Privacy Policy — FreshWeb

This Privacy Policy explains how The Makers Collective Ltd (company number 09372069), trading as FreshWeb ("FreshWeb", "we", "us", or "our"), collects, uses, and protects personal data in connection with our website (https://fresh-web.co.uk) and the website design, hosting, and related services we provide ("Services"). We are the data controller in respect of the personal data described in this Policy, except where we act as a processor on behalf of our clients (see section 9). If you have any questions about this Policy or wish to exercise your rights, please contact us at hello@fresh-web.co.uk.

1. Who This Policy Applies To

This Policy applies to:

Visitors to our website;
Clients who subscribe to our Services;
Prospective clients with whom we communicate as part of B2B sales outreach;
End users of websites built and hosted by FreshWeb (for whom we act as a processor).

2. What Personal Data We Collect

2.1 Website visitors: When you visit our website, we collect your IP address, browser type and version, pages visited, and any information you provide via contact forms (name, email, message).

2.2 Clients: We collect your name, business name, billing address, email address, phone number, payment information (processed securely via Stripe), domain names, website content, mailbox credentials, support requests, and usage data about your Services.

2.3 Prospective clients (B2B outreach): In connection with sales outreach, we collect business names and URLs, publicly available contact details, names and roles of decision-makers, notes from calls or communications, and automated analysis of your public web pages.

2.4 End users of client websites: We collect form submissions, analytics data, and email communications on behalf of our clients (we act as a processor in this context).

3. How We Collect Personal Data

We collect personal data in the following ways:

Directly from you: when you complete contact forms, subscribe to Services, or communicate with us;
Automatically: via cookies and similar technologies when you visit our website;
From public sources: via web searches, company databases, and LinkedIn in connection with B2B outreach;
From third-party providers: such as payment processors, hosting providers, and analytics services.

4. Automated Website Analysis

As part of our B2B sales process, we may automatically fetch and analyse publicly accessible pages of your website to:

Take screenshots and analyse page structure;
Extract contact information;
Check website performance metrics;
Generate AI-powered summaries of your business offerings (using Claude API).

This analysis is limited to publicly accessible content. If you wish to opt out of this analysis, please email hello@fresh-web.co.uk.

5. How We Use Personal Data

We use personal data for the following purposes:

Service delivery: to design, build, host, and maintain your website;
Payments: to process subscription fees and manage billing;
Communications: to respond to your enquiries and provide support;
Notifications: to alert you to service changes, maintenance, or security issues;
Service improvement: to analyse usage data and improve our Services;
B2B outreach: to contact prospective clients about our Services;
Legal compliance: to comply with legal obligations (e.g. tax, accounting, fraud prevention);
Legal defence: to establish, exercise, or defend legal claims;
Marketing: to send you updates about our Services (where you have consented or under legitimate interests).

6. Legal Basis for Processing

We process personal data on the following legal bases:

Contract: where processing is necessary to deliver the Services you have subscribed to;
Legitimate interests: where we have a legitimate business interest (e.g. fraud prevention, sales outreach, service improvement) that does not override your rights;
Consent: where you have explicitly consented (e.g. to marketing communications);
Legal obligation: where we are required by law (e.g. tax reporting, law enforcement requests).

For B2B outreach, we rely on legitimate interests under UK GDPR and the "soft opt-in" exception under the Privacy and Electronic Communications Regulations (PECR).

7. Who We Share Personal Data With

We share personal data with the following categories of recipients:

Provider	Purpose	Location
Stripe	Payment processing, subscription management	EU / US
Cloudflare	DNS, CDN, SSL, DDoS protection	Global
Migadu	Email mailbox hosting for clients	Switzerland
Vercel	Website hosting and deployment	EU / US
Neon	Database hosting for our internal systems	EU
Resend	Transactional email delivery	EU / US
Clerk	Authentication for our dashboards	EU / US
Google Workspace	Internal email and productivity	EU / US
Anthropic	AI-powered analysis (via Claude API)	US

We may also share personal data with:

Accountants and legal advisors for tax, accounting, and legal compliance;
Government bodies when required by law;
Successors and acquirers in the event of a merger, acquisition, or sale of assets.

Where data is transferred outside the UK, we use appropriate safeguards including the UK International Data Transfer Agreement (UK IDTA), Standard Contractual Clauses (EU SCCs), or adequacy decisions where available.

8. How Long We Keep Personal Data

We retain personal data for the following periods:

Website visitor analytics: up to 14 months;
Contact form submissions: up to 24 months;
Client account records: for the duration of the subscription plus 7 years;
Client website content and mailboxes: for the duration of the subscription plus 30 days (after which they are permanently deleted);
Prospective client records: until you opt out;
Marketing materials: indefinitely per our Terms of Service;
Financial records: 7 years (required by law for tax purposes).

9. When We Act as a Data Processor

Where we process personal data on the instructions of a client (for example, form submissions, analytics, or email communications via client websites), the client is the data controller and we act as a processor. We process data only in accordance with client instructions. A Data Processing Agreement (DPA) is available on request for business customers.

10. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies. For detailed information about what cookies we use, why we use them, and how to manage your preferences, please see our Cookie Policy.

11. Your Rights

Under UK GDPR and other data protection laws, you have the following rights:

Right of access: to request a copy of personal data we hold about you;
Right to rectification: to correct inaccurate data;
Right to erasure: to request deletion of your data (subject to legal retention obligations);
Right to restrict processing: to request that we limit how we use your data;
Right to data portability: to receive your data in a structured, portable format;
Right to object: to opt out of processing for certain purposes (e.g. marketing);
Right to withdraw consent: where processing is based on consent;
Right to complain: to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

12. Opting Out of Sales Outreach

If you are a prospective client and no longer wish to receive sales communications from us, you can:

Reply to any email with "unsubscribe";
Click the unsubscribe link in any marketing email;
Email us at hello@fresh-web.co.uk with a request to remove you from our outreach list;
Tell us verbally during any call or communication.

13. Data Security

We take data security seriously and implement industry-standard safeguards, including:

HTTPS and TLS encryption for data in transit;
Encryption of sensitive data at rest;
Access controls and need-to-know-basis access for staff;
Regular security reviews and testing;
Secure password management for account credentials.

However, no security measure is 100% guaranteed. If you believe your data has been compromised, please contact us immediately at hello@fresh-web.co.uk.

14. International Transfers

Personal data may be transferred outside the UK to other countries, including the US and EU. Where transfers occur, we use appropriate safeguards including the UK International Data Transfer Agreement (UK IDTA), EU Standard Contractual Clauses (SCCs), or adequacy decisions where applicable.

15. Children

Our Services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you via email or the client dashboard. Please check the "Last updated" date at the top of this Policy to see when it was last revised.

17. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data processing, please contact:

The Makers Collective Ltd (trading as FreshWeb)
60 Windsor Avenue
London SW19 2RR
United Kingdom
Email: hello@fresh-web.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

This Privacy Policy was last updated on 9 April 2026.