Skip to content
Straight Sites

Privacy

Privacy policy.

Last updated: April 2026.

Short version. Beyond Arc Ltd (trading as Straight Sites) is the data controller. We collect what we need to build your site, bill you, and reply when you ask. We don't sell your data. We keep it for as long as we need to and no longer. You have the usual UK GDPR rights, including the right to ask us for a copy or deletion.

1. Who we are

The data controller is Beyond Arc Ltd, trading as Straight Sites, registered in England and Wales.

Contact: hello@straightsites.co.uk.

2. What we collect and why

From you as a prospect or customer

When you fill in a quote form, email us, or become a customer, we collect: your name, business name, email, phone (if provided), trade, service area, and anything you tell us about your current setup. We use this to reply to you, send you a proposal, and (if you sign up) build and run your site.

From your site visitors

When visitors use your site, we process standard web-server data (IP addresses, user agents) and any information they submit through forms you've enabled. We use Google Analytics 4 and Google Search Console to give you traffic data — these are Google services with their own privacy terms.

From cookies

On this marketing site (straightsites.co.uk) we use minimal essential cookies and analytics cookies where consented. Your own site's cookie policy is separate and we'll set it up with you.

3. Legal basis

We process your data on one of three bases under UK GDPR:

  • Contract — to deliver the service you've asked for (quotes, builds, ongoing subscription).
  • Legitimate interest — to reply to enquiries, run the business, and improve what we do. We balance this against your rights.
  • Consent — for anything optional (marketing emails, non-essential cookies). You can withdraw consent at any time.

4. Who we share data with

We use a small number of processors to run the business. Each has their own privacy terms and we've picked them for UK/EU compliance:

  • Cloudflare — hosting, DNS, SSL, and bot protection.
  • Google — Analytics 4, Search Console, Google Business Profile, Workspace email.
  • Payment processor — for subscription billing (GoCardless or equivalent; we'll confirm specifics on signup).
  • Domain registrar — for domains we register on your behalf.

We don't sell your data, and we don't share it with anyone outside the processors above without your explicit agreement.

5. How long we keep it

Prospect data (emails, quote forms from people who don't become customers): 12 months, then deleted unless you've opted in to marketing.

Customer data and content: for the life of the subscription, plus 90 days after cancellation. In that window you can ask us for an export. After 90 days, we delete it.

Billing records and invoices: kept for 7 years to meet UK accounting requirements.

6. Your rights

Under UK GDPR you have the right to:

  • Ask us for a copy of what we hold about you.
  • Correct inaccurate data.
  • Ask us to delete data (subject to legal minimums like the 7-year billing rule).
  • Restrict or object to how we process your data.
  • Withdraw consent for anything you consented to.
  • Complain to the Information Commissioner's Office if you think we've got it wrong.

Email hello@straightsites.co.uk to exercise any of these. We respond within one month — usually much faster.

7. Security

We store your data with established cloud providers (Cloudflare, Google) who maintain ISO 27001 and SOC 2 standards. We use strong authentication on every account with access to customer data. If we ever had a breach affecting you, we'd notify you and the ICO within 72 hours as required.

8. Changes to this policy

We'll update this page if anything material changes. The "last updated" date at the top tells you when. For significant changes, we'll email existing customers.