Privacy Policy

Last updated: March 2026

Overview

Urthly Ltd ("we", "us", "our") is committed to protecting your privacy. This policy explains how we handle information when you use our websites, portal, and managed website services.

Information We Collect

We collect minimal data necessary to provide our services:

Portal users (clients): Name, email address, business details provided during onboarding. This data is stored securely and used solely to deliver our web management service.

Website visitors (client sites): When a visitor consents to analytics cookies, we collect anonymised page view data, click events, scroll depth, device type, and session identifiers. No personally identifiable information is collected through analytics. Form submissions (name, email, message) are stored to forward enquiries to our clients.

We do not sell, trade, or otherwise transfer personal information to third parties.

Cookies

Our websites use cookies in the following categories:

Essential cookies: Required for basic site functionality, including consent preference storage. These cannot be disabled.

Analytics cookies: Used to understand how visitors use a website. These are only set after the visitor provides explicit consent via the cookie banner. Analytics data includes page views, clicks, and scroll behaviour. No advertising profiles are built.

Marketing cookies: Where configured by our clients (such as Google Analytics or heatmap tracking), these are only activated after explicit visitor consent.

All cookie consent preferences are stored in the visitor's browser. No consent is assumed from continued browsing.

Third-Party Services (Sub-Processors)

We use the following third-party services to deliver our platform:

Supabase (database hosting and authentication), Vercel (website hosting and CDN), Resend (transactional email delivery), Stripe (payment processing, where applicable), Google Analytics (optional, configured per client site, consent-gated).

Each service has its own privacy policy and processes data in accordance with its terms.

Data Retention

Analytics data is automatically deleted after 13 months. Form submissions are retained until the client requests deletion or their account is closed. Portal account data is retained for the duration of the service agreement and deleted upon request after account closure.

Contact Data

When you use the contact list feature, we store contact names and email addresses collected through your website forms, orders, and bookings. This data is stored securely in our systems and is used solely for the purpose of sending communications you initiate through your portal. Contact data is retained for the duration of your subscription plus 12 months, after which it is deleted.

Commerce Data

When customers purchase products through your online store, we process order data including customer names, email addresses, delivery information, and payment details. Payment processing is handled by Stripe, our payment processor. We do not store full payment card details. Order records are retained for the duration of your subscription plus 12 months for accounting and dispute resolution purposes.

Email Broadcasts and Sequences

When you send email broadcasts or automated email sequences, we process recipient email addresses and track delivery status. All marketing emails include an unsubscribe link as required by UK GDPR and PECR. We do not sell, share, or use contact data for any purpose other than delivering communications you initiate.

Google Ads Data

If you use our Google Ads management service, we process campaign performance data including impressions, clicks, cost, and conversion metrics. This data is fetched from Google Ads via their API and stored in our systems to provide you with performance reporting. Your Google Ads account remains under your ownership.

Your Rights

Under UK GDPR, you have the right to:

Access your personal data. Rectify inaccurate data. Request erasure of your data. Restrict or object to processing. Receive your data in a portable format. Lodge a complaint with the Information Commissioner's Office (ICO) if you believe your rights have been breached.

To exercise any of these rights, contact us at the email below.

Contact

If you have any questions about this privacy policy, please contact us at hello@urthly.digital.