Privacy Policy

Last Updated: April 8, 2026

This Privacy Policy explains how Aurem Digital collects, uses, and protects your personal data. We are committed to protecting your privacy and complying with UK data protection laws.

1. Who We Are

Data Controller

Aurem Digital is the data controller for the personal data we collect and process.

Contact Details

Email: luke@salesguardapp.com

Website: https://aurem.digital

ICO Registration

We are registered with the UK Information Commissioner's Office (ICO) as a data controller under our parent registration for SalesGuard.

Our Role

For website content, images, and business information you provide, we are joint data controllers with you. You decide what content to provide; we determine how to process and store it to deliver your website.

2. What Data We Collect

We collect the following categories of personal data:

Contact Information

• Full name
• Email address
• Phone number (if provided)
• Business name and address

Business Information

• Website content you provide (text, images, documents)
• Logo and brand assets
• Business descriptions and marketing materials
• Any other information you share during website development

Payment Information

• Processed by Stripe (we do not store credit card details)
• Billing history and subscription status
• Payment method type (not full card number)
• Invoice records

Technical Data

• IP address (collected by hosting providers)
• Browser type and version
• Device information
• Website access logs (for your website once live)

Project Communication

• Email correspondence about your website project
• Notes from calls or meetings
• Revision requests and feedback
• File attachments you send

What We Do NOT Collect

• Credit card numbers or CVV codes (handled by Stripe)
• Sensitive personal data (health, race, religion, political opinions, etc.)
• Data from your website visitors (unless you ask us to set up analytics)

3. How We Use Your Data

We use your personal data for the following purposes:

Provide Services

• Design and develop your website
• Host your website on third-party servers
• Provide technical support and maintenance
• Process payments and manage subscriptions
• Communicate about your project

Business Operations

• Send invoices and payment reminders
• Respond to support requests
• Maintain records for accounting and tax purposes

Marketing (With Your Permission)

• Add your website to our portfolio
• List you as a client on our website
• Create case studies (anonymized unless you consent)
• Send occasional updates about our services (you can opt out)

Legal Compliance

• Comply with legal obligations (tax, accounting, legal requests)
• Prevent fraud and abuse
• Respond to lawful requests from authorities

4. Legal Basis for Processing

Under UK GDPR, we process your data based on the following legal grounds:

Contract Performance (Article 6(1)(b))

We need to process your data to provide the website design, hosting, and maintenance services you've paid for.

Consent (Article 6(1)(a))

• You consent to us using your business information to create your website
• You consent to marketing communications (if you opt in)

Legitimate Interests (Article 6(1)(f))

• Fraud prevention and security
• Improving our services
• Portfolio and marketing (anonymized case studies)

Legal Obligation (Article 6(1)(c))

• Tax and accounting compliance (6 years retention for HMRC)
• Response to lawful requests from authorities

5. How We Share Your Data

We do not sell your personal data to anyone.

We share your data only in the following circumstances:

Third-Party Service Providers

We share data with trusted service providers who help us deliver our services. See Section 6 for full details.

Legal Requirements

We may disclose data if required by law, court order, or legal process, or to protect our rights, property, or safety.

With Your Consent

We may share data with third parties if you explicitly consent (e.g., listing you as a client on our website).

Your Website Visitors

Once your website is live, any content you publish (text, images, contact forms) is publicly accessible. You are responsible for what you choose to publish.

6. Third-Party Data Processors

We use the following third-party services to provide Aurem Digital services:

Stripe (United States & Ireland)

Purpose: Payment processing and subscription management

Data shared: Email address, billing information, payment method, subscription status

Data retention: Per Stripe's retention policies (typically 7 years for financial compliance)

Vercel / Netlify (United States)

Purpose: Website hosting

Data shared: Your website files, content, images, and any visitor data (IP addresses, access logs)

Data retention: While your hosting is active

Namecheap / Google Domains (Various)

Purpose: Domain name registration (if applicable)

Data shared: Domain registration details, contact information

Data retention: Per registrar policies (typically while domain is active)

Resend / Gmail (United States)

Purpose: Email communication (project updates, invoices, support)

Data shared: Email addresses, message content

Data retention: While hosting is active + 2 years for records

Data Processing Agreements

All third-party processors have Data Processing Agreements (DPAs) that comply with UK GDPR requirements.

7. Data Retention

How long we keep your data:

Active Projects and Hosting

• Stored while your website is being developed or hosted
• Project files and communications retained while hosting is active

After Hosting Cancellation

• Website files available for download for 30 days
• Project files permanently deleted 90 days after hosting ends
• Financial records retained for 6 years (HMRC requirement)

Payment Records

• Invoice and payment history: 6 years (UK tax law requirement)
• Stripe retains payment data per their policies (typically 7 years)

Communication Records

• Email correspondence: Retained for 2 years after project completion
• Support tickets: Retained for 1 year after resolution

Portfolio and Marketing

• Screenshots of your website (if you consent): Retained indefinitely unless you request removal
• Anonymized case studies: Retained indefinitely

After You Request Deletion

• All personal data permanently deleted within 30 days (except financial records required by law)
• Financial records retained for 6 years per HMRC requirements
• Anonymized data may be retained (cannot be linked to you)

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access (Article 15)

You can request a copy of all personal data we hold about you.

Right to Rectification (Article 16)

You can correct inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data (“right to be forgotten”). Note: Financial records must be retained for 6 years per UK tax law.

Right to Restriction of Processing (Article 18)

You can request we limit how we use your data.

Right to Data Portability (Article 20)

You can receive your data in a machine-readable format (CSV, JSON) to transfer to another provider.

Right to Object (Article 21)

You can object to processing based on legitimate interests (e.g., marketing).

Right to Withdraw Consent (Article 7)

You can withdraw consent for marketing communications at any time.

Right to Complain

You can lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: https://ico.org.uk/make-a-complaint/
• Phone: 0303 123 1113
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

9. How to Exercise Your Rights

To exercise any of your data rights, email luke@salesguardapp.com with your request.

Request Data Access

Email with “Data Access Request \u2013 Aurem Digital” in the subject line. We will provide a copy of your data within 30 days.

Request Data Export

Email with “Data Export Request \u2013 Aurem Digital” in the subject line. We will provide your data in CSV or JSON format within 30 days.

Request Data Deletion

Email with “Delete My Data \u2013 Aurem Digital” in the subject line. We will permanently delete your data within 30 days (except financial records required by law).

Update Your Data

Email us with corrections or updates to your contact information or business details.

Verification

We may ask you to verify your identity before processing data requests to protect your privacy.

Response Time

We will respond to all requests within 30 days. For complex requests, we may extend this by 60 days and will notify you if we do so.

10. Data Security

We take data security seriously and implement appropriate measures:

Technical Measures

• Encryption in transit (HTTPS/TLS for website hosting)
• Secure file storage and backups
• Access controls (password-protected systems)
• Regular security updates

Organizational Measures

• Limited access to client data (only Luke and authorized contractors)
• Data processing agreements with all third-party providers
• Regular security reviews

Third-Party Security

We use industry-leading service providers (Stripe, Vercel/Netlify) with strong security practices and certifications (PCI DSS, SOC 2, ISO 27001).

Limitations

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security.

In the event of a data breach, we will notify affected clients and the ICO as required by UK law (within 72 hours of discovery).

11. International Data Transfers

Where Your Data is Stored

Your data is processed and stored primarily in the United States and Ireland by our third-party service providers (Stripe, Vercel, Netlify, Resend).

Legal Basis for Transfers

Data transfers from the UK to other countries are made under:

• Standard Contractual Clauses (SCCs) approved by the UK ICO
• Data Processing Agreements with all third-party processors
• Processors’ compliance with EU-US Data Privacy Framework (where applicable)

Your Consent

By using Aurem Digital services, you consent to your data being transferred to and processed in countries where our service providers operate.

Safeguards

All third-party processors have committed to protecting your data in accordance with UK GDPR standards through their data processing agreements and security certifications.

12. Cookies and Tracking

Aurem Digital Website (aurem.digital)

We use minimal cookies:

• Essential cookies for website functionality
• No analytics or tracking cookies (currently)

If we add analytics in the future, we will update this policy and provide opt-out options.

Your Website

If you request analytics, contact forms, or other tracking on YOUR website, YOU are responsible for:

• Adding a Cookie Policy to your website
• Obtaining consent from your website visitors
• Complying with UK GDPR and PECR (Privacy and Electronic Communications Regulations)

We can provide guidance on GDPR compliance for your website as an additional service (quoted separately).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

Notification of Changes

For material changes that significantly affect how we handle your data:

• We will notify clients via email at least 14 days before changes take effect
• The updated policy will be posted on this page with a new “Last Updated” date
• Continued use of our services after changes take effect constitutes acceptance

Minor Changes

For minor updates (typo corrections, clarifications):

• We will update the “Last Updated” date
• No email notification required

Review Regularly

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: luke@salesguardapp.com

Website: https://aurem.digital

Please include “Aurem Digital Privacy” in your email subject line.

Response Time: Within 48 hours on business days

Data Protection Inquiries

For UK GDPR inquiries, contact luke@salesguardapp.com with “GDPR \u2013 Aurem Digital” in the subject line.

ICO Contact

If you are not satisfied with our response, you can contact the Information Commissioner's Office:

• Website: https://ico.org.uk/make-a-complaint/
• Phone: 0303 123 1113