Webmasters LDN
Contact us to start your next project.build@webmastersldn.comContact us to start your next project.build@webmastersldn.comContact us to start your next project.build@webmastersldn.comContact us to start your next project.build@webmastersldn.com
Webmasters LDN Logo

Webmasters LDN /  Legal

Privacy Policy

Webmasters LDN is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have under UK data protection law.

Last updated 9 June 2026

Jurisdiction: These policies are written for and governed by the law of the United Kingdom. They are intended for use in UK-based situations and are provided in English, which is the authoritative version. If you access Webmasters LDN from outside the UK, you do so on your own initiative and are responsible for compliance with your local laws.

1. Who we are

Webmasters LDN (“we”, “us”, “our”) is a software studio based in the United Kingdom. We operate the website at https://webmastersldn.com and the associated client portal (the “Site”).

For the purposes of the UK GDPR and the Data Protection Act 2018, we are the data controller of the personal data we collect through the Site and in the course of providing our services, except where we act as a processoron behalf of a client (see section 11). Where we are required to register with the Information Commissioner’s Office (ICO) as the UK supervisory authority, we maintain that registration.

2. The personal data we collect

We collect and process the following categories of personal data:

  • Identity and contact data — your name, email address, telephone number, company name, job title and the contents of any message you send us.
  • Account data — credentials and profile details for client portal users, including role, organisation and authentication identifiers. We never see your password in plain text; it is hashed and managed by our authentication provider.
  • Project and content data — files, documents, briefs, messages, support tickets and other materials you upload to or exchange through the portal.
  • Transaction and billing data — invoice details, amounts, payment status and records of payments. Card details are entered directly with our payment processor and are never stored on our servers.
  • Technical and usage data — IP address, device and browser type, operating system, pages viewed, referring pages, and the dates and times of your visits, collected through server logs and (with consent) analytics.
  • Communications data — records of your correspondence with us by email, through the portal or through our contact and support forms.

We do not intentionally collect special category data (such as data about health, race, religion or political opinions) and ask that you do not submit it through the Site unless we have specifically requested it for a defined purpose.

3. How we collect your data

  • Directly from you when you complete the contact form, request a quote, create or use a portal account, upload files, raise support tickets, pay an invoice or correspond with us.
  • Automatically as you navigate the Site, through cookies, server logs and similar technologies (see our Cookie Policy).
  • From third parties, such as our payment processor confirming the status of a payment, or publicly available business sources where relevant to a prospective engagement.

4. Why we use your data and our lawful bases

Under the UK GDPR we must have a lawful basis for each use of your personal data. We rely on the following:

PurposeLawful basis
Responding to enquiries and providing quotesSteps taken at your request prior to entering a contract; our legitimate interest in responding to business enquiries
Delivering our services and operating the client portalPerformance of a contract with you or your organisation
Processing invoices and paymentsPerformance of a contract; compliance with legal obligations (tax and accounting)
Sending service and account notificationsPerformance of a contract; our legitimate interest in keeping you informed
Securing the Site and preventing fraud or abuseOur legitimate interest in protecting our systems and users; legal obligations
Functional and analytics cookiesYour consent
Marketing communications, where applicableYour consent, or our legitimate interest for existing clients on related services (with an opt-out)
Keeping records and complying with the lawCompliance with legal obligations; our legitimate interest in maintaining accurate records

Where we rely on legitimate interests, we have carried out a balancing assessment to ensure your rights and freedoms are not overridden. You can ask us for more information about that assessment at any time.

5. Marketing

We will only send you marketing communications where you have consented, or where you are an existing client and the message relates to similar services and you have not opted out. You can withdraw consent or unsubscribe at any time using the link in any marketing email or by contacting us. Withdrawing consent does not affect service or transactional messages, which we must send to operate your account.

6. Who we share your data with

We do not sell your personal data. We share it only as necessary with the following categories of recipient, under appropriate contracts:

  • Supabase — our database, authentication and file-storage provider, which hosts portal accounts, project content and uploaded files on our behalf.
  • Stripe — our payment processor, which handles invoice payments and card data directly and securely. We receive confirmation of payment status but not your full card details.
  • Brevo (Sendinblue) — our transactional email provider, used to send account, enquiry and notification emails.
  • Hosting and infrastructure providers — who host and deliver the Site and store server logs.
  • Professional advisers — accountants, auditors, insurers and lawyers where reasonably necessary.
  • Authorities and successors — regulators, law enforcement or courts where legally required, and any purchaser if we sell or reorganise our business.

Our processors act only on our documented instructions and are bound by written terms that require them to keep your data secure and confidential.

7. International transfers

Some of our providers may process personal data outside the United Kingdom. Where they do, we ensure an appropriate safeguard is in place, such as the UK’s adequacy regulations, the International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, so that your data continues to receive a level of protection essentially equivalent to that in the UK. You can request a copy of the relevant safeguard by contacting us.

8. How long we keep your data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy any legal, accounting or reporting requirements. In general:

  • enquiry and prospect data is kept for up to 24 months after our last contact;
  • client account and project data is kept for the duration of the engagement and for up to 6 years afterwards;
  • invoicing and financial records are kept for at least 6 years to meet tax law;
  • server logs and security records are kept for a shorter period, typically up to 12 months.

When data is no longer needed we will securely delete or anonymise it.

9. How we protect your data

We use appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. These include encryption in transit, access controls and the principle of least privilege, role-based permissions in the portal, secure credential handling, and regular review of our providers’ security. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and to detect and respond to incidents.

10. Your rights

Under UK data protection law you have the following rights:

  • Access — to obtain a copy of the personal data we hold about you;
  • Rectification — to have inaccurate or incomplete data corrected;
  • Erasure — to ask us to delete your data in certain circumstances;
  • Restriction — to ask us to limit how we use your data;
  • Portability — to receive certain data in a structured, machine-readable format;
  • Objection — to object to processing based on legitimate interests or to direct marketing;
  • Withdraw consent — where we rely on consent, at any time, without affecting earlier processing;
  • Rights relating to automated decisions — we do not make decisions producing legal or similarly significant effects based solely on automated processing.

To exercise any right, contact us at privacy@webmastersldn.com. We will respond within one month, which we may extend by two further months for complex requests, in which case we will let you know. We do not charge a fee unless your request is clearly unfounded or excessive. We may need to verify your identity before acting.

11. When we act as a processor

When we build and operate software for a client, we may process personal data that belongs to that client’s own customers or staff. In that case the client is the controller and we are the processor, acting only on the client’s documented instructions under a written agreement that meets Article 28 of the UK GDPR. If you are an end user of software we have built for a client, please contact that client, as their privacy notice governs that data.

12. Children

The Site and our services are intended for businesses and are not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. Third-party links

The Site may contain links to third-party websites or services that we do not control. This policy does not apply to those sites, and we are not responsible for their practices. Please review their privacy notices before providing them with personal data.

14. Changes to this policy

We may update this Privacy Policy from time to time. The date at the top of this page shows when it was last revised. Where changes are material, we will take reasonable steps to notify you, for example by email or a notice on the Site.

15. How to contact us and complain

For any privacy question or to exercise your rights, contact our privacy team at privacy@webmastersldn.com.

If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority, at ico.org.uk or on 0303 123 1113. We would, however, appreciate the chance to address your concerns before you approach the ICO, so please contact us first.