Legal

Privacy & Cookie Policy

Version 1.0 · UK GDPR and EU GDPR compliant · Effective 1 May 2026

Your data, your rules. We load no tracking scripts (Google Analytics, Meta Pixel, etc.) before you give consent. You can withdraw consent at any time.

1. Data Controller

The data controller is Sprintly Designs, a brand operated by Adam Skarbek under Lexora. Contact: info@sprintly.uk.

2. Data We Collect

  • Quote / contact form: name, email, phone (optional), company name (optional), project description.
  • Client account: email and password (stored as bcrypt hash, never in plain text).
  • Session: session identifier in a cookie (necessary for login).
  • Newsletter: email address (if you subscribed).
  • Server logs: IP address, user-agent, visit time (retained up to 30 days for diagnostics and security).

3. Purposes of Processing

  • Fulfilling your project order (UK GDPR Art. 6(1)(b)).
  • Communicating with you about your enquiry (Art. 6(1)(b) or (f)).
  • Our own marketing (newsletter -- only with your explicit consent, Art. 6(1)(a)).
  • Tax and accounting obligations (Art. 6(1)(c)).
  • Website security (Art. 6(1)(f)).

4. Cookies

We follow a "no tracking prior to consent" approach. No analytics or marketing cookies are loaded until you click "Accept all" in the consent banner.

Strictly necessary (always active)

  • sprintly_sid -- login session identifier (httpOnly, sameSite=lax, 30 days).
  • sprintly_lang -- your language preference PL/EN (365 days).
  • sprintly_cookies (localStorage) -- your consent decision and timestamp.
  • sprintly_form / sprintly_quote (sessionStorage) -- temporary quote form data.

Analytics cookies (only after consent)

  • Google Analytics 4 -- anonymous traffic statistics, IP anonymisation. Data transferred to Google LLC.

Marketing cookies (only after consent)

  • Meta Pixel -- Facebook/Instagram ad conversion measurement.

5. Managing Your Consent

Current consent status: checking...

6. Your Rights (UK GDPR / EU GDPR)

  • Right of access to your data -- email info@sprintly.uk.
  • Right to rectification of inaccurate data.
  • Right to erasure ("right to be forgotten") where permitted by law.
  • Right to restriction of processing.
  • Right to data portability (export in JSON/CSV format).
  • Right to object to processing.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with the ICO (UK) or UODO (Poland).

7. Retention Periods

  • Quote form data -- 24 months from last contact.
  • Contact form data -- 24 months.
  • Client accounts -- until the client deletes the account.
  • Newsletter -- until you unsubscribe.
  • Server logs -- 30 days.
  • Invoices -- 7 years (UK tax obligation).

8. Recipients of Data

  • Resend (USA) -- email delivery (Standard Contractual Clauses in place).
  • Cloudflare -- DNS, CDN, DDoS protection.
  • Google LLC -- Google Analytics (only after your consent).
  • Meta Platforms -- Meta Pixel (only after your consent).
  • Stripe / payment providers -- payment processing (only after contract is concluded).

9. International Transfers

Transfers to the USA (Resend, Google, Meta) are made under the UK International Data Transfer Agreement (IDTA) and/or Standard Contractual Clauses (SCC) of the European Commission, and the UK-US Data Bridge where applicable.

10. Contact for Data Matters

All enquiries about your data: info@sprintly.uk. We respond within 30 days.

We will notify you of material changes to this policy 30 days in advance, both on this page and by newsletter (if you are subscribed).