Privacy Policy
How we handle your data.
Last updated: 02 June 2026
This is the privacy policy for Conversion Forge, a sole-trader marketing agency based in Sevenoaks, Kent. The site you are reading sits at conversionforge.co.uk. This page explains what data the site collects, what we do with it, and what rights you have under UK GDPR and the Privacy and Electronic Communications Regulations (PECR).
If anything below is unclear, the fastest way to ask is an email to info@conversionforge.co.uk. We reply ourselves; there is no support team.
Who is responsible for your data
The data controller is Conversion Forge, operating as a sole trader at Sevenoaks, Kent, United Kingdom. For data protection enquiries, write to info@conversionforge.co.uk.
What we collect through this website
The conversionforge.co.uk website itself is a static information site. It does not run analytics tracking, does not place advertising cookies, and does not set any first-party cookie that identifies you across visits. The only data the website collects is what your browser sends to our hosting provider on every request: an IP address, a user-agent string, and the URL you opened. These show up in standard server logs and are retained for thirty days before being rotated out.
If you contact us by email or WhatsApp, you have chosen to share that information. We keep the conversation and the contact details you sent us until either you ask us to delete them or our working relationship ends, whichever comes first.
The site has a chat assistant. If you use it, we keep a brief, automatically expiring transcript of the conversation for up to thirty days, so we can improve how the assistant helps people. It is an AI assistant, not a person, and you should not send sensitive personal information through it. You can always reach us instead by the free audit form, email, or WhatsApp.
What we collect when you become a client
If we work together on a project, we will hold a small amount of additional information so the work can happen:
- Your name, business name, billing address, phone number, and email.
- The brief, scope, and any creative or technical inputs you send us.
- Invoices we have raised against you, and the payment records that match them.
- Access credentials you choose to share for systems we are operating on your behalf (domain registrars, hosting accounts, social profiles). These are kept in an encrypted secrets store and never written into emails or chat threads.
What we use that data for
- Delivering the work you have hired us for.
- Sending invoices and receiving payment.
- Replying to your messages.
- Meeting our legal obligations (HMRC tax records, anti-money-laundering checks where applicable).
We do not sell your data. We do not share it with third parties for marketing. We do not use it to train models or feed analytics platforms.
The lawful bases we rely on
Under UK GDPR Article 6, the lawful bases that apply to what we do with your data are:
- Performance of a contract. When we hold information to deliver the work you have hired us for.
- Legitimate interests. When we keep server logs and reply to enquiries that came to us first.
- Legal obligation. When we retain invoicing and tax records to meet HMRC requirements.
How long we keep things
- Server access logs: thirty days.
- Email conversations with prospects who never became clients: twelve months from the last reply, then deleted.
- Client work files, briefs, and creative outputs: held for the duration of the engagement plus three years after, then archived to encrypted cold storage and deleted at the seven-year mark.
- Invoices and tax records: six years from the end of the relevant tax year (HMRC requirement).
Where your data is stored
This website is hosted in the United Kingdom. Email runs through Google Workspace (subject to the EU-US Data Privacy Framework). Working files and creative outputs are stored in Microsoft OneDrive (UK region). Credentials are held in an encrypted local vault that does not leave the UK without explicit reason.
Your rights
Under UK GDPR you have the right to:
- Ask what data we hold on you and receive a copy.
- Ask us to correct anything that is wrong.
- Ask us to delete what we hold, where there is no overriding legal reason to keep it.
- Ask us to limit how we use your data while a question is being resolved.
- Object to a particular use of your data.
- Withdraw a consent you have previously given, at any time, without needing to give a reason.
To act on any of these, email info@conversionforge.co.uk. We will reply within thirty days. If you think we are not handling your data properly, you can also complain to the Information Commissioner's Office at ico.org.uk.
Requesting deletion of your data
You can ask us to delete the personal data we hold on you at any time. Email info@conversionforge.co.uk with the subject "Data deletion" and tell us how you contacted us (for example, the email address, form, or chat you used). We will confirm receipt, remove what we hold where there is no overriding legal reason to keep it, and reply within thirty days. This includes any short website-chat transcripts, which we keep for up to thirty days to improve the assistant.
Marketing emails and cold outreach
We do not send marketing newsletters from this domain. If you receive an outreach email from us, it is a one-to-one approach about a specific opportunity, sent in line with the PECR exemption for business-to-business contact. Every such email carries a clear sender identity and a way to opt out. If you opt out, we record that and stop.
Cookies
conversionforge.co.uk does not set first-party tracking cookies. The site embeds Google Fonts, which is the only third-party request the page makes. Google Fonts receives the IP address of the visitor as part of serving the font file; it does not place a cookie.
Changes to this policy
If we materially change how we handle your data, we will update this page and change the "Last updated" date at the top. We will not change anything retroactively about data we already hold without telling you.