Privacy Policy

Last updated: 23 May 2026

Who we are

James Hoy trades as Web Development UK Studios (“we”, “us”, “our”). We operate the website at https://www.jameshoy.dev.

For UK data protection law, James Hoy is the data controller for personal data collected through this site and related project workflows.

Correspondence address: 378 Godstone Road, Whyteleafe, Surrey, CR3 0BA.

Contact: info@jameshoy.dev.

What this policy covers

This policy explains how we handle personal data when you browse the site, submit a project brief, join the availability waitlist, sign in with Google, use the client dashboard (including chat and file uploads), or pay for work via Stripe.

It does not cover third-party websites we link to (for example Stripe’s checkout pages or Google’s sign-in screens). Those services have their own privacy policies.

Personal data we collect

We may collect and process the following categories of data:

  • Identity and contact: name, email address, and (when you sign in) your Google account identifier linked to Firebase Authentication.
  • Project information: project type, package selection, brand preferences, free-text brief answers, blueprint/scope selections, and studio chat messages.
  • Files and media: attachments you upload with a brief or in project chat (images, documents, audio including voice notes, video, and similar), stored in Firebase Cloud Storage under your account path.
  • Payment-related data: amounts, currency, milestone labels, Stripe session and payment identifiers, receipt URLs, and payment status — card numbers are processed by Stripe and are not stored on our servers.
  • Waitlist: email address (and optional name if provided) when you ask to be notified about availability.
  • Support: messages you send via dashboard issue reporting (page URL, brief reference, message text).
  • Technical: server and hosting logs (for example IP address, request metadata) via our hosting provider for security and reliability.

Why we use your data and our legal bases

We use personal data for the purposes below. Under UK GDPR, we rely on the legal bases shown.

  • Respond to enquiries and run the quote/brief workflow — contract (steps at your request before a contract) and legitimate interests (running a small studio).
  • Provide the client dashboard, chat, and file exchange — contract and legitimate interests.
  • Process payments and maintain payment records — contract and legal obligation (tax/accounting where applicable).
  • Send transactional emails (brief received, briefing pack, payment links, chat copies, waitlist confirmations) — contract and legitimate interests.
  • Security, fraud prevention, and service improvement — legitimate interests.
  • Comply with law — legal obligation.

Who we share data with

We use trusted service providers (“processors”) who handle data on our instructions:

  • Google Firebase (Authentication, Firestore database, Cloud Storage) — account sign-in, brief/project data, and uploaded files.
  • Stripe — payment processing and receipts.
  • Resend — delivery of transactional email.
  • Vercel — website hosting and serverless API routes.
  • Google (OAuth) — when you choose “Sign in with Google”.

International transfers

Some processors are based outside the UK (for example in the United States). Where required, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses incorporated into processor terms.

How long we keep data

We keep data only as long as needed for the purposes above, including active projects, reasonable business records, and legal requirements.

Briefs and related chat/files are retained while your project is active and for a reasonable period afterward unless you ask us to delete them and we no longer need them for legal or accounting reasons.

Waitlist emails are kept until you unsubscribe or we no longer need the list, plus a short period for operational logs.

Payment records may be kept longer where required for tax, accounting, or dispute resolution.

Your rights

Under UK data protection law you may have the right to access, rectify, erase, restrict processing, object, and data portability (where applicable). You may also withdraw consent for marketing at any time.

To exercise your rights, email info@jameshoy.dev. We may need to verify your identity.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

Security

We use HTTPS, access controls, Firebase security rules, and server-side verification for uploads and admin actions. No method of transmission or storage is 100% secure; we work to reduce risk proportionately for a small studio operation.

Children

Our services are aimed at adults and businesses. We do not knowingly collect data from anyone under 18. If you believe a child has provided data, contact us and we will delete it where appropriate.

Analytics and cookies

We do not use non-essential analytics cookies in the current site build unless we later enable Firebase Analytics and update this policy and our cookie notice. See our Cookie Policy for details on essential cookies and storage.

Changes

We may update this policy from time to time. The “Last updated” date at the top of this page will change when we do. Material changes may also be highlighted on the site or by email where appropriate.