Privacy Policy

Your privacy matters. Here's what we collect and why.

Last updated: April 2026

This privacy policy explains how Psychopomp Designs (“we”, “us”, “our”) collects, uses, and protects personal data on psychopomp-designs.co.uk. We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Psychopomp Designs is a gothic art and writing studio based in the United Kingdom. For data protection purposes, we are the data controller. You can contact us at [email protected].

2. Data We Collect

Contact Form

When you use the contact form we collect:

  • Your name
  • Your email address
  • Your phone number (optional)
  • Your message
  • Your IP address and browser information (for security and spam prevention)

Newsletter

If you subscribe to our newsletter we collect:

  • Your email address
  • Your IP address (for rate limiting and abuse prevention)
  • The date and time of subscription

Server Logs

Our web server automatically records standard access logs, which include your IP address, browser type, pages visited, and timestamps. These logs are used for security monitoring, diagnosing errors, and understanding how the site is used. Logs are retained for up to 30 days.

3. How We Use Your Data

  • Contact form submissions — to respond to your enquiry. We retain these until no longer needed, typically 12 months.
  • Newsletter subscriptions — to send occasional updates about new artwork, writing, and announcements. You may unsubscribe at any time by contacting us.
  • Server logs — for security, fraud prevention, and site maintenance only.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

  • Contact enquiries — legitimate interest (responding to your message) and, where applicable, contractual necessity.
  • Newsletter — consent (you actively subscribed).
  • Server logs — legitimate interest (security and site operation).

5. Third-Party Services

We use the following third-party services that may process data:

  • Cloudflare — acts as a CDN and security layer. Traffic passes through Cloudflare's network. See Cloudflare's privacy policy.
  • Google Fonts — loaded from Google's CDN, which may log your IP address. See Google's privacy policy.
  • Font Awesome — icon font loaded via CDN (Cloudflare-hosted).

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking or advertising technology.

6. Cookies and Local Storage

We use a small number of cookies and browser local storage. See our Cookie Policy for full details.

7. Data Security

We take reasonable technical measures to protect your data, including HTTPS encryption (TLS 1.2+), server-side rate limiting, and restricted database access. However, no internet transmission is completely secure.

8. Your Rights Under UK GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your personal data (“right to be forgotten”).
  • Restriction — ask us to limit processing of your data.
  • Objection — object to processing based on legitimate interests.
  • Portability — request your data in a machine-readable format.
  • Withdraw consent — at any time, for processing based on consent (e.g. newsletter).

To exercise any of these rights, contact us at [email protected]. We will respond within one month.

9. Complaints

If you have concerns about how we handle your data, you may lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

10. Changes to This Policy

We may update this policy from time to time. The “last updated” date at the top of this page reflects any changes. Continued use of the site after changes constitutes acceptance.