Privacy Policy

This website is operated by Dean Cordon, a sole trader trading as CordonApps (“CordonApps”, “we”, “us”, “our”). We are the data controller for the personal data described in this notice.

Contact:
Email: dean@cordonapps.co.uk
Phone: 01442 732 125
Address: Hertfordshire, United Kingdom — full address available on request.

ICO registration: in progress. We will publish our registration number here once issued by the Information Commissioner’s Office.

This notice explains how we collect, use, store and share personal data when you visit cordonapps.co.uk or engage us for our Essential Online Presence System service.

When you submit the contact form, we collect:

• Name (required)
• Email address (required)
• Phone number (optional)
• Business name (optional)
• The intent you select (Start build / Book a call / General)
• The message you provide (optional)
• The date and time of your submission

When you become a client, we additionally process the information you provide for the purposes of delivering the service (e.g. brand assets, content, business details, account credentials you choose to share for Google / hosting setup).

Technical data: standard server logs (IP address, user agent, request paths and timestamps) and, if you give consent, anonymous analytics data via PostHog (page views and interactions, no session recording).

• Contract (Article 6(1)(b) UK GDPR) — to respond to your enquiry, scope work, and deliver the service you have engaged us for.
• Legitimate interests (Article 6(1)(f)) — to keep records of enquiries, secure our website (admin access logs, brute-force protection), follow up on quotes you requested, and improve our service.
• Legal obligation (Article 6(1)(c)) — to keep accounting and tax records as required by UK law.
• Consent (Article 6(1)(a)) — for non-essential analytics cookies. You can withdraw consent at any time via the “Cookie Preferences” link in the footer.

• Enquiries that don't become clients: up to 24 months from submission, after which they are deleted from the admin dashboard.
• Client records: up to 7 years after the end of the engagement, to comply with HMRC record-keeping requirements.
• Server logs: up to 90 days.
• Cookie consent record: 12 months, or until you change it.

We do not sell your data. We share it only with carefully chosen processors who help us run the service:

• PostHog — product analytics (US-based, see cross-border transfers below). Only used if you consent.
• Hosting and infrastructure providers — to host the website and database.
• Email providers — to receive your enquiries and reply to you.
• Professional advisers (accountants, lawyers) where strictly necessary.
• Law enforcement or regulators when legally required.

Some processors (e.g. PostHog) are based outside the UK. Where data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or transfers to countries deemed adequate by the UK government.

Under UK GDPR you have the right to:

• Access the personal data we hold about you (subject access request).
• Have inaccurate data corrected.
• Have your data erased (the “right to be forgotten”), subject to legal exceptions.
• Restrict or object to our processing.
• Data portability (receive your data in a machine-readable format).
• Withdraw consent at any time (without affecting prior lawful processing).
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.

To exercise any of these rights, email dean@cordonapps.co.uk. We’ll respond within one calendar month.

For details of the cookies we use and how to control them, please see our Cookie Policy.

We protect personal data with industry-standard technical and organisational measures: HTTPS everywhere, bcrypt-hashed admin passwords, JWT session tokens stored in httpOnly cookies, brute-force protection on the admin login, and least-privilege access to the database.

Our service is not intended for children. We do not knowingly collect personal data from anyone under 16.

We may update this notice from time to time. Material changes will be highlighted on the website. The “Last updated” date at the top of this page always reflects the current version.