This page explains what data Nerdster Design holds about you, why we have it, and what you can do about it. It's a working document — written so you can actually read it, not so a lawyer can win an argument.
Last updated: 30 April 2026
Who we are
"Nerdster Design" is a trading name of Nerdster Ltd, a private company limited by shares, registered in England & Wales. Our registered office is 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. UK VAT registration number: GB 144 0135 56. For privacy questions, write to [email protected] — we read everything that comes in.
For the purposes of UK GDPR and the Data Protection Act 2018, Nerdster Ltd is the data controller for personal data processed through this site and through our work with you.
What we collect
Email enquiries. When you email [email protected], we receive whatever you put in the message — name, company, the brief, and any contact details you choose to include.
Project records. If we end up working together, we hold the contracts, briefs, files and invoices that come with that. Standard business stuff.
Server logs. Our hosting (a Digital Ocean droplet) records IP addresses and basic request data for security and uptime. These rotate automatically and aren't tied back to you by name.
Analytics. We use two tools to understand how the site is used:
Umami — a privacy-respecting analytics platform that uses no cookies, no personal identifiers, and no cross-site tracking. Aggregated page-view counts only.
Google Analytics 4 — configured with IP anonymisation, Google Signals disabled, and ad-personalisation signals disabled. We honour your browser's "Do Not Track" preference: if it's on, GA4 doesn't load.
What we don't use. No Meta Pixel, no Hotjar, no Microsoft Clarity, no fingerprinting, no advertising trackers. If that ever changes, we'll update this page first.
Why we collect it (the lawful bases)
To answer your enquiry. Lawful basis: consent (you contacted us) and our legitimate interest in running a business that replies to enquiries.
To deliver work and get paid. Lawful basis: performance of a contract once you become a client, plus our legitimate interest in keeping accounting records.
To meet legal obligations. Lawful basis: legal obligation — primarily HMRC record-keeping for invoices and tax.
To keep the site online. Lawful basis: legitimate interest in security and reliability.
Who else sees your data
As few people as possible. We use a small set of trusted suppliers to actually run the business, each under appropriate data-processing terms:
Analytics: Umami (cookie-free) and Google Analytics 4 (IP-anonymised, ads disabled).
Accounting: our UK accountants and HMRC, to the extent the law requires.
We do not sell your data, full stop. We do not share it with advertising networks. We do not transfer it outside the UK or EEA without appropriate safeguards (typically the UK International Data Transfer Addendum or equivalent Standard Contractual Clauses).
How long we keep it
Enquiries that don't lead anywhere: 24 months from last contact, then deleted.
Active client records: for the duration of the engagement.
Invoices and tax records: at least 6 years after the end of the relevant tax year, as HMRC requires.
Server logs: rotated within 30 days.
Your rights
Under UK GDPR you have the right to:
ask for a copy of the data we hold about you
ask us to correct anything that's wrong
ask us to delete it (where we don't have a legal reason to keep it)
ask us to restrict or stop processing it
get it in a portable format, where applicable
object to processing based on our legitimate interest
To exercise any of these, email [email protected]. We'll reply within one calendar month — usually a lot sooner.
Complaints
If you think we've handled your data badly and we haven't sorted it, you can complain to the Information Commissioner's Office, the UK's independent data protection regulator. We'd rather you came to us first so we can put it right, but you don't have to.
Cookies
Umami sets no cookies at all. Google Analytics 4 sets one cookie (_ga) for visitor counting, with IP anonymised — and it doesn't load if your browser has Do Not Track enabled. We set no advertising cookies. See our cookie note for the full breakdown.
Changes to this notice
If we change anything material — a new processor, a different lawful basis, a new category of data — we'll update the date at the top of this page and post a short note in the footer of the site for thirty days. Trivial wording fixes won't be flagged.
Questions, second opinions, or just a polite "what do you mean by that paragraph"? Email us.