDPR, we process your personal data based on the following lawful grounds:

• Legitimate Interests: Processing is necessary for our legitimate business interests in responding to enquiries and providing information about our services
• Consent: By submitting the contact form, you provide consent for us to process your data for the stated purposes

We use Supabase as our data processor to securely store contact form submissions. Supabase is a reputable cloud infrastructure provider that implements industry-standard security measures to protect your data, including:

• Encryption of data in transit and at rest
• Regular security audits and updates
• Access controls and authentication mechanisms
• Compliance with international data protection standards

All data is stored on servers located within the European Economic Area (EEA) or in jurisdictions that provide adequate data protection as determined by the UK government.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Active Enquiries: We retain your data while we are actively corresponding with you
• Completed Enquiries: We may retain your data for up to 2 years after the completion of correspondence for record-keeping and potential future business purposes
• Legal Requirements: We may retain data longer if required by law

After the retention period expires, we will securely delete or anonymize your personal data.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request that we correct inaccurate or incomplete data
• Right to Erasure: You can request that we delete your personal data ("right to be forgotten")
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request a copy of your data in a machine-readable format
• Right to Object: You can object to our processing of your personal data
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us via our contact form. We will respond to your request within one month.

We use the following third-party service to process your data:

• Supabase: Cloud database and backend infrastructure provider. Supabase acts as a data processor on our behalf and is contractually obligated to process data in accordance with UK GDPR requirements.

We do not share your data with any other third parties unless required by law.

Your personal data is stored within the European Economic Area (EEA) through Supabase's infrastructure. If data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK government.

Our services are directed at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by updating the "Last updated" date at the top of this policy. We encourage you to review this policy periodically.

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

If you have any questions about this Privacy Policy or our data practices, please contact us using the contact form available on our website.