Privacy Policy
Last updated: 12 May 2026
1. Who we are
This privacy policy explains how Dotfound Ltd ("Dotfound", "we", "us") collects, uses, and protects personal data.
Dotfound Ltd is registered in England and Wales (company number 14058994). Registered office: 3rd Floor, 86-90 Paul Street, London, EC2A 4NE. To contact us, please use our .
For the personal data we collect through this website and in the course of running our consultancy, Dotfound is the controller under the UK GDPR, meaning we decide why and how that data is used.
When we deliver client projects (for example, configuring Google Analytics or building dashboards) we act as a processor of our clients' personal data, on their instructions. That processing is governed by our agreement with the client, not by this policy.
2. Quick summary
- We collect basic information from visitors to our website (analytics data, contact form details) and from people we work with or talk to about work.
- We use Google services and a small number of other tools to run the business. They are listed below.
- We don't sell personal data. We don't share it with advertisers.
- You have rights over your data, including the right to ask what we hold, correct it, or have it deleted. Contact details for exercising those rights are at the end.
3. What personal data we collect, and why
3.1 Visitors to dotfound.co.uk
When you visit our website, we collect:
- Analytics data: pages viewed, approximate location (country/region), device type, browser, referring source. Collected via Google Analytics 4. We use this to understand how the site is used and where to improve it.
- Cookie consent preferences: your choice when you interact with our cookie banner. Stored as a cookie on your device.
- Form submissions: if you fill in our contact form, we collect the name, email address, company, and message you provide.
We use these to operate the site, understand visitor behaviour, and respond to enquiries.
3.2 People who contact us about work
If you email us, call us, or fill in our contact form, we collect:
- Your name, work email address, company, and any details you share in the message.
- A record of our correspondence.
We use this to respond to your enquiry, follow up on potential work, and keep a record of business communications.
3.3 Clients and client contacts
When we work with a client, we hold:
- Names, work email addresses, and phone numbers of the individuals at the client's organisation who are involved in the project.
- Billing details (company name, address, VAT number, and payment account information).
- Project records, meeting notes, and correspondence.
We use this to deliver the services, manage the engagement, raise invoices, and keep accurate business records.
4. Legal bases for processing
Under the UK GDPR we need a lawful basis for each type of processing. Ours are:
| What we do | Lawful basis |
|---|---|
| Operate the website (essential cookies, basic logs) | Legitimate interest: running our site securely |
| Analytics cookies and tracking | Consent: you can withdraw via the cookie banner |
| Respond to enquiries via the contact form | Legitimate interest: replying to people who contact us |
| Deliver services to clients | Performance of a contract |
| Send invoices and manage business records | Legal obligation (UK accounting and tax law) and legitimate interest |
| Keep records of correspondence | Legitimate interest: running the business and resolving disputes |
5. Who we share data with
We don't sell personal data. We don't share it with advertisers.
We do use a small number of trusted service providers ("sub-processors") to run the business. Each is bound by appropriate data protection terms.
- Google (Workspace, Gmail, Drive, Calendar, Meet): for email, file storage, scheduling, and meetings.
- Google Analytics 4: to measure how the website is used.
- Google Tag Manager: to manage tags on the website.
- Notion: for project notes, client records, and internal documentation.
- Crunch: for invoicing, bookkeeping, and accountancy services.
We may also disclose personal data where required by law, a court order, or a regulator, or to protect our legal rights.
6. International transfers
Some of the services we use (notably Google) involve transferring personal data outside the UK and the European Economic Area, including to the United States. Where they do, we rely on the safeguards required by UK GDPR:
- A UK adequacy decision (where one applies), or
- The UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or
- Other lawful transfer mechanisms.
Copies of the relevant safeguards are available on request.
7. How long we keep data
We don't keep personal data longer than we need to.
| Type of data | Retention |
|---|---|
| Website analytics data | As configured in Google Analytics 4 (default: up to 14 months) |
| Contact form submissions and enquiry correspondence | Retained as part of our ongoing business records. We don't apply a fixed deletion schedule but will delete on request, subject to any legal obligation to retain. |
| Client records, project files, and correspondence | For the duration of the engagement and for 7 years after the engagement ends, in line with UK accounting requirements |
| Invoices, billing records, and accounting data | 7 years (UK statutory requirement) |
| Cookie consent records | Up to 12 months from the time consent was given |
We may keep data for longer where law requires it or where it's needed to bring or defend a legal claim.
8. Your rights
Under the UK GDPR you have the following rights over your personal data:
- Access: ask what data we hold about you and get a copy.
- Rectification: ask us to correct data that's wrong or incomplete.
- Erasure: ask us to delete your data (subject to legal exceptions, e.g. records we have to keep for tax purposes).
- Restriction: ask us to pause processing in certain circumstances.
- Objection: object to processing based on legitimate interest.
- Portability: receive your data in a portable format, where the processing is based on consent or contract.
- Withdraw consent: where we rely on consent, you can withdraw it at any time. Withdrawing consent doesn't affect the lawfulness of any processing we did before.
- Complain to the ICO: see section 10.
To exercise any of these rights, please . We aim to respond within 30 days.
9. Cookies
Our website uses cookies and similar technologies. A cookie is a small file stored on your device that helps a site recognise you on your next visit or measure how the site is used.
We use:
- Strictly necessary cookies: required for the site to function. These don't require consent.
- Analytics cookies: set by Google Analytics to measure how the site is used. These require your consent and are set only after you agree via our cookie banner.
- Consent preference cookie: records your choice in the cookie banner so we don't ask again on every page.
You can change your cookie preferences at any time via the cookie consent settings, or by clearing cookies in your browser settings. Blocking analytics cookies won't affect site functionality.
10. Complaints
If you're unhappy with how we've handled your personal data, please so we can try to put it right.
You also have the right to complain to the UK regulator, the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
11. Changes to this policy
We may update this policy from time to time. The "last updated" date at the top reflects when we last made a change. If we make a material change that affects how we use your data, we'll let you know, either by email (where appropriate) or by a notice on this page.
12. Contact
If you have questions about this policy or about how we handle personal data, please get in touch.
Dotfound Ltd
3rd Floor, 86-90 Paul Street, London, EC2A 4NE