Privacy Policy

Who we are

Mirage (wearemirage.co.uk) is a web design and development studio based in the UK. When we say "we" or "us", we mean Mirage. When we say "you", we mean you, our client or website visitor.

What data we collect

We only collect what we actually need. Here is what that looks like:

• Name and contact details: Your name, email address, and phone number so we can communicate with you.
• Business information: Details about your business that you share through our onboarding form, so we can build you the right website.
• Website URL: Your current website address, if you have one.
• Payment information: Processed securely through Stripe. We never see or store your full card details.

Why we collect it

We use your information for the following reasons:

• To build your website: We need your business info and content to create something that works for you.
• To communicate with you: Project updates, questions, approvals, and general correspondence.
• To process payments: So you can pay for our services securely.
• To improve our service: Understanding how clients use our process helps us make it better.

We will never sell your data to anyone. Full stop.

How we store your data

Your data is stored across a few trusted services, each chosen for their security and reliability:

• Supabase: Our database where we store project and client information. Data is encrypted at rest.
• Stripe: Handles all payment processing. They are PCI DSS compliant, which is the gold standard for payment security.
• Resend: We use Resend to send emails to you (project updates, invoices, and similar). They only receive the email data needed to deliver your messages.

We take reasonable steps to protect your data, including using HTTPS everywhere, secure authentication, and limiting access to those who need it.

Third parties

We share your data with these third parties only as needed to deliver our services:

• Stripe: Payment processing.
• Resend: Email delivery.
• Netlify / Vercel: Website hosting. Your website files are deployed here.
• Supabase: Database and backend services.

Each of these services has their own privacy policy and handles data in accordance with GDPR. We do not share your data with anyone else unless required by law.

Cookies

We keep cookies to an absolute minimum. We do not use tracking cookies, advertising cookies, or any of the annoying stuff that makes you click through cookie banners.

The only cookies we use are essential session cookies for the client portal login. These are strictly necessary for the portal to work and expire when your session ends.

Your rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access: You can ask us what data we hold about you, and we will provide it.
• Right to rectification: If any of your data is wrong, let us know and we will fix it.
• Right to deletion: You can ask us to delete your data. We will do so unless we are legally required to keep it.
• Right to data portability: You can ask for a copy of your data in a standard format so you can take it elsewhere.

To exercise any of these rights, just email us. We will respond within 30 days.

Data retention

We keep your data for as long as you are an active client. If you cancel your services with us, we will delete your personal data within 90 days of cancellation.

Some data may be retained longer if we are legally required to do so (for example, financial records for tax purposes). But we will only keep what the law requires and nothing more.

Updates to this policy

We may update this privacy policy from time to time. If we make any significant changes, we will let you know by email. The "last updated" date at the top of this page will always reflect the most recent version.

Get in touch

If you have any questions about how we handle your data, or you want to exercise any of your rights, email us at:

hello@wearemirage.co.uk

We will get back to you as quickly as we can.