Privacy Policy

1. Introduction

1.1 Who We Are

This Privacy Policy explains how MCGRAY SOLUTIONS LTD, trading as SprintSpeak, collects, uses, and protects your personal data. SprintSpeak is a UK-based website development company that builds websites exclusively for tradespeople.

Contact Details:

• Email: contact@sprintspeak.com
• Website: www.sprintspeak.com
• Address: International House, 109-111 Fulham Palace Road, London, W6 8JA

1.2 Scope

This policy applies to visitors to our website, people who request quotes, clients who engage our services, and anyone who communicates with us.

1.3 Data Controller

MCGRAY SOLUTIONS LTD is the data controller for the personal data we process.

1.4 Our Commitment

We comply with the UK GDPR, Data Protection Act 2018, EU GDPR where applicable, and the Privacy and Electronic Communications Regulations (PECR).

2. What Personal Data We Collect

2.1 Quote Request Information

When you request a quote:

• Name — To address you and identify your request
• Email address — To respond to your enquiry
• Business name and trade (optional) — To understand your context
• Project description — To provide an accurate quote
• Existing website URL (optional) — To review your current online presence

Legal basis: Legitimate interests (responding to business enquiries)

2.2 Client Project Information

When you become a client:

• Contact details — Name, email, phone number, business details
• Business information — Trade type, service area, target customers, key services
• Project materials — Logo, photos, existing copy, or other assets you supply
• Domain and hosting credentials — Access required to deploy and configure your website
• Communications — Emails, messages, call notes, and feedback
• Payment information — Processed by Stripe (see Section 5.1)

Legal basis: Contract performance

2.3 Website Usage Information

When you visit our website we automatically collect technical data (IP address, browser, device type), usage data (pages visited, time on page, referring website), approximate location based on IP, and analytics data via Vercel Analytics.

Legal basis: Legitimate interests

2.4 Marketing Communications (Consent Only)

If you opt in: email address, name, communication preferences, and interaction data. You can withdraw consent at any time.

2.5 Data We Do Not Collect

We do not collect payment card details (handled by Stripe), sensitive personal data, or data from children under 16.

3. How We Use Your Personal Data

3.1 Service Delivery

We use your data to respond to enquiries, design, build, and launch your website, write copy and source imagery where agreed, configure hosting and domain settings, communicate about project progress, provide handover documentation, and deliver ongoing maintenance where agreed.

3.2 Business Operations

We use your data to process payments, maintain financial records, manage client relationships, fulfil legal and tax obligations, and improve our services.

3.3 Marketing (With Your Consent)

With your consent, we may send information about our services. You can opt out at any time using the unsubscribe link or by contacting us.

4. Legal Basis for Processing

• Contract performance — Delivering website services, managing your project, processing payments
• Legitimate interests — Responding to enquiries, improving our website, preventing fraud, B2B marketing
• Consent — Marketing communications and non-essential cookies
• Legal obligation — Tax records, regulatory compliance, legal requests

5. Who We Share Your Data With

We only share data when necessary for service delivery or legal compliance.

5.1 Stripe (Payment Processing)

• What: Transaction information and email
• Location: USA (EU-US Data Privacy Framework)
• Policy: stripe.com/privacy

5.2 Vercel (Hosting and Analytics)

• What: Website usage data and IP addresses
• Location: USA and Europe
• Policy: vercel.com/legal/privacy-policy

5.3 Tally (Enquiry Forms)

• What: Information submitted via our quote request form
• Policy: tally.so/privacy

5.4 Hosting and Domain Providers

When deploying your website, we may work with hosting and domain providers on your behalf. Any credentials we hold are stored securely and transferred to you fully at project completion or service cancellation.

5.5 Professional Advisors and Legal Requirements

We may share data with solicitors, accountants, or regulators when legally required or necessary, subject to confidentiality obligations.

6. International Data Transfers

Some providers are based outside the UK and EEA. Transfers to the USA (Stripe, Vercel) are protected by the EU-US Data Privacy Framework or Standard Contractual Clauses. You have the right to obtain information about safeguards protecting your data in these transfers.

7. How Long We Keep Your Data

• Quote requests (non-clients): 12 months from last contact, then deleted
• Active project data: Throughout the project and a reasonable period following handover
• Business records (contracts, invoices): 6 years from end of financial year (UK tax law)
• Project files and credentials: Transferred to you at handover and deleted from our systems
• Marketing data: Until unsubscribed; inactive contacts removed after 2 years

8. Your Rights Under Data Protection Law

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent where processing is consent-based.

Email contact@sprintspeak.com with your request. We respond within 30 days. We may verify your identity first. No charge unless requests are excessive.

9. Your Right to Complain

Please contact us first at contact@sprintspeak.com — we would appreciate the chance to resolve any concerns directly.

Information Commissioner's Office (ICO)

• Website: ico.org.uk
• Helpline: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

10. Cookies

Essential cookies (no consent required) — session and security cookies necessary for the website to function.

Analytics cookies (require consent) — Vercel Analytics for understanding website usage. Privacy-friendly; no cross-site tracking or fingerprinting.

You can manage cookies through your browser settings. Disabling analytics cookies does not affect website functionality.

11. Data Security

We use HTTPS encryption, secure password policies, access controls, and regular security reviews. Payment card details are not stored by us — all payments are processed by Stripe (PCI DSS Level 1 certified). In the event of a data breach, we will notify you and the ICO within 72 hours as required by law.

12. Children's Privacy

Our services are intended for businesses and are not directed at children under 16. If you believe we have collected data from a child under 16, contact us immediately and we will delete it promptly.

13. Changes to This Policy

Minor changes are reflected in the Last Updated date. Significant changes will be notified by email and website notice at least 30 days before taking effect.

14. Contact Us

Email: contact@sprintspeak.com (subject: Privacy Enquiry)

Address: MCGRAY SOLUTIONS LTD, International House, 109-111 Fulham Palace Road, London, W6 8JA

We aim to respond to all privacy enquiries within 5 business days.

ICO Registration: ZC063941. Governed by the laws of England and Wales.