Who we are
This site is run by Sundrop Marketing Ltd(“Sundrop”, “we”, “us”), a company registered in England & Wales under company number 16686962. We’re the “data controller” for the personal data described below — meaning we decide what we collect and what we do with it.
Questions, requests, or complaints? Email tyree@sundrop.uk. A real human (Tyree) reads it.
What we collect, and why
Contact form submissions
When you fill in a contact form on the site, we collect the fields you give us: name, email, phone (optional), business name, the package you’re interested in, your preferred contact method, and any meeting time you pick. We use this only to reply to your enquiry.
Legal basis:legitimate interests (responding to a business enquiry you’ve initiated). We hold this data for up to 24 months unless you become a client, in which case we keep it for as long as we’re working together plus a reasonable period afterwards.
Newsletter signups
If you subscribe via the footer, we collect your email address. We send marketing tips, occasional offers, and the odd blog post — never more than a couple of emails a month, and every one has a one-click unsubscribe.
Legal basis:consent. You can withdraw it any time by clicking “unsubscribe” in any email or by emailing us.
Analytics
We built our own first-party analytics instead of using Google Analytics, Meta Pixel, or any other third-party tracker. It sets no cookies, stores no raw IP addresses, and keeps no persistent identifier — a per-tab session id (deleted when you close the tab) and a daily-rotating hash are all it uses, purely to count visits and see which pages are read. Nothing is shared with or sold to anyone. See our cookie policy for the full breakdown.
Legal basis:legitimate interests (understanding how our own site performs, using cookieless data that can’t identify you).
Who we share data with
We use a small number of trusted processors to keep the site running:
- Vercel — hosts the website itself.
- Supabase — our database and storage, where your contact-form and newsletter submissions are kept. Hosted in the EU.
- Resend — delivers the email notification when you submit a form, so we actually see your message.
That’s the lot — no analytics companies, no ad networks, no data brokers. We don’t sell your data to anyone. Ever. And we don’t share it with advertisers, because we don’t use any.
Your rights
Under UK GDPR you can ask us to:
- Tell you what data we hold about you (right of access)
- Correct anything wrong (right to rectification)
- Delete it all (right to erasure)
- Stop processing it (right to restrict / object)
- Send it to another service (right to data portability)
- Withdraw consent at any time (for anything we’re relying on consent for)
Email tyree@sundrop.ukand we’ll handle it within 30 days. If you’re not happy with how we’ve responded, you can complain to the UK’s Information Commissioner’s Office (ICO) at ico.org.uk.
Security.
We use HTTPS everywhere, sensible password practices, and least-privilege access on all the tools that touch your data. No system is perfectly secure, but we treat your data the way we’d want ours treated.
Changes to this policy.
If we change anything material here, we’ll update the “last updated” date at the top. For substantial changes, we’ll email anyone on the newsletter and flag it on the site.