How we handle your information.

Where Beagles Dare Ltd (“WBD”, “we”, “us”) is the data controller for the information collected through wewbd.com. Registered office and company details sit at the foot of this page. For anything privacy-related, write to hello@wewbd.com.

We only collect what you give us, and only when you give it to us. Concretely:

• Contact form & Sketch. Your name, email, the message or sketch you wrote, and any URL you shared. Submitted to our forms processor (see “Where it goes” below) and arrives in our inbox.
• Discovery (full intake).The answers you type or upload: brand name, brand URL, what’s working and what isn’t, your role, your email, references you love and avoid, mood images, screenshots, colours, budget notes, deadlines, stakeholders. Stored against a token we issue to your session.
• Quote acceptance.When you accept a quote we’ve sent you, we record the typed name you signed with, the date and time, and the IP address of the device that submitted the acceptance. This is the evidence the law requires for a binding electronic acceptance, and we store it for the life of the engagement and the statutory record-keeping period afterwards.
• Chat widget. If you message us via the on-site chat, your message and the email address (or other contact details) you leave route to our messaging inbox so we can write back. The widget is provided by vidual.app, a separate product we also operate.
• Bot-check on the Discovery start. When you click into the Discovery, Cloudflare Turnstile runs a silent challenge to confirm you’re a human and not a script. Cloudflare receives your IP and a handful of standard browser characteristics for the duration of the check.
• Server logs.Our host keeps short-lived access logs (IP, request path, timestamp, user-agent) for security and to debug outages. We don’t mine these for anything else.

We don’trun analytics, advertising pixels, third-party trackers, or browser fingerprinting beyond the bot-check above. We don’t buy data about you. We don’t enrich what you give us with anything from outside.

Under UK GDPR every purpose needs a named lawful basis. Ours:

• To reply to enquiries (contact form, Sketch, chat) — legitimate interestsin responding to people who’ve asked us to.
• To prepare and deliver work for clients (Discovery, quotes, project records) — performance of a contract with you, or steps taken at your request before entering into one.
• Quote acceptance audit trail (typed name, IP, timestamp) — legitimate interests in evidencing that a contract was formed, and to meet the statutory record-keeping rules below.
• Bot-check and server logs — legitimate interests in keeping the site available and free from abuse.
• Keeping commercial and tax records (accepted quotes, invoices, correspondence) — legal obligation under HMRC and Companies Act record-keeping rules.

We use a small set of third parties to run the site. None of them sell your data; all of them are bound by data-processing terms or UK / EU standard contractual clauses that travel with the data.

• Formspree— processes submissions from the contact form and the Sketch flow, then forwards them to our inbox. Their privacy notice.
• Sanity— the content store behind Discovery, quotes, and the public site. Discovery and quote records, uploaded images, and the audit data on quote acceptance live here. Their privacy notice.
• Resend— sends our transactional emails (the “you’ve started a Discovery” / “quote accepted” notifications that land in our inbox). Their privacy notice.
• Cloudflare— DNS, edge network, and the Turnstile bot-check on the Discovery entry. Their privacy notice.
• Railway— hosts the site. Keeps short-lived access logs. Their privacy notice.
• vidual— our own messaging product, which provides the on-site chat. Messages you send via the widget route to our vidual inbox. Their privacy notice.

See cookies for what each of these stores on your device.

Some of the processors above are based in the United States (Formspree, Sanity, Resend) or operate globally distributed infrastructure (Cloudflare, Railway). Where personal data leaves the UK or EEA, the transfer relies on the UK’s International Data Transfer Addendum or the EU’s Standard Contractual Clauses, and / or the EU’s adequacy decision for the US Data Privacy Framework where the processor is certified. We’ve checked these in writing. If you’d like a copy of the safeguards for any specific transfer, ask.

Form submissions and Sketches: until our conversation finishes, then archived for up to two years in case you come back to us.

Discovery records and quotes that don’t become engagements: archived for two years from your last contact with us, then deleted.

Accepted quotes, invoices and the correspondence around them: six years from the end of the relevant accounting period, in line with UK tax and company-law record-keeping rules. Deleted at that point unless still load-bearing for a live dispute.

Server access logs: rotated within 30 days unless held longer for a specific security investigation.

Under UK GDPR (and, for visitors from the EEA, EU GDPR) you have the right to:

• Ask what we hold about you (access)
• Ask us to correct anything wrong (rectification)
• Ask us to delete it (erasure, where it applies)
• Ask us to restrict how we use it
• Ask for a portable copy of what you gave us
• Object to processing we’ve based on legitimate interests
• Withdraw any consent you’ve given us, at any time, where consent is what we were relying on

Write to hello@wewbd.com and we’ll respond within one month. There’s no charge. If we can’t do what you’ve asked — e.g. because we’re required to keep accepted-quote records for tax purposes — we’ll tell you why.

If you think we’ve mishandled something, you can also complain to the Information Commissioner’s Office at ico.org.uk. We’d rather you came to us first — but it’s your right either way.

We don’t make automated decisions about you, and we don’t profile you. A human reads everything you send us.

The site isn’t directed at children, and we don’t knowingly collect data from anyone under 18.

The site runs over HTTPS end to end. Access to the Discovery and quote records inside Sanity is restricted to authenticated WBD staff. Uploads are size- and type-checked at the server before they’re accepted.

If a breach occurs that’s likely to put your rights at risk, we’ll notify the ICO within 72 hours of becoming aware, and tell you directly without undue delay where the law requires.

We’ll update this page when something changes — a new processor, a new form, a new collection point. The “updated” date at the foot of the page is the source of truth. If a change is material we’ll flag it at the top of the page for a month.