Legal

Privacy Policy

Last updated: 28 March 2026

CDS (Creative Digital Solutions) Ltd (“we”, “our”, “us”), trading as seoandgeo.co.uk, is committed to protecting your personal data. This policy explains what we collect, why we collect it, how long we keep it, and what rights you have.

We are a data controller under UK GDPR. Our contact for all privacy matters is hello@seoandgeo.co.uk.

1. Who we are

Company: CDS (Creative Digital Solutions) Ltd
Trading as: seoandgeo.co.uk
Registered in: England and Wales
Contact: hello@seoandgeo.co.uk

2. What personal data we collect

Form data

When you request an audit we collect: your website URL, email address, business type or industry, website platform, competitor names (optional), and how you currently handle SEO.

Audit data

The results of the website analysis: your Digital Visibility Score, findings, and recommendations. This relates to your publicly accessible website — not personal data on the audited site (see section 7).

Payment data

Billing and payment information processed by Stripe. We do not store your card details — they go directly to Stripe.

Account data

Your email address, and your name if you provide it.

Usage data

If you consent to analytics cookies: pages visited, session duration, referral source, and browser type — collected via Google Analytics. This data is anonymised.

Communications

Emails sent and received between us, including your audit report delivery and any follow-up correspondence.

3. How we use your data

To run the SEO and GEO audit on your website URL
To deliver your audit report by email
To schedule and deliver your free 90-day re-audit
To send follow-up emails about your audit results (3-day, 7-day, and 14-day sequence — you can unsubscribe at any time via the link in any email)
To process your payment
To respond to enquiries you send us
To improve our website and service
To comply with legal and regulatory obligations

4. Lawful basis for processing

UK GDPR requires us to have a lawful basis for processing your data. Here is the basis we rely on for each purpose:

Contract

Processing your audit data and delivering your report and 90-day re-audit — this is necessary to perform the service you purchased.

Legitimate interest

Sending follow-up emails about your audit results; improving our service; maintaining the security of our systems. We have a legitimate interest in helping you get value from your audit, and you can opt out at any time.

Consent

Analytics cookies (Google Analytics) — only placed after you accept them. You can withdraw consent at any time via your browser cookie settings or by contacting us.

Legal obligation

Retaining financial records for 6 years as required by UK tax law.

5. Third parties we share data with

We do not sell your data. We only share it with the following service providers, who process it on our behalf:

Stripe

Payment processing. Your card details go directly to Stripe — we receive confirmation of payment only. Stripe is headquartered in the United States.

Supabase

Database hosting. Your form data, audit results, and account information are stored in Supabase. Data is hosted in the EU (AWS eu-west-1, Ireland).

Resend

Email delivery. Your email address and audit report are passed to Resend to deliver emails to you. Resend is a US-based service.

Anthropic (Claude API)

AI analysis. When you submit your website URL for auditing, we send the URL and your form responses (industry, platform, competitors) to Anthropic’s Claude API to generate the audit findings. We do not send payment data or personal data beyond what is required for the analysis. Anthropic is headquartered in the United States.

Google Analytics

Usage analytics. If you consent to analytics cookies, anonymised data about your visit (pages viewed, session duration, referral source) is shared with Google. Google is headquartered in the United States.

n8n Cloud

Workflow automation. Your audit request data passes through our n8n Cloud pipeline which orchestrates the audit process. n8n Cloud infrastructure is hosted in the EU.

6. A note on what we audit

We analyse publicly accessible website data only — HTML structure, meta tags, schema markup, robots.txt, sitemap files, page speed, and other publicly visible elements.

We do not access password-protected areas, admin panels, login pages, private databases, or any personal information on the audited site. We only analyse what any visitor could see by loading your web pages.

7. International data transfers

Some of our service providers are based outside the UK, primarily in the United States (Stripe, Resend, Anthropic, Google). When we transfer personal data to these providers, we ensure appropriate safeguards are in place, including:

UK International Data Transfer Agreements (IDTAs) or equivalent standard contractual clauses
The UK-US Data Bridge, where providers are certified under this framework

If you have questions about specific transfer mechanisms, email hello@seoandgeo.co.uk.

8. How long we keep your data

Data type	Retention period	Reason
Audit results	12 months	Required to deliver and compare your 90-day re-audit
Account and form data	Until deletion requested	To provide and support the service
Payment records	6 years	Required by UK tax law — cannot be erased on request during this period
Email logs	90 days	Troubleshooting and delivery confirmation
Analytics data	14 months (default GA4 setting)	Usage analysis

9. Your rights under UK GDPR

You have the following rights regarding your personal data. To exercise any of them, email hello@seoandgeo.co.uk and we will respond within one month.

Right of access

Request a copy of the personal data we hold about you (a Subject Access Request).

Right to rectification

Ask us to correct inaccurate or incomplete data.

Right to erasure

Ask us to delete your data. Note: we cannot erase payment records during the 6-year legal retention period.

Right to restrict processing

Ask us to limit how we use your data in certain circumstances.

Right to data portability

Receive your personal data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interest, including direct marketing. We will stop unless we have compelling legitimate grounds.

Right to withdraw consent

Where we rely on consent (e.g. analytics cookies), you can withdraw it at any time. This does not affect processing carried out before withdrawal.

10. Your right to complain

If you’re not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

Website: ico.org.uk
Phone: 0303 123 1113

We’d welcome the chance to address your concerns first — please contact us at hello@seoandgeo.co.uk before escalating to the ICO.

11. Cookies

Cookies are small text files placed on your device when you visit a website. We use two categories:

Essential cookies (no consent required)

Session management:Keeps you authenticated during your visit.

Preference storage:Remembers your cookie consent choice so the banner doesn't appear on every page.

Analytics cookies (require your consent)

Google Analytics (GA4): Collects anonymised data about how visitors use our site — pages visited, session duration, and referral source. This helps us improve the product. Analytics cookies are only loaded after you accept them.

You can manage your cookie preferences using the banner that appears on your first visit, or contact us at hello@seoandgeo.co.uk. For more detail on cookies generally, see the ICO’s guidance at ico.org.uk/for-the-public/online/cookies.

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top shows when the most recent changes were made. For significant changes, we will notify you by email if we have your contact details.

13. Contact us

For any privacy queries, to exercise your rights, or to request a copy of this policy in a different format:

Email: hello@seoandgeo.co.uk

Company: CDS (Creative Digital Solutions) Ltd

Trading as: seoandgeo.co.uk