Privacy Policy

Updated at: 2025-09-25.

Privacy Policy

Effective date:
Website: https://webstats.uk

Quick summary: We collect only what we need to operate and improve WebStats.uk, keep it secure, and comply with the law. You’re in control—this policy explains your choices and rights.

Contents

  1. Who we are & how to contact us
  2. Scope
  3. Data we collect
  4. How we use your data & legal bases
  5. Cookies, analytics & similar technologies
  6. Sharing & international transfers
  7. How long we keep data
  8. Security
  9. Your rights
  10. Children’s privacy
  11. Changes to this policy
  12. How to contact us & complaints

1) Who we are & how to contact us

“WebStats.uk”, “we”, “us” and “our” refer to the data controller responsible for your personal data in connection with the services offered at webstats.uk.

Controller: WebStats.uk
Company number: [add company number] (United Kingdom)
Registered office: [add postal address]
Data Protection Lead: privacy@webstats.uk

If you are based in the EEA and we actively offer services there, we may appoint an EU representative as required by Article 27 GDPR. If applicable, their contact details will be published here.

2) Scope

This policy covers personal data processed when you browse our website, create or use an account, subscribe to updates, contact support, or interact with features, applications, and services we provide (collectively, the “Services”).

This policy is designed to meet requirements of the UK GDPR and the Data Protection Act 2018. If stricter rules apply in your location, we will comply with them where required.

3) Data we collect

3.1 Data you provide

  • Account & profile: name, email, password (hashed), organisation and role.
  • Billing: billing name, address, VAT number, and transaction details (processed by our payment provider; we do not store full card numbers).
  • Support & feedback: the content of messages, attachments, or survey responses.

3.2 Data collected automatically

  • Usage & device: IP address, browser/OS, device type, pages viewed, time on page, referral URLs, clickstream.
  • Service logs: timestamps, authentication events, error and performance diagnostics.
  • Cookies/SDK data: identifiers that help us remember preferences and analyse usage (see Cookies).

3.3 Data from third parties

  • Payments: transaction confirmation and fraud signals from our payment processors.
  • Sign-in providers: if you choose a social login or SSO, we receive basic profile information as permitted by that provider.

We do not intentionally collect special category data (e.g., health, biometric, political opinions) nor do we sell personal data.

4) How we use your data & legal bases

Purpose Examples Legal basis
Provide the Services Account creation, authentication, usage analytics dashboards, customer support Performance of a contract
Improve & personalise Debugging, feature measurement, UI preferences Legitimate interests (service improvement)
Security & fraud prevention Rate limiting, detecting abuse, safeguarding accounts Legitimate interests; legal obligations
Communications Transactional emails (e.g., receipts, service notices) Performance of a contract; legal obligations
Marketing (optional) Newsletters, product updates Consent (you can withdraw at any time)
Compliance Tax, accounting, regulatory requests Legal obligations

Where we rely on legitimate interests, we balance them against your rights and reasonable expectations and use the least intrusive options available. Where we rely on consent, you may withdraw it at any time via links in our emails or by contacting us.

5) Cookies, analytics & similar technologies

We use cookies and similar technologies to run the website, remember your preferences, and analyse traffic. Some cookies are strictly necessary; others are optional and used only with your consent.

Cookie categories

Category What they do Examples Retention
Strictly necessary Security, authentication, basic functionality Session ID, CSRF token Session / up to 12 months
Preferences Remember settings like language and theme Locale, UI layout Up to 12 months
Analytics Measure usage to improve the service Anonymous/aggregated usage metrics Up to 24 months
Marketing (optional) If enabled, measure campaign performance Campaign & referrer identifiers Up to 24 months

You can manage non-essential cookies via our cookie banner/settings and in your browser. “Do Not Track” (DNT) is not consistently standardised; however, where feasible we will treat it as an opt-out signal for non-essential tracking.

6) Sharing & international transfers

We share personal data only when necessary:

  • Service providers (processors): hosting, email delivery, payment processing, analytics, and support tools bound by contracts and confidentiality.
  • Legal & safety: to comply with law, enforce our terms, or protect rights, property, or safety.
  • Business transfers: in a merger, acquisition, or asset sale, subject to safeguards and notice.

If we transfer data outside the UK (or EEA), we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (as applicable), plus additional measures where needed.

7) How long we keep data

We keep personal data only as long as needed for the purposes described above, including to meet legal, accounting, or reporting requirements. Typical retention periods include:

  • Account data: for the life of the account and up to 24 months after closure (unless we must retain it longer by law).
  • Billing records: 6–10 years to meet tax and accounting obligations.
  • Support tickets: up to 24 months after resolution.
  • Analytics data: typically 12–24 months in aggregated or de-identified form.

8) Security

We apply administrative, technical, and organisational measures appropriate to the risks, including encryption in transit, least-privilege access controls, audit logging, regular patching, and vendor due diligence. No system is perfectly secure; if we detect a breach likely to result in a high risk to your rights and freedoms, we will notify you and the relevant authorities as required by law.

9) Your rights

Subject to limitations under the UK GDPR, you have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase data (“right to be forgotten”) in certain circumstances.
  • Restrict processing in certain circumstances.
  • Object to processing based on our legitimate interests or for direct marketing.
  • Port data to another provider where technically feasible.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO).

To exercise your rights, contact us at privacy@webstats.uk. We may ask you to verify your identity before fulfilling your request. We aim to respond within one month.

10) Children’s privacy

Our Services are not directed to children under 13 (or the relevant age of digital consent in your country). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us so we can delete it.

11) Changes to this policy

We may update this policy from time to time. We will post the revised version with an updated “Effective date” and, if changes are material, we will provide additional notice (e.g., by email or in-app).

12) How to contact us & complaints

For questions, requests, or complaints about this policy or our data practices, contact our Data Protection Lead at privacy@webstats.uk or write to: [add postal address].

You can also contact or complain to the UK Information Commissioner’s Office (ICO):
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK
Telephone: +44 303 123 1113
Website: ico.org.uk

© WebStats.uk. All rights reserved.