Privacy Policy

We only collect the information we genuinely need to run our service well.

The data we may collect includes:

• Name and email address (e.g. when you contact us or sign up to updates)
• Billing and payment info (via trusted third-party provider, Stripe)
• Usage data (what pages you visit, how long you stay, what you click — via tools like Google Analytics)
• Device and browser info (to help us improve performance and security)

We don’t collect sensitive data like medical records, ID documents, or anything not relevant to your use of the site.

We use your information to:

• Deliver templates and other products you've purchased
• Respond to your enquiries
• Send updates if you’ve asked to hear from us
• Improve our site experience through analytics
• Keep things secure and running smoothly

We never sell your data. Ever.

We only use your data when the law allows us to. That usually means:

• Consent — when you actively sign up for updates
• Contract — when you're buying from us or using the site
• Legitimate interests — such as improving the website or preventing fraud

We work with a few trusted providers who help us run Graftly, like:

• Webflow (web platform)
• Stripe (payment processing)
• Google Analytics (website traffic insights)
• Email tools like MailerLite or Brevo (if/when we start sending newsletters)

They only get the data needed to do their job, and they’re all GDPR-compliant.

‍

We only keep your information for as long as we need it:

• Purchase and account records: up to 6 years (for tax/legal reasons)
• Enquiries or emails: up to 24 months
• Analytics data: up to 26 months via Google

If you ask us to delete your data sooner, we’ll do our best — unless we’re legally required to hold onto it.

Like most websites, we use cookies to improve your experience.

Cookies help us:

• Understand how people use the site
• Keep things secure
• Remember preferences (like cart contents)

You can block or delete cookies any time via your browser settings. For more detail, check out our Cookie Policy.

Under the UK GDPR, you’ve got rights — and we respect them.

You can:

• Ask what data we hold about you
• Correct or update your details
• Ask us to delete your data
• Withdraw consent for marketing
• Lodge a complaint with the ICO (Information Commissioner’s Office)

To request any of these, just email info@graftly.co.uk — we’ll respond within 30 days.

We take security seriously. The site uses HTTPS, payment data is encrypted via our processors, and access to systems is restricted and password-protected. That said, no system is 100% foolproof — so always be cautious online.

We’re based in the UK, but some of our partners (like Webflow or Google) may store data on servers outside the UK/EEA — typically in the US. Where this happens, they’re required to meet GDPR-level protections through things like the UK-US Data Bridge and Standard Contractual Clauses (SCCs).

We may update this privacy policy from time to time. If it’s a big change, we’ll let you know via the site or email. The latest version will always be published here.

If anything’s unclear, or you’d like to talk through how your data is used, email us at info@graftly.co.uk. We’re happy to help. Or, take a read of our very interesting and not at all boring terms of use policy.