Last updated: 22 March 2026
ComplianceFix is operated by James at ComplianceFix. We are the data controller for the personal data described in this policy. You can contact us at info@compliancefix.co.uk.
| Data | Purpose | Lawful basis |
|---|---|---|
| Business name, domain, contact email | Delivering our compliance scanning and report service | Contract performance — Art.6(1)(b) |
| Website content (scanned pages) | Analysing your site's compliance position | Contract performance — Art.6(1)(b) |
| Questionnaire answers (data types, third parties, marketing practices) | Customising your compliance documents | Contract performance — Art.6(1)(b) |
| Payment details (card number, billing address) | Processing your payment via Stripe | Contract performance — Art.6(1)(b) |
| Companies House data (registered name, address, SIC codes) | Populating your compliance documents accurately | Legitimate interests — Art.6(1)(f) |
| Email delivery data (opens, bounces) | Ensuring report and policy delivery | Legitimate interests — Art.6(1)(f) |
We do not process any special category data (Art.9) about you. The website content we scan may contain such data — we process it solely to assess compliance and do not use it for any other purpose.
We share your data with the following third parties, all of whom act as data processors on our behalf unless otherwise stated:
| Recipient | Purpose | Location |
|---|---|---|
| Stripe (independent controller for fraud prevention) | Payment processing | US — UK-US Data Bridge |
| Resend (processor) | Email delivery | US — UK-US Data Bridge |
| Netlify (processor) | Website hosting and serverless functions | US — UK-US Data Bridge |
| Render (processor) | API hosting | US — UK-US Data Bridge |
| Turso (processor) | Database storage | EU (Ireland) — UK adequacy regulations |
| Companies House (public authority) | Company data lookup | UK |
| Google LLC (processor — Google Fonts) | Font delivery. When your browser loads fonts from fonts.googleapis.com, your IP address is transmitted to Google. | US — UK-US Data Bridge |
| Cloudflare Inc (processor — Turnstile) | Bot protection on the free compliance scan form. Verifies visitors are real people. | US — UK-US Data Bridge |
We do not sell, rent, or share your personal data with any third parties for their own marketing purposes.
Several of our service providers are based in the United States, including Stripe, Resend, Netlify, Render, Google (Google Fonts), and Cloudflare (Turnstile). For US-based providers certified under the EU-US Data Privacy Framework, transfers are covered by the UK Extension to the EU-US Data Privacy Framework (the "UK-US Data Bridge"), effective since 12 October 2023. For our EU-based provider (Turso, Ireland), transfers are covered by the UK's adequacy regulations for the EEA.
| Data | Retention period | Reason |
|---|---|---|
| Customer records | 6 years from last service | Limitation Act 1980 (contractual claims) |
| Payment records | 6 years from transaction | HMRC requirements |
| Scan results and reports | Duration of service relationship plus 12 months | Enabling re-scans and service continuity |
| Email delivery logs | 12 months | Troubleshooting delivery issues |
Under UK GDPR, you have the right to:
To exercise any of these rights, email info@compliancefix.co.uk. We will respond within one month. If we need to extend this, we will tell you why within that first month.
You have the right to complain to the Information Commissioner's Office (ICO) at any time. We would appreciate the opportunity to address your concerns first, but this is not a precondition.
ICO: ico.org.uk/make-a-complaint · 0303 123 1113 · Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
We will update this page when our data processing practices change. The "last updated" date at the top reflects the most recent revision.