Privacy Policy

1. Who We Are (Data Controller)

StratMeta Limited is the data controller responsible for your personal data. For data protection queries (including requests to exercise your rights), email privacy@stratmeta.co.uk or use the contact form.

2. Who This Policy Applies To

• Visitors to our website
• Customers purchasing physical products from StratMeta Shop
• Customers purchasing digital products (where offered)
• Clients engaging StratMeta Limited for web, UX/UI, software, or consulting services
• Customers ordering food from StratMeta Kitchen (where offered)
• People contacting us by email or via forms

3. Personal Data We Collect

• Identity & contact: name, email address, phone number, billing and delivery addresses
• Order & account details: items purchased, order history, preferences, customer notes (where provided)
• Service & project details: project briefs, requirements, deliverables, communications, meeting notes (where relevant)
• Payment information: payment confirmation, transaction references, fraud checks; we do not store full card details
• Communications: emails, messages, contact form submissions, and support history
• Technical: IP address, device type, browser, pages visited, approximate location (derived from IP), and site usage data
• Cookies & analytics: cookie identifiers and analytics events (only where you consent)
• Marketing preferences: subscription status and communication preferences (where you opt in)

4. Where We Get Your Data From

• Directly from you (checkout, forms, emails, service onboarding)
• Automatically from your device (cookies and technical logs)
• Payment providers (confirmation of payment and fraud checks)
• Delivery providers (delivery updates and tracking events)

5. How We Use Your Data and Our Lawful Basis

• To process orders, deliveries, and returns — performance of a contract
• To provide services and manage projects — performance of a contract
• To respond to enquiries and provide customer support — legitimate interests (running and improving our business)
• To prevent fraud, secure our website, and protect customers — legitimate interests
• To keep financial, tax, and accounting records — legal obligation
• To send marketing emails — consent (you can withdraw at any time)
• To run optional analytics and performance measurement — consent (via our cookie banner)

Where we rely on legitimate interests, we balance our business needs against your rights and only use your data in ways you would reasonably expect.

6. When You Must Provide Data

Certain information is required to fulfil orders or provide services (for example, we cannot ship an order without a delivery address, or provide services without basic contact details). If you choose not to provide required information, we may be unable to supply products or services.

7. Payments

Payments are securely processed by Stripe and PayPal. We do not store full payment card details on our systems.

8. Who We Share Data With

We share personal data only where necessary to operate our website, fulfil orders, provide services, and communicate with customers. These providers act as data processors on our behalf.

• Website hosting and infrastructure: Vercel
• Database and data storage: MongoDB Atlas
• File and image storage: Amazon Web Services (AWS S3)
• Email services and customer communication: Namecheap Private Email
• Payment processors: Stripe and PayPal
• Delivery and logistics providers (for physical orders)
• Analytics and performance monitoring via Vercel Analytics (where consented)
• Professional advisers where necessary (e.g. accountants or legal advisers)

We do not sell your personal data.

9. International Transfers

Some of our providers (including Vercel, MongoDB Atlas, AWS, Stripe, and PayPal) may process data outside the UK. Where this occurs, appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms are used to protect your data.

10. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting, or reporting requirements. Typical retention periods are:

• Order and financial records — up to 6 years
• Service/project records — up to 6 years
• Enquiries and support messages — up to 12 months
• Analytics data — up to 26 months (where enabled)
• Security logs — retained for a limited period for security and fraud prevention

11. Cookies & Analytics

We use essential cookies that are required for our website to function. We use non-essential cookies (such as analytics cookies) only with your consent via our cookie banner. You can change your preferences at any time via the cookie banner (where available) or your browser settings. Analytics is provided via Vercel Analytics and is only enabled where you provide consent through our cookie banner.

12. Data Security

We use appropriate technical and organisational measures to protect your data, including secure hosting, encryption in transit where supported, access controls, and trusted service providers. No method of transmission or storage is completely secure, but we work to protect your information.

13. Automated Decision-Making

We do not use your personal data to make automated decisions that have legal or similarly significant effects on you.

14. Children’s Privacy

Our website and services are not intended for children and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

15. Your Rights

You may have rights under UK data protection law, including the right to access, correct, delete, restrict, or object to our processing, and the right to data portability in certain circumstances. Where we rely on your consent, you can withdraw consent at any time.

To exercise your rights, email contact@stratmeta.co.uk or use the contact form.

You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we handle your data.