freewebsites.co.uk

Privacy Policy

Last updated: 1 April 2026

1. Who we are

freewebsites.co.uk ("we", "us", "our") is operated by a company registered in England and Wales (Company No. 11499301). We operate the website freewebsites.co.uk and provide website design, hosting, and related services to UK small businesses.

If you have any questions about this policy or how we handle your data, contact us at hello@freewebsites.co.uk.

2. What data we collect

2.1 Account information

When you sign up for an account we collect your:

  • Full name
  • Email address
  • Phone number
  • Password (stored securely as a one-way hash — we never see or store your plain-text password)

2.2 Business information

During the onboarding process we collect details about your business so we can build your website, including:

  • Business name, type, and description
  • Business contact details (phone, email, address)
  • Logo (if uploaded)
  • Style and design preferences
  • Services you offer
  • Page selections

2.3 Payment information

Payments are processed securely by Stripe. We do not store your full card number on our servers. Stripe provides us with a customer ID, subscription ID, and payment status so we can manage your account. Stripe's own privacy policy applies to the card details you enter.

2.4 Domain registration

If you purchase a domain through us, we pass your name, email, address, and phone number to our domain registrar, Namecheap, for the purposes of completing the domain registration on your behalf. Domain registrars are required to collect registrant contact details under ICANN rules. Namecheap's privacy policy applies to the data they hold.

2.5 Contact form submissions

When visitors to your published website submit a contact form, we store their name, email, phone number (if provided), and message so we can forward it to you.

2.6 Website editing history

We store the history of edits and revision requests you make to your website so you can review changes.

2.7 Technical data

Our servers automatically log standard technical data when you use our platform, including IP addresses, browser type, and pages visited. This data is used for security, debugging, and maintaining the service.

3. How we use your data

We use the personal data we collect to:

  • Create and manage your account
  • Build, host, and maintain your website
  • Process payments and manage your subscription
  • Register and manage your domain name
  • Forward contact form submissions from your website visitors to you
  • Send important service emails (e.g. payment confirmations, trial reminders, security alerts)
  • Provide customer support
  • Detect and prevent fraud or abuse

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

4. Lawful basis for processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract — processing necessary to deliver the services you signed up for (account management, website building, hosting, payment processing, domain registration).
  • Legitimate interests — security monitoring, fraud prevention, service improvement, and technical logging.
  • Legal obligation — retaining financial records as required by UK tax and company law.

5. Who we share data with

We share personal data only with the following categories of third party, and only as necessary:

  • Stripe — we pass your payment details to Stripe for the purposes of processing subscription payments and managing your billing securely. Stripe is a PCI DSS-compliant payment processor.
  • Namecheap — we pass your name, email, address, and phone number to Namecheap for the purposes of registering and managing your domain name, as required by ICANN domain registration rules.
  • Google Fonts — your browser connects directly to Google's servers to load fonts used on our platform. We do not send any of your personal data to Google, but your browser may transmit your IP address when requesting font files.
  • Pexels — we use stock photography from Pexels in website builds. No visitor or customer personal data is shared with Pexels.
  • Our hosting provider — your data is stored on our hosting provider's infrastructure in secure datacentres located in the EU or the United Kingdom. We do not guarantee which specific location your data will be held in, but all locations meet equivalent data protection standards.

We do not transfer personal data outside the UK or EEA except where our third-party processors (such as Stripe) operate internationally under appropriate safeguards including Standard Contractual Clauses.

6. How long we keep your data

  • Account and business data — retained for the duration of your account, plus 6 years after cancellation to comply with UK financial record-keeping requirements.
  • Contact form submissions — retained for 12 months after submission, then automatically deleted.
  • Payment records — retained for 6 years as required by HMRC.
  • Technical logs — retained for up to 90 days.

7. How we protect your data

We take the security of your data seriously. Measures include:

  • Passwords are hashed using bcrypt with a high cost factor
  • All data is transmitted over HTTPS (TLS encryption in transit)
  • Payment data is handled entirely by Stripe (PCI DSS compliant)
  • Access to production systems is restricted to authorised personnel
  • Infrastructure is hosted in secure datacentres in the EU or the United Kingdom

8. Your rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data (subject to legal retention requirements)
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, email us at hello@freewebsites.co.uk. We will respond within one month.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

Our platform uses only strictly necessary cookies to keep you logged in and manage your session. We do not use advertising cookies, analytics cookies, or tracking pixels.

Third-party services (such as Google Fonts) may set their own cookies when your browser loads resources from their servers. These are not within our direct control.

10. Changes to this policy

We may update this policy from time to time. If we make significant changes, we will notify you by email or by displaying a notice on our platform. The "Last updated" date at the top of this page will always reflect the most recent version.