Legal

Privacy Policy

Last updated: 23 May 2026

1. Introduction

I am committed to protecting your privacy and handling your personal information responsibly. This policy explains what information I collect, why I collect it, how I use it, and what your rights are.

I have written this in plain English. If anything is unclear, please get in touch at contact@wpguy.uk.

This policy applies to wpguy.uk and all associated subdomains.

2. Who I Am

I am Jason Boyd, trading as The WordPress Guy, based in West Lothian, Scotland. I am the data controller for the purposes of UK data protection law.

Contact: contact@wpguy.uk

3. Legal Framework

I process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025.

4. What Information I Collect

When you contact me through my website or by email, I collect:

  • Your name
  • Your email address
  • Your phone number, if you provide it
  • Details of the service you are enquiring about
  • Any other information you choose to share with me

If you become a client, I also collect and retain information necessary to fulfil our contract, including project details, billing information, and correspondence.

I do not knowingly collect sensitive personal information.

5. Why I Collect It and My Legal Basis

I collect and use your information on the following bases:

  • Consent — when you contact me through my website, you are consenting to me using your details to respond to your enquiry
  • Contract — if you engage my services, processing your data is necessary to fulfil our agreement
  • Legal obligation — where I am required to retain records by law, for example for tax purposes

6. How I Use Your Information

I use your information to:

  • Respond to your enquiry
  • Provide the services you have engaged me for
  • Send you project updates and correspondence relevant to our work together
  • Issue invoices and manage payments
  • Comply with my legal obligations

I do not use your information for marketing without your explicit consent, and I do not sell or share your data with third parties for marketing purposes.

7. Third-Party Processors

I use a small number of trusted third-party services that may process your data on my behalf:

Mailgun

Used to send transactional emails from both my website and my invoicing system, including contact form responses, invoices, quotes, and payment notifications. Mailgun processes email data on my behalf and is contractually bound to handle it securely.

Bunny.net

Used to host this website and serve its content. Bunny.net may process technical data such as IP addresses as part of its hosting and performance functions.

Hetzner Online

Provides the virtual private server infrastructure on which my invoicing system and other services run. Servers are located in Helsinki, Finland.

GoCardless

Used to process Direct Debit payments for care plan subscriptions. GoCardless collects and processes your name, email address, and bank details in order to set up and manage the Direct Debit mandate. GoCardless is authorised by the Financial Conduct Authority.

Anthropic

The Hamish chatbot on this site uses the Anthropic Claude API to process conversational messages. Messages are transmitted to Anthropic's servers for processing. See Anthropic's privacy policy for how API data is handled. Do not submit confidential personal data or sensitive information to the chatbot.

None of these providers are given access to your personal information beyond what is strictly necessary to provide their services.

8. Data Storage and Security

My invoicing system and associated services are hosted on infrastructure provided by Hetzner Online, located in Helsinki, Finland. Finland is within the European Economic Area (EEA), which the UK has recognised as providing adequate data protection under UK GDPR. Data transfers to and from this infrastructure are therefore lawful.

I take appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

9. How Long I Keep Your Information

  • Enquiries that do not lead to a project — I retain your information for up to 12 months, after which it is deleted.
  • Client records — I retain project correspondence and billing records for 6 years following the end of our working relationship, in line with HMRC requirements and the 5-year prescription period under Scots law.

10. Your Rights

Under UK data protection law, you have the right to:

  • Access the personal information I hold about you
  • Request corrections to inaccurate data
  • Request deletion of your data, where I am not legally required to retain it
  • Restrict how I process your data
  • Object to processing based on legitimate interests
  • Withdraw consent at any time, where consent is the basis for processing

To exercise any of these rights, contact me at contact@wpguy.uk. I will respond within one calendar month.

11. Cookies

This website uses no cookies. No tracking, analytics, marketing, or functional cookies are set. The Hamish chatbot stores conversation history in your browser's session storage only — this is not a cookie and is cleared when you close the browser tab.

12. Changes to This Policy

I may update this policy from time to time. Any changes will be published at wpguy.uk/privacy-policy with an updated date at the top. Please check back periodically.

13. Complaints

If you have a concern about how I handle your personal data that I have not resolved to your satisfaction, you have the right to complain to the Information Commissioner's Office (ICO).

ICO helpline: 0303 123 1113  •  Website: ico.org.uk