Privacy Policy

Last updated: 23 June 2026

Introduction

Pocket Sites is a trading name of Sarah Marrey, a sole trader based in England.

Sarah Marrey, trading as Pocket Sites, is the data controller responsible for the personal information described in this privacy policy.

This policy explains what personal information we collect, how and why we use it, who it may be shared with, how long we retain it, and the rights available to you under UK data protection law.

Information We Collect

We may collect personal and business information when you contact us, request a quotation, commission a website, communicate with us about a project, supply content, or make a payment.

This may include:

  • Your name and job title.
  • Your email address and telephone number.
  • Your business name, address, and website details.
  • Information contained in emails and other communications sent to us.
  • Information about your business, services, customers, and website requirements.
  • Text, photographs, logos, branding, testimonials, biographies, and other files supplied for a website project.
  • Domain, hosting, website, email, or account information where access is required to provide an agreed service.
  • Quotations, contracts, invoices, payment references, payment amounts, and payment dates.
  • Technical information such as IP addresses, browser details, request information, and security logs generated when you use our website.

Please do not send sensitive personal information unless we have specifically requested it and it is genuinely necessary for the service being provided.

How We Receive Information

We normally receive information directly from you when you:

  • Contact us by email, telephone, or social media.
  • Request a quotation or discuss a project.
  • Enter into a contract with Pocket Sites.
  • Supply content, files, instructions, or account access.
  • Make a payment by bank transfer.

In some cases, we may also receive business contact or project information from another person within your organisation, a publicly available business source, a domain or hosting provider, or a bank involved in processing a payment.

Technical information may also be generated automatically by our website hosting, network, and security services.

Information Required to Provide Our Services

You are not generally required by law to provide personal information to us.

However, certain information may be necessary for us to respond to your enquiry, prepare a quotation, enter into a contract, build or maintain your website, issue an invoice, confirm payment, or provide support.

If you do not provide information that is reasonably required, we may be unable to provide the requested service.

How We Use Your Information

We may use personal information to:

  • Respond to enquiries.
  • Discuss your requirements.
  • Prepare quotations, proposals, and contracts.
  • Design, develop, test, launch, and maintain websites.
  • Provide technical support and project updates.
  • Register or configure domains, hosting, email, or other technical services where agreed.
  • Issue invoices and identify bank transfer payments.
  • Maintain financial, accounting, and tax records.
  • Protect our website, systems, customers, and business.
  • Prevent fraud, misuse, and unauthorised access.
  • Resolve complaints, disputes, or legal claims.
  • Comply with legal and regulatory obligations.

We do not sell or rent personal information.

We do not currently use customer information to send unrelated marketing messages.

Our Lawful Bases

UK data protection law requires us to identify a lawful basis for each use of personal information.

Purpose Lawful basis
Responding to enquiries and preparing quotations Taking steps at your request before entering into a contract
Designing, building, launching, and supporting websites Performance of a contract
Issuing invoices and recording bank transfer payments Performance of a contract and legal obligation
Maintaining accounting and tax records Legal obligation
Securing the website and preventing misuse Legitimate interests
Retaining appropriate records and handling disputes Legal obligation and legitimate interests

Our legitimate interests include operating and protecting our business, maintaining appropriate records, preventing fraud, improving our services, and establishing or defending legal claims.

Where we specifically rely on consent, you may withdraw that consent at any time. Withdrawal will not affect processing that took place before consent was withdrawn.

Payments

Payments to Pocket Sites are currently made by bank transfer.

When you make a payment, we may receive and retain information including the payer's name, payment reference, amount paid, date of payment, invoice number, and relevant bank transaction records.

We use this information to identify and confirm payments, maintain financial records, deal with payment queries or disputes, and comply with accounting and tax obligations.

We do not receive or store your online banking password, banking login credentials, or card details. Your bank and our bank will process information relating to the transfer under their own privacy terms.

Customer Website Content

Customers may provide information about employees, contractors, customers, or other individuals for inclusion on a website. This may include names, photographs, biographies, testimonials, or contact details.

Customers are responsible for ensuring that they have a lawful basis and any necessary permission to provide this information to us and to publish it on their website.

We will only use customer supplied information for the purpose of delivering the agreed services, unless another use has been clearly agreed or is required by law.

Portfolio, Case Studies, and Testimonials

With the customer's agreement, we may display completed work in our portfolio or describe the project in a case study.

This may include the customer's business name, logo, website address, a description of the project, and screenshots of publicly available website pages.

We will obtain permission before publishing a testimonial attributed to an identifiable individual.

You may contact us if you wish to update or withdraw an attributed testimonial. Withdrawal will not affect uses that took place before the request was received.

Account Access and Passwords

Where access to a third party platform is required, we will prefer delegated user access or another secure access method wherever possible.

You should not send passwords or highly sensitive account information through ordinary email unless an agreed secure process has been provided.

Access credentials will only be retained for as long as they are reasonably needed to provide the agreed service.

Cookies and Similar Technologies

Pocket Sites does not currently use advertising cookies or intentionally use nonessential cookies to track visitors across different websites.

Our website and its service providers may use cookies, local storage, server logs, or similar technologies where these are necessary to deliver the website, maintain security, prevent abuse, balance network traffic, or remember essential settings.

Cloudflare may use necessary security technologies to distinguish legitimate visitors from malicious or automated traffic.

If we introduce analytics, advertising, embedded media, or other nonessential tracking technologies in the future, we will update this policy and introduce an appropriate consent mechanism where required.

Third Party Services

We may disclose limited personal information to trusted service providers where this is necessary to operate our business or provide the agreed services.

These providers may include:

  • Cloudflare, for DNS, website delivery, network performance, hosting related services, and security.
  • Our email hosting provider.
  • The banks involved in processing bank transfers.
  • Domain registrars, hosting providers, and technical platforms used for customer projects.
  • Accounting or bookkeeping providers.
  • Professional advisers such as accountants or solicitors.
  • Government bodies, regulators, courts, or law enforcement authorities where disclosure is legally required.

We do not permit service providers to use information for their own unrelated purposes where they are acting on our behalf.

If you contact us through a social media platform, that platform will also process your information under its own privacy terms.

Cloudflare

Pocket Sites uses Cloudflare for services that may include DNS, website delivery, network performance, security, and protection against malicious traffic.

Cloudflare may process technical information including IP addresses, browser and device information, request details, security events, and network logs.

This processing helps deliver website content, maintain reliability, identify malicious traffic, and protect the website against attacks and unauthorised activity.

Cloudflare may process information through infrastructure located in different countries. Further information is available in Cloudflare's own privacy documentation.

International Data Transfers

Some service providers may process personal information outside the United Kingdom.

Where this occurs, we take reasonable steps to ensure that the transfer is covered by an appropriate legal mechanism and that suitable safeguards are in place. These may include UK adequacy regulations or approved contractual protections.

You may contact us for more information about safeguards relevant to your information.

Data Retention

We keep personal information only for as long as it is reasonably needed for the purposes described in this policy.

Our usual retention periods are:

  • Enquiries that do not become projects may normally be retained for up to 12 months after the last communication.
  • Project correspondence, contracts, and relevant supplied files may normally be retained for the duration of the project and for up to six years afterwards.
  • Website and account access credentials will be deleted or returned when no longer needed, unless ongoing access forms part of an agreed support service.
  • Invoices, payment records, and accounting information will normally be retained for at least five years after the relevant 31 January Self Assessment filing deadline, or for longer where required by tax or legal rules.
  • Technical and security logs are normally retained for shorter periods determined by security needs and the settings of the relevant provider.

Information may be retained for longer where this is required by law or reasonably necessary in connection with a complaint, dispute, investigation, or legal claim.

How We Protect Your Information

We use reasonable technical and organisational measures to protect personal information against accidental loss, unauthorised access, misuse, alteration, or disclosure.

Measures may include encrypted website connections, secure accounts, access controls, authentication, software updates, reputable service providers, and limiting access to information to those who genuinely need it.

No internet transmission or storage system can be guaranteed to be completely secure.

Automated Decision Making

We do not use personal information to make solely automated decisions that produce legal or similarly significant effects.

Your Data Protection Rights

Depending on the circumstances, UK data protection law may give you the right to:

  • Ask for access to the personal information we hold about you.
  • Ask us to correct inaccurate or incomplete information.
  • Ask us to delete certain personal information.
  • Ask us to restrict how certain information is used.
  • Object to certain uses of your information.
  • Receive certain information in a structured, commonly used, machine readable format.
  • Withdraw consent where processing is based on consent.
  • Complain to the Information Commissioner's Office.

These rights are not absolute. We may need to retain or continue using certain information where this is required by law, needed to perform a contract, or necessary to establish, exercise, or defend legal claims.

We may ask you to provide information needed to confirm your identity before responding to a request.

Your Right to Object

Where we rely on legitimate interests to use your personal information, you have the right to object to that processing.

We will stop the processing unless we can demonstrate compelling legitimate grounds to continue, or the information is needed for the establishment, exercise, or defence of legal claims.

Complaints

Please contact us first if you have a concern about how your information has been handled. We will investigate and respond as soon as reasonably possible.

You also have the right to complain to the Information Commissioner's Office, the United Kingdom's data protection regulator.

Information about making a complaint is available at ico.org.uk .

Changes to This Policy

We may update this policy when our services, providers, or legal obligations change.

The latest version will be published on this page and the date at the top of the policy will be updated.

Where a significant change materially affects an existing customer, we may also contact that customer directly.

Contact Us

For questions about this policy, requests concerning your personal information, or other privacy enquiries, contact:

Sarah Marrey

Trading as Pocket Sites

Email: [email protected]

A postal correspondence address is available on request and will be provided on quotations, contracts, and invoices.