Privacy Policy.

Plain English explanation of how Revolve Consulting handles your personal data, in line with UK GDPR and the Data Protection Act 2018.

01 Who we are

Revolve Consulting is a sole trader practice based in Epping, Essex, United Kingdom, providing AI systems, websites, and operational tooling to UK small and medium businesses. The data controller for this website and any associated communications is Louis, trading as Revolve Consulting.

02 What data we collect

We collect the minimum personal data required to respond to enquiries and deliver our services. Specifically:

• Contact data you send to us: your name, email address, phone number, business name, and anything else you include when you email us via the address on this site or fill in a discovery call request.
• Engagement data: if you become a client, the information needed to deliver the engagement (project briefs, files you share, meeting notes).
• Server access logs: our hosting provider (Netlify) records standard web server data — IP address, browser type, referring page — for security and reliability. We do not analyse this data and we do not maintain our own copy.

03 What we don't collect

This website does not use:

• Analytics or tracking cookies (Google Analytics, Hotjar, Facebook Pixel, etc.)
• Advertising or marketing trackers
• Social media embed cookies
• Account creation, login systems, or stored passwords

If we add any of these in future, we'll update this policy and add a consent banner before they start collecting data.

04 How we use your data

We use your data only for the purposes below:

• Responding to enquiries you've sent us about our services.
• Delivering engagements you've contracted us to do.
• Sending project communications related to an active engagement.
• Meeting our legal obligations (e.g. retaining invoices for tax purposes).

We do not send marketing emails or newsletters, share your data with third parties for advertising, or use your information for any purpose you didn't initiate.

05 Legal basis for processing

Under UK GDPR, the lawful bases we rely on are:

• Legitimate interest: for responding to enquiries you've initiated and corresponding about active or prospective engagements.
• Contract: where we have a written agreement with you to deliver services.
• Legal obligation: where we are required to retain records by HMRC, anti-money-laundering law, or similar.

06 How long we keep your data

• Enquiries that don't progress: deleted within 12 months of the last contact.
• Active client data: retained for the duration of the engagement and up to 7 years afterwards for tax and legal compliance.
• Server access logs: held by Netlify per their retention policy (typically 30 days).

07 Who we share your data with

We share your personal data only with:

• Service providers we use to run the business — currently Google Workspace (email), Netlify (hosting), and our accountant for tax purposes. These providers act as data processors and are bound by their own data protection agreements.
• UK government bodies where legally required (HMRC, courts, the ICO).

We do not sell or rent your data to anyone, ever.

08 International transfers

Some of our service providers (Google, Netlify) are headquartered outside the UK. Where personal data is transferred internationally, it is protected by appropriate safeguards including Standard Contractual Clauses approved by the UK Information Commissioner's Office.

09 Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (subject to legal retention requirements).
• Restrict or object to how we process your data.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.
• Complain to the ICO — the UK supervisory authority for data protection — at ico.org.uk/make-a-complaint.

To exercise any of these rights, email us at the address below. We'll respond within one calendar month, usually much sooner.

10 Security

We take reasonable steps to protect personal data from unauthorised access, loss, or disclosure. This includes using encrypted email (Google Workspace), HTTPS on this website, two-factor authentication on all administrative accounts, and limiting access to client data to the person delivering the work.

11 Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. If we make significant changes, we'll notify clients with active engagements by email.