Privacy Policy

Last updated: 27 March 2026

Studio Tom("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

We are Studio Tom, a digital services agency based in the United Kingdom. You can contact us at hello@studiotom.co.uk for any privacy-related queries.

What data we collect

We collect the minimum data necessary to provide our services:

  • Contact form submissions: your name, email address, and message.
  • Free audit requests: your website URL and email address.
  • Analytics data (with consent): anonymised usage data such as pages visited, device type, and approximate location. This is collected via PostHog and Google Analytics 4.
  • Technical data: your IP address, browser type, and device information — collected automatically by our hosting provider (Vercel) for security and performance purposes.
  • Anonymous visitor identifier: a randomly generated ID stored in your browser's local storage to help us understand how visitors interact with our site. This contains no personal information.

Why we collect it (legal basis)

  • Legitimate interest: to respond to enquiries, deliver our services, and improve our website.
  • Consent: for analytics and marketing cookies — you can accept or reject these via our cookie banner at any time.
  • Contractual necessity: to fulfil service agreements with clients.

How we use your data

  • To respond to your enquiries and deliver requested services.
  • To send you the results of your free website audit.
  • To improve our website and understand how it is used (with your consent).
  • To send transactional emails related to your enquiry (not marketing).

We will never sell your data to third parties.

Who we share data with

We only share your data with trusted processors who help us run our business:

  • Supabase (database hosting — EU/US)
  • Resend (transactional email delivery)
  • Vercel (website hosting)
  • PostHog (analytics — with your consent only)
  • Google Analytics 4 (analytics — with your consent only)

Where data is transferred outside the UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).

How long we keep your data

  • Contact submissions and audit requests: 2 years, then deleted.
  • Analytics data: automatically expires based on cookie duration (see our Cookie Policy).

Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify any inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing of your data.
  • Data portability — receive your data in a structured format.
  • Withdraw consent at any time for analytics/marketing cookies.

To exercise any of these rights, email us at hello@studiotom.co.uk. We will respond within 30 days.

Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this page periodically.