Sundrop

Privacy

Privacy policy.

The plain-English version of how Sundrop handles your data. We collect as little as possible, we don't sell anything to anyone, and you can ask us to delete it all whenever you like.

Last updated · 5 May 2026

Who we are

This site is run by Sundrop Marketing Ltd(“Sundrop”, “we”, “us”), a company registered in England & Wales under company number 16686962. We’re the “data controller” for the personal data described below — meaning we decide what we collect and what we do with it.

Questions, requests, or complaints? Email tyree@sundrop.uk. A real human (Tyree) reads it.

What we collect, and why

Contact form submissions

When you fill in a contact form on the site, we collect the fields you give us: name, email, phone (optional), business name, the package you’re interested in, your preferred contact method, and any meeting time you pick. We use this only to reply to your enquiry.

Legal basis:legitimate interests (responding to a business enquiry you’ve initiated). We hold this data for up to 24 months unless you become a client, in which case we keep it for as long as we’re working together plus a reasonable period afterwards.

Newsletter signups

If you subscribe via the footer, we collect your email address. We send marketing tips, occasional offers, and the odd blog post — never more than a couple of emails a month, and every one has a one-click unsubscribe.

Legal basis:consent. You can withdraw it any time by clicking “unsubscribe” in any email or by emailing us.

Analytics & marketing cookies

With your consent, we use Google Analytics 4 to understand how the site is performing and Meta Pixel to measure ad effectiveness. We also use Rybbit for server-side analytics — it sets no cookies and stores no client-side identifiers, so it works without consent under UK PECR rules. See our cookie policy for the full breakdown.

Legal basis: consent (for the cookie-based tools) / legitimate interests (for the cookieless server-side analytics).

Who we share data with

We use a small number of trusted processors to keep the site running:

  • Zapier — receives your contact-form and newsletter submissions and routes them to our email and CRM tooling. Hosted in the US under the EU-US Data Privacy Framework.
  • Vercel — hosts the website itself.
  • Google Analytics — only with your consent. Hosted in the US.
  • Meta Pixel — only with your consent. Hosted in the US.
  • Rybbit — server-side analytics, no personal identifiers stored.
  • Email and CRM tools (currently configured via Zapier — these may evolve as the business grows).

We don’t sell your data to anyone. Ever. We don’t share it with advertisers beyond the analytics tools listed above.

Your rights

Under UK GDPR you can ask us to:

  • Tell you what data we hold about you (right of access)
  • Correct anything wrong (right to rectification)
  • Delete it all (right to erasure)
  • Stop processing it (right to restrict / object)
  • Send it to another service (right to data portability)
  • Withdraw consent at any time (for anything we’re relying on consent for)

Email tyree@sundrop.ukand we’ll handle it within 30 days. If you’re not happy with how we’ve responded, you can complain to the UK’s Information Commissioner’s Office (ICO) at ico.org.uk.

Security.

We use HTTPS everywhere, sensible password practices, and least-privilege access on all the tools that touch your data. No system is perfectly secure, but we treat your data the way we’d want ours treated.

Changes to this policy.

If we change anything material here, we’ll update the “last updated” date at the top. For substantial changes, we’ll email anyone on the newsletter and flag it on the site.