Privacy Policy

Last updated: 3 January 2025

1. Introduction

Design Detail ("we", "us", or "our") is a sole proprietorship based in the United Kingdom. We are committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at designdetail.io, including our embeddable widgets and website builder platform.

Data Controller: Design Detail
Contact: support@designdetail.io

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted)
  • Name (optional)

2.2 Business Information

To provide our services, we collect information about your car detailing business:

  • Business name and contact details
  • Business address
  • Services and pricing information
  • Business hours
  • Images and media you upload
  • Customer reviews and testimonials

2.3 Usage Data

We automatically collect certain information when you use our services:

  • IP address and approximate location
  • Browser type and version
  • Pages visited and features used
  • Time spent on pages
  • Referring website
  • Device information

2.4 Google Drive Access

If you choose to connect your Google Drive account:

  • We request read-only access to view and import files you select
  • We store an encrypted authentication token to maintain your connection
  • We only access files you explicitly choose to import
  • We do not access, read, or store the contents of files you do not import
  • You can disconnect Google Drive at any time from your account settings

2.5 Contact Form Submissions

When visitors submit enquiries through your embedded contact forms, we collect the information they provide (name, email, phone, message) and store it on your behalf.

3. How We Use Your Information

We use your information to:

  • Provide and maintain our services
  • Create and manage your account
  • Generate your embeddable widgets and websites
  • Process and deliver contact form submissions
  • Send service-related communications
  • Improve our services and develop new features
  • Monitor and analyse usage patterns
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Legal Basis for Processing (UK GDPR)

Under UK data protection law, we process your personal data based on the following legal grounds:

  • Contract: Processing necessary to provide our services to you
  • Legitimate Interests: Improving our services, preventing fraud, and marketing (where applicable)
  • Consent: Where you have given specific consent, such as connecting Google Drive
  • Legal Obligation: Where required by law

5. Third-Party Services

We use the following third-party services to operate our platform:

5.1 Supabase (Database & Authentication)

We use Supabase to store your data and manage authentication. Supabase is GDPR compliant and stores data in secure data centres.
Supabase Privacy Policy

5.2 Google (Drive Integration & Reviews)

We integrate with Google Drive (optional) and Google Maps for reviews. Google's use of your data is governed by their privacy policy.
Google Privacy Policy

5.3 Bunny.net (Video Hosting)

We use Bunny.net to host and stream video content. Videos you upload are stored on their CDN.
Bunny.net Privacy Policy

5.4 Vercel (Hosting & Analytics)

Our website is hosted on Vercel. We use Vercel Analytics to understand how our site is used.
Vercel Privacy Policy

5.5 Google Analytics

We use Google Analytics to analyse website traffic and usage patterns. This involves cookies and similar technologies.
Google Privacy Policy

6. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfil the purposes described in this policy:

  • Account data: Retained while your account is active, plus 30 days after deletion
  • Business data: Retained while your account is active
  • Contact form submissions: Retained until you delete them
  • Analytics data: Retained for 26 months
  • Google Drive tokens: Deleted immediately when you disconnect

7. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@designdetail.io. We will respond within one month.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the United Kingdom, including the United States (where some of our service providers are based).

Where we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or transfers to countries with adequate data protection laws.

9. Cookies

We use cookies and similar technologies to:

  • Essential cookies: Required for authentication and core functionality
  • Analytics cookies: Help us understand how you use our services
  • Preference cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our services.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest (e.g., authentication tokens)
  • Secure authentication with password hashing
  • Regular security updates and monitoring
  • Access controls and audit logging

11. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or by posting a notice on our website. The "Last updated" date at the top of this policy indicates when it was last revised.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@designdetail.io

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been violated:
https://ico.org.uk/make-a-complaint/