PixelHeaven Free Mockup
Home Services Work Ledger About Contact Free Mockup →

Privacy Policy.

Last updated · 19 April 2026

Pixel Heaven is a solo web design business operated by James, based in Witney, Oxfordshire, United Kingdom. This policy explains what personal data is collected on pixelheaven.org, why it's collected, how it's stored and what your rights are under UK GDPR and the Data Protection Act 2018.

Short version: The only data collected is what you send via the contact form or email, plus anonymous analytics if you accept the cookie banner. Everything is stored in a personal inbox, used only to reply to you about a website, and never sold, shared or passed to advertisers. You can ask for deletion at any time by emailing james@pixelheaven.org.

1. Who the data controller is

James — trading as Pixel Heaven. Contact: james@pixelheaven.org, WhatsApp 07551 648681.

2. What data is collected

Via the contact form

  • Your name
  • Business name (optional)
  • Email address
  • Phone number (optional)
  • Which pricing tier you're interested in
  • The free-text description of your business

Automatically collected by the hosting provider

  • Standard web server logs — IP address, user agent (browser), pages visited and timestamps. Retained for up to 30 days for security and diagnostics.

During a client engagement

  • Photos, logos, copy and other content you supply for your website build
  • Billing details handled directly by the payment processor (Stripe) — card numbers are never seen or stored by Pixel Heaven

3. Why it's collected (lawful basis)

Contact form submissions: the lawful basis is legitimate interest (to reply to your enquiry) and, once a client relationship begins, contract (to provide the service you've asked for).

Server logs: legitimate interest for security and diagnostics.

4. Who processes it

  • FormSubmit — processes contact form submissions and forwards them by email. See FormSubmit's privacy policy.
  • Hostinger — the web hosting provider. Holds website files and server logs. See Hostinger's privacy policy.
  • Google Workspace — hosts the james@pixelheaven.org inbox where enquiries are received.
  • Stripe — processes payments for clients who choose to pay by card. See Stripe's privacy policy.
  • Google Analytics 4 — only if you accept the cookie banner. Aggregates anonymous visit data with IP anonymisation. See Google's privacy policy and section 5 below.

5. Cookies and analytics

Strictly necessary cookies

None. The site does not set cookies required for basic functionality.

Analytics cookies (Google Analytics 4) — opt-in only

On your first visit, a cookie banner appears asking whether you want to allow analytics. No analytics cookies are set unless you click Accept. If you decline, no analytics data is collected from your visit and no cookies are stored.

If you accept, Google Analytics measures aggregate traffic — how many visits, which pages, which countries, how long people stay. The setup uses privacy-protective defaults:

  • anonymize_ip — your IP address is truncated before it reaches Google's servers, so your exact location is never stored
  • SameSite=Strict;Secure — cookies can't be read from other sites and only travel over HTTPS
  • No advertising integrations, no remarketing, no cross-site tracking, no Google Ads linkage

Your consent choice is stored in your browser's localStorage (key: ph_cookie_consent). You can change your choice at any time by clearing your browser's cookies and site data for pixelheaven.org — the banner will appear again on your next visit.

6. How long it's kept

  • Enquiries that don't become clients: deleted within 12 months of last contact, unless you ask for deletion sooner.
  • Client records and work files: kept for the duration of our working relationship plus 6 years afterwards, to comply with UK tax-record-keeping law (HMRC requires 6 years for self-employed records).
  • Server logs: up to 30 days.

7. Your rights under UK GDPR

You have the right to:

  • Request a copy of the personal data held about you
  • Request correction of anything inaccurate
  • Request deletion (the "right to be forgotten")
  • Withdraw consent for future communications at any time
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk)

To exercise any of these rights, email james@pixelheaven.org. Requests are acknowledged within 3 working days and completed within 30 days as required by UK GDPR.

8. Data transfers outside the UK / EEA

FormSubmit and Stripe are US-based and may process some data in the United States under Standard Contractual Clauses. Hostinger is EU-based. No other transfers outside the UK or EEA take place.

9. Security

The site runs over HTTPS (TLS 1.3). Inbox access is protected by a strong password and 2-factor authentication. Client files stored for ongoing projects are encrypted at rest on the hosting provider.

10. Changes to this policy

If this policy changes, the "last updated" date at the top will change and — for any change that materially affects how your data is used — an email notice will go to active clients. Previous versions are archived and available on request.

Contact for privacy queries: james@pixelheaven.org