Privacy Policy

RiaVed Studio ("we", "us", "our") is a web design and website management service for small businesses, operating in the United Kingdom and the United States. We are the data controller responsible for your personal information.

For any privacy-related questions, you can contact us at: [email protected]

We collect personal data only where we have a lawful reason to do so. Here is what we collect and why:

Account and sign-in data

• Email address — to create your account and send you a magic sign-in link
• Name — optionally provided when you sign up, to personalise your account

Legal basis: performance of a contract (providing the service you signed up for).

Payment data

• Billing name and email — collected by Stripe, our payment processor, when you subscribe
• Payment card details — handled entirely by Stripe; we never see or store your card number

Legal basis: performance of a contract. Stripe is the data controller for payment card data. See Stripe's privacy policy.

Website usage data (analytics)

• Pages visited, referrer, browser type, country — collected via Cloudflare Web Analytics using a cookieless method
• This data is anonymised and aggregated; we cannot identify individual visitors from it

Legal basis: consent (you can accept or decline on the cookie banner).

Edit requests and communications

• Messages and descriptions you send us via the client portal
• Emails sent as part of the service (edit request notifications, status updates)

Legal basis: performance of a contract and legitimate interests (delivering the service).

Enquiry form data

• Name, email address, and any message you submit via the get-started or contact form

Legal basis: legitimate interests (responding to your enquiry).

Cookies are small files stored on your device when you visit a website. We use the following categories:

Essential cookies (always active)

These are necessary for the website to function and cannot be switched off. They do not track you for marketing purposes.

• Session token — keeps you signed in to your client portal (set by our sign-in system; expires with your session)
• CSRF protection token — prevents cross-site request forgery attacks (set on sign-in forms)
• Cookie consent preference (rv-consent) — remembers your cookie choice for 1 year
• Cloudflare security cookies — bot and DDoS protection provided by Cloudflare, our hosting provider

Analytics cookies (optional — requires your consent)

We use Cloudflare Web Analytics to understand how visitors use our site (which pages are visited, where traffic comes from). This data is anonymised and aggregated. Cloudflare Web Analytics is cookieless — it does not set cookies or track individuals across sites.

• These cookies are only set if you click ‘Accept all cookies’ on our cookie banner
• You can withdraw consent at any time by clearing your cookies or contacting us

Payment cookies (set by Stripe during checkout)

• Stripe sets cookies on its hosted checkout pages for fraud prevention and session management
• These are governed by Stripe's own cookie policy

To change your cookie preferences, you can clear your browser cookies and reload the page — the consent banner will reappear.

We do not sell your personal data. We share data only with the third-party services needed to operate RiaVed Studio:

• Stripe (payment processing) — stripe.com — United States (covered by EU-US Data Privacy Framework and UK adequacy)
• Resend (transactional email) — resend.com — United States (contractual safeguards in place)
• Neon (database hosting) — neon.tech — United States (contractual safeguards in place)
• Cloudflare (website hosting and security) — cloudflare.com — United States (UK adequacy decision applies)
• Cloudflare Web Analytics (cookieless, anonymised usage analytics) — cloudflare.com

We may also disclose your data where required by law or to protect the legal rights of RiaVed Studio.

• Account data (email, name) — for as long as your account is active, plus up to 12 months after closure
• Edit requests and messages — for the duration of your subscription plus up to 12 months
• Payment records — up to 7 years to comply with financial and tax regulations
• Enquiry form submissions — up to 12 months from the date of enquiry
• Analytics data — aggregated and anonymised; no individual retention period applies

If you are based in the United Kingdom, you have the following rights regarding your personal data:

• Right of access — you can request a copy of the personal data we hold about you
• Right to rectification — you can ask us to correct inaccurate or incomplete data
• Right to erasure — you can ask us to delete your data where there is no overriding legitimate reason to keep it
• Right to restriction — you can ask us to pause processing your data in certain circumstances
• Right to data portability — you can request your data in a machine-readable format
• Right to object — you can object to processing based on legitimate interests
• Rights related to automated decision-making — we do not use automated decision-making or profiling

To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113, if you believe we have not handled your data correctly.

We take reasonable technical and organisational measures to protect your personal data, including encrypted connections (HTTPS), access controls, and using reputable third-party infrastructure providers. However, no internet transmission is 100% secure and we cannot guarantee absolute security.

Our service is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify active clients by email.

For any questions about this privacy policy or how we handle your personal data, please contact us:

RiaVed Studio
Email: [email protected]
Website: riaved.studio