Legal
Privacy policy
Last updated July 2026
This policy explains what personal data Calamansi Digital Studio Limited collects, why, and what you can do about it.
Who we are
The data controller for this website is Calamansi Digital Studio Limited, registered in England & Wales (№ 16353734), at 3rd Floor, 86–90 Paul Street, London EC2A 4NE.
Calamansi Digital Studio Limited is registered with the Information Commissioner's Office as a data controller. For anything about your data, email hello@calamansi.studio.
What we collect
When you contact us through the site, we collect your name, email address, and anything you choose to include in your message. The enquiry forms are delivered to us by Resend, our email provider.
When you buy an SEO audit, we collect your name and email address, the website you would like us to review, a competitor you choose, and anything else you ask us to look at. Payment is handled by Stripe on its own secure checkout; we receive confirmation and your billing details, but never your full card number.
We use two analytics tools. Cloudflare Web Analytics counts visits and page views without cookies and without collecting anything that identifies you. Microsoft Clarity measures how pages are used and can record anonymised session activity such as clicks and scrolling, with text you type into forms masked. Clarity runs without cookies until you accept analytics cookies; once you do, it can also set cookies to recognise return visits.
If you accept advertising cookies, Google Ads sets a cookie to measure which of our ads bring people to the site, and may match your name and email address, in hashed form, to your Google account so we can reach existing customers with relevant ads. It runs in a consent-aware mode and collects nothing until you accept.
How we use it
We use your contact details to reply to your enquiry and discuss your project, and if you buy an audit, to carry it out and send you the report. We use analytics to understand how the site is used and improve it, and advertising measurement to see which of our ads bring people here.
We do not sell your data, and we don't send marketing emails unless you ask us to.
Legal basis
We process enquiry details to take steps at your request before entering a contract. When you buy an audit, we process your details and payment to provide it, on the basis of our contract with you. Cloudflare Web Analytics runs on the basis of our legitimate interest in understanding site traffic, as it collects no personal data. Microsoft Clarity runs in a cookieless mode under the same legitimate interest, and sets cookies only after you consent through the cookie banner. Google Ads, including its use of your contact details for ad matching, runs only after you accept advertising cookies. You can withdraw any consent at any time.
Where we go on to work together, we process your data to perform our contract and to meet legal and accounting obligations.
Who we share it with
Resend (email delivery), Stripe (payments), Vercel (hosting and server logs), and Cloudflare (analytics, storage and network) act as our processors under data processing agreements, handling data only on our instructions.
Microsoft Clarity is different. Microsoft acts as an independent data controller for the analytics data Clarity collects, which means it also uses that data for its own purposes under its own privacy terms. We only share that data with Microsoft after you accept analytics cookies.
Google is similar for advertising. Where you accept advertising cookies, Google Ads receives conversion data and, for matching our customers to their Google accounts, your hashed contact details, as an independent controller using its own terms. Nothing is shared with Google until you accept.
We don't share your data with anyone else unless the law requires it.
Where your data is processed
Resend, Stripe, Vercel, Cloudflare, Microsoft, and Google are based in the United States, so some data is processed outside the UK. Where it is, the transfer is covered by an approved safeguard: the UK–US Data Bridge where the provider is certified under it, or otherwise the UK International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK Addendum.
How long we keep it
We keep enquiry messages while we're in contact and for up to 12 months afterwards, then delete them. We keep your audit report and the details you gave for it for 12 months after we deliver it, then delete them. If we work together, we keep contract and invoice records, including audit payments, for 6 years to meet legal and accounting obligations.
Analytics and advertising data is retained by Cloudflare, Microsoft and Google according to their own periods (Clarity retains data for up to a year).
How we protect it
The site runs over an encrypted connection, access to enquiry data is limited to the studio, and we use reputable providers who maintain their own security measures. No method of sending data over the internet is completely secure, but we take reasonable steps to protect it.
When we build client websites
When we build or maintain a website for a client, we may process personal data on that client's behalf, such as data about the client's own customers. In those cases the client is the data controller and we act as their processor under a separate written agreement. This policy covers the data we collect as a controller through this website.
Your rights
You can ask to access, correct, or delete the personal data we hold about you. You can also ask us to restrict or stop processing it, object to processing, request a copy in a portable format, and withdraw any consent you've given.
To make a request, email hello@calamansi.studio. We'll respond within one month. If you're unhappy with how we handle your data, you can complain to the Information Commissioner's Office at ico.org.uk.
Changes to this policy
We may update this policy from time to time. The date at the top shows when it last changed.