Privacy Policy

Estalytics Ltd trading as Stalytics

Last Updated: October 2025

Document Version: 2.0

1. Our Commitment to Your Privacy

This Privacy Policy outlines how Stalytics (“we”, “us”, “our” ) collects, uses, and protects your personal data. Our commitment is to operate with transparency and integrity. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our website or engaging our services, you acknowledge and agree to the terms of this policy.

2. Controller & Contact Information

For the purpose of the UK General Data Protection Regulation (UK GDPR), the data controller is Estalytics Ltd (Company No: 16412155), registered at 65 Lansdown Crescent, Bath, United Kingdom, BA2 0JX.

For any data protection enquiries, you can contact us at: privacy@stalytics.com.

3. The Information We Collect

We adhere to the principle of data minimisation, collecting only what is necessary to deliver our services and improve your experience.

3.1. Information You Provide Directly:

  • Your name and email address.
  • Details about your business or project.
  • Any other personal data you choose to include in your communications.

3.2. Information We Collect Automatically:

  • IP address.
  • Browser type, version, and device information.
  • Pages visited, actions taken, and timestamps.

3.3. Our Use of Cookies:

We use cookies to enhance site functionality and user experience. For a complete breakdown of the cookies we use, their purpose, and how you can manage them, please review our dedicated Cookie Policy. Your consent for non-essential cookies is managed via our cookie consent banner.

3.4 Data Processed on Behalf of Our Clients

Our role under UK GDPR depends on the specific services we are providing to our clients:

a) As a Technical Service Provider: When we are engaged only to build a website which the client then hosts themselves, our access to personal data is incidental and temporary during the development phase. Upon handover of the website, we do not have ongoing access to, nor do we store or process, any personal data collected on that website.

b) As a Data Processor: When a client subscribes to our Managed Hosting & Support Plan, we provide the server infrastructure where the website and its data are stored. In this capacity, Stalytics acts as a Data Processor on behalf of the client, who remains the Data Controller. Our legal obligations as a Data Processor are formally detailed in our separate Data Processing Agreement (DPA), which governs how we handle and protect the data stored on our systems.

c) The Client's Responsibility as Data Controller: In all cases, the Client remains the Data Controller and is solely responsible for complying with all applicable data protection laws for the data they collect, including having a valid privacy policy, managing data subject requests, and ensuring a lawful basis for processing.

4. How We Use Your Data & Our Lawful Basis

We only process your personal data when we have a lawful basis to do so. The purposes for which we process your data and the legal grounds for that processing are as follows:

  • To provide our services to you: We process your data to deliver projects and manage your account. The lawful basis for this is Contractual Necessity.
  • For Order Fulfilment and Record-Keeping: When you purchase a service, we securely store a record of the transaction, including your email address and order details, on our private servers. This is necessary for us to fulfil your order, maintain accurate financial records as required by UK law, and provide customer support. The lawful basis for this is both Contractual Necessity and Legal Obligation.
  • To communicate with you: We use your contact details to send project updates and billing information. The lawful basis for this is Legitimate Interest.
  • To improve our website: We use analytics data to understand how our site is used. The lawful basis for this is your Consent, which you provide via our cookie banner.
  • For legal and tax compliance: We retain records as required by UK law. The lawful basis for this is Legal Obligation.
  • For marketing: Where we send marketing communications, we do so only with your explicit Consent.

Our Promise: We will never sell, rent, or trade your personal data.

5. Who We Share Your Data With

We only share your data with trusted, GDPR-compliant third parties who perform essential functions on our behalf:

  • Payment Processors: Such as Stripe, to securely handle transactions.
  • Infrastructure Partners: Including our hosting and communication providers.
  • Analytics and Website Improvement Partners: Such as Google, to help us understand and enhance website performance.
  • Legal Authorities: If required by law or a court order.

6. International Data Transfers

We use third-party services, such as Google Analytics, whose servers may be located outside the United Kingdom. Where we transfer your data internationally, we ensure it is protected by relying on approved data transfer mechanisms, such as the UK's adequacy decision for the EU-US Data Privacy Framework or the use of Standard Contractual Clauses.

7. How We Protect Your Data

We employ robust security measures to protect your information, including HTTPS encryption, secure server environments, and strict access controls.

8. Data Retention

We retain your personal data only for as long as is necessary for the purpose for which it was collected. Specifically:

  • Client and project data is retained for 7 years after project completion to comply with UK tax and legal requirements.
  • Enquiry data from non-clients is retained for 12 months.
  • Analytics data is retained for 26 months.

9. Your Data Protection Rights

Under UK data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
  • Your right to withdraw consent - Where we are relying on your consent to process data, you may withdraw it at any time.

You are not required to pay any charge for exercising your rights. To make a request, please contact us at privacy@stalytics.com. We have one month to respond to you. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

10. External Links & Third-Party Sites

Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies before sharing any personal data.

11. Children’s Data

Our services are not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or the law. The “Effective Date” at the top of this page will always indicate the latest version.

13. Contact Us

For any questions, data requests, or concerns, please reach out:

Estalytics Ltd (trading as Stalytics)
Email: privacy@stalytics.com
Registered Office: 65 Lansdown Crescent, Bath, United Kingdom, BA2 0JX
Registered in England and Wales
Company No: 16412155
VAT No: 494843934
ICO Registration No: ZB950355

You also have the right to lodge a complaint with the UK’s data protection authority, the Information Commissioner’s Office (ICO), at https://www.ico.org.uk.