Privacy Policy
JM Web Studio (“we”, “us”) respects your privacy. This policy describes how we may collect, use, and protect information when you visit our website or contact us.
Information we collect
We collect information you provide through our project enquiry form, including your name, email address, phone number, company name, project details, budget, and timeline preferences. We also collect your consent status for data processing and marketing communications. Standard technical data from your browser (such as pages viewed and browser type) may be collected through normal server logs.
Cookies, analytics, and similar technologies
We use Google Analytics 4 (Google Tag / gtag) with the measurement
property ID G-49FZP2LP2Q to understand how visitors use the site
(for example pages viewed, approximate location at region level, and device and browser
type). This involves cookies or similar storage on your device, and the information
may be processed by
Google
in line with your settings. You can control or delete cookies through your browser, and
you can learn more about how Google uses data
here.
Service providers (processors)
We use providers to run the site and handle enquiries. They process personal data on our instructions:
- Supabase — stores your enquiry in a database in the European Union, as described in “Retention & security” below.
- Resend — if enabled, we use it to send us a copy of your enquiry to our business inbox (transactional email). The message may be processed in the United States and elsewhere as described in Resend’s own documentation.
-
Render — hosts a small contact application at
jm-webstudio.onrender.comthat can carry out that email step; it does not replace the Supabase copy of your data.
These providers’ own terms and privacy policies also apply. We do not use your data for their unrelated advertising. Where personal data is transferred outside the United Kingdom and European Economic Area, we rely on appropriateness decisions, the UK IDTA / Addendum, standard contractual clauses, or other lawful mechanisms, as the provider and transfer route require.
Legal basis for processing
We process your personal data based on your explicit consent, given when you submit our enquiry form. You may withdraw consent at any time by contacting us, without affecting the lawfulness of processing based on consent before its withdrawal.
How we use information
We use contact and project-related information to assess and respond to your enquiry, deliver services, and manage our client relationships. If you opted in to marketing communications, we may send occasional updates about our services. We do not sell your personal data. We only share it with the service providers listed above (and, where required, regulators, courts, or other recipients under law or legal process), not for their commercial advertising unrelated to providing our service.
Retention & security
We keep enquiry data for up to 24 months after submission, or for the duration of any resulting client relationship. Data is stored securely using Supabase (hosted in the EU) with row-level security policies, encrypted connections, and access restricted to authorised personnel only.
Your rights (UK Data Protection Act 2018 / UK GDPR)
You have the right to:
- Request access to the personal data we hold about you
- Request correction of inaccurate or incomplete data
- Request deletion of your personal data
- Object to or restrict processing of your data
- Data portability — receive your data in a structured, commonly used format
- Withdraw consent at any time
- Lodge a complaint with the ICO (Information Commissioner's Office)
To exercise any of these rights, contact us using the details on our main site. We will respond within 30 days.
Changes
We may update this policy from time to time. The “Last updated” date at the top will change when we do.
Contact
For privacy questions, please reach out via the contact options shown on our main site.