Privacy Policy
Last Updated: 21st February 2026
1. Introduction
Welcome to Process Forge. We are committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, and share your data when you visit our website, read our blog, or book a Productivity Consultation.
Process Forge ("we", "us", or "our") is the Data Controller responsible for your personal data.
Our Details:
- Company Name: Process Forge
- Registered Office: 29 Hillwood Lane, Warminster, BA12 9QF
- Email for Privacy Inquiries: contact@processforge.co.uk
2. The Data We Collect
We collect specific data to provide our services, process payments, and improve your experience.
| Category | Data Fields Collected | Source |
|---|---|---|
| Identity & Contact | Name, email address, phone number, company name. | Provided by you via Contact Forms or Booking Flow. |
| Consultation Data | Notes on your current business challenges and context for your consultation. | Provided by you during the booking process. |
| Transaction Data | Payment confirmation details. Note: We do not store credit card numbers; these are handled directly by Stripe. | Provided by you via Stripe. |
| Marketing Data | Email address and basic profile data (held securely in Brevo). | Provided by you via Newsletter signup or lead capture. |
| Technical Data | IP address, browser type, device information, routing data. | Collected automatically via Cookies (Google Analytics) and our Edge network infrastructure. |
3. How and Why We Use Your Data
Under the UK GDPR, we must have a valid "Lawful Basis" for every way we use your personal data.
| Purpose | Lawful Basis |
|---|---|
| To fulfill your Consultation Booking | Contract: We need your details to deliver the service you purchased. |
| To respond to Contact Form inquiries | Legitimate Interest: We need to reply to your questions to run our business effectively. |
| To send our Newsletter & Marketing | Consent: We only send marketing emails if you have actively opted in. You can unsubscribe at any time. |
| To analyse website performance | Consent: We only track usage via Google Analytics if you accepted our Cookie Banner. |
| To keep business records (Invoices) | Legal Obligation: We are required by UK tax law (HMRC) to keep records of sales. |
4. How We Share Your Data
We do not sell your data. We use trusted third-party service providers ("Processors") to run our website, Serau platform, and business operations.
| Partner | Function | Location | Safeguard |
|---|---|---|---|
| Stripe | Payment Processing | Global | Data Privacy Framework / SCCs |
| Brevo | Email Delivery & Marketing CRM | EU / Global | GDPR Compliant / SCCs |
| Google Analytics | Website Analytics | USA / Global | Data Privacy Framework |
| Vercel | Frontend Hosting (Next.js) | Global Edge Network | Data Privacy Framework / SCCs |
| Cloudflare | API Gateway & Routing | Global Edge Network | Data Privacy Framework / SCCs |
| Neon | Database Hosting | UK / Global | UK Addendum / SCCs |
5. International Transfers & Edge Processing
To provide a fast and secure experience, our Serau platform utilizes global edge networks (Vercel and Cloudflare). This means that when you interact with our site, your data may be routed through or processed on servers located outside of the UK or European Economic Area (EEA), nearest to your geographic location.
When your data is transferred internationally (including to the USA for analytics or global routing), we ensure it is protected by relying on legally approved safeguards. These include the UK Extension to the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) accompanied by the UK International Data Transfer Addendum.
6. Data Security
We implement strict security measures across our platform to protect your data from unauthorised access or accidental loss:
- Encryption: Data is encrypted both at rest (in our Neon database) and in transit (via SSL/TLS enforced by Cloudflare).
- Edge Security: We utilize Cloudflare's enterprise-grade web application firewall (WAF) and DDoS protection to secure our API endpoints.
- Access Control: Internal access to your personal data is restricted to authorized personnel using Multi-Factor Authentication (2FA).
7. Data Retention
We only keep your data for as long as necessary to fulfill the purposes we collected it for.
- Consultation Notes: Retained for the duration of our active client relationship plus 24 months.
- Financial Records (Invoices): Retained for 6 years to comply with UK statutory tax laws.
- Marketing Leads (Inactive): If you inquire but do not become a client, we delete your data from our systems (including Brevo) after 24 months of inactivity.
- Newsletter: We keep your email in Brevo until you unsubscribe, at which point you are moved to a suppression list to ensure we do not email you again.
8. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Access: Ask for a copy of the data we hold about you.
- Correction: Ask us to fix incorrect or incomplete data.
- Erasure: Ask us to delete your data (unless we are legally required to keep it, e.g., for tax purposes).
- Objection: You can object to us using your data for marketing at any time.
- Withdraw Consent: If you gave consent (e.g., for analytics cookies or newsletters), you can withdraw it at any time.
To exercise any of these rights, please email us at: contact@processforge.co.uk.
9. Cookies
We use cookies to analyse website traffic and improve our site. You can manage your consent preferences at any time by clicking the "Cookie Settings" link located at the bottom of every page on our website, or by clicking the button below.
- Essential Cookies: Required for the site to function securely (e.g., Cloudflare routing cookies, Stripe payment cookies).
- Analytics Cookies: Used by Google Analytics to help us understand site usage. These are strictly opt-in and only activate if you accept them via our banner.
Cookie Settings
You can adjust your cookie preferences at any time by clicking the button below.
10. Complaints
If you have concerns about how we handle your data, please contact us first so we can resolve the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk).