Privacy Policy

Last updated: May 2026

Overview

Urthly Ltd ("we", "us", "our") is committed to protecting your privacy. This policy explains how we handle personal data when you visit urthly.co.uk or urthly.digital, apply for Urthly Digital, use the portal, receive our managed website service, or communicate with us.

Client websites managed by Urthly Digital have their own privacy policies and cookie policies. Where we process data on behalf of a client website, that client is normally the data controller and Urthly acts as a processor.

Information We Collect

Prospects and leads: name, email address, phone number, business name, website URL, location, service needs, messages, form answers, booking details, call notes, referral source, campaign parameters such as UTM values, and ad identifiers such as gclid, gbraid or wbraid where provided by your browser or link.

Clients and portal users: name, email address, business details, website content, brand assets, onboarding answers, support requests, subscription status, invoices, usage records, DNS details and analytics shown in your portal.

Website visitors: IP address, device/browser information, pages viewed, interactions, consent choices, approximate location and referral source. Analytics and advertising storage are consent-gated where required.

Client-site visitors: enquiry, order, booking and contact data submitted through a client website, plus consent-gated analytics data where enabled for that client site.

We do not sell personal data.

Cookies

We use essential storage for security, consent preferences, routing, checkout and portal sessions. We use analytics and marketing storage only where consent is required and given. Continued browsing is not treated as consent. More detail is available in our Cookie Policy.

How We Use Personal Data

We use personal data to respond to enquiries, assess applications, build and manage websites, provide the portal, process subscriptions, deliver support, send service emails, maintain security, measure website performance, attribute ad campaigns, improve our service, comply with legal obligations and protect our legitimate business interests.

We may use automation and AI-assisted tools to help draft website copy, structure pages, classify support requests, prepare previews and improve internal workflows. We review outputs before using them in client work where appropriate.

Legal Bases

We rely on different legal bases depending on the context: contract or pre-contract steps when you apply for or use our services; legitimate interests for service improvement, security, lead follow-up and business administration; consent for non-essential cookies and some marketing communications; and legal obligation for accounting, tax and compliance records.

Third-Party Services (Sub-Processors)

We use trusted service providers to operate Urthly Digital, including Supabase for database and authentication, Vercel for hosting and CDN, Resend for transactional email, Stripe for billing and payment processing, PostHog for consent-gated product analytics, Google for consent-mode analytics, advertising attribution, Search Console and Google Ads where configured, and AI or automation providers where needed to deliver the managed website service.

These providers process data under their own terms and, where applicable, as processors or sub-processors for us. Some processing may take place outside the UK; where this happens, we rely on appropriate safeguards such as adequacy decisions, standard contractual clauses or equivalent protections.

Data Retention

We keep personal data only for as long as reasonably needed. Lead and application data is usually retained for up to 24 months unless you become a client or ask us to delete it sooner. Portal and support records are retained for the life of the client relationship and then for a reasonable period to handle disputes, security, accounting and service history. Billing and accounting records may be kept for up to seven years. Analytics data is usually retained for up to 13 months.

Contact Data

When a managed client uses website forms, bookings, ecommerce, inbox or contact-list features, we store contact data so the client can respond to customers and manage their website. We do not use a client's customer contact data for our own marketing.

Commerce Data

Where ecommerce is enabled for a client website, we may process order details such as customer name, email address, delivery information, product details and order status. Payment processing is handled by Stripe or another agreed payment provider. We do not store full card details.

Emails and Notifications

We send service emails such as application confirmations, lead notifications, ticket updates, billing notifications, onboarding messages and important account notices. We may also send relevant business updates to prospects or clients where permitted by law. You can opt out of non-essential marketing emails.

Google Ads Data

Where Google Ads readiness, attribution or campaign support is enabled, we may process campaign identifiers and performance data such as impressions, clicks, cost, landing pages and conversion events. Full Google Ads management is only provided where separately agreed.

Your Rights

Under UK GDPR, you have the right to:

Access your personal data. Rectify inaccurate data. Request erasure of your data. Restrict or object to processing. Receive your data in a portable format. Lodge a complaint with the Information Commissioner's Office (ICO) if you believe your rights have been breached.

To exercise any of these rights, contact us at the email below. You can also complain to the Information Commissioner's Office at ico.org.uk.

Contact

If you have any questions about this privacy policy, please contact us at hello@urthly.digital.