Legal

Privacy Policy

Last updated: March 2026

1. Who We Are

corencraft is a digital agency providing web design, development, SEO, and branding services. References to “we”, “us”, or “corencraft” in this policy refer to the agency operating under the corencraft brand.

For any privacy-related questions, contact us at contact@corencraft.com.

2. What Data We Collect

We collect only the data necessary to operate our services. This includes:

  • Contact form submissions: name, email address, project type, and message content, submitted voluntarily through our contact form.
  • Technical data: IP address, browser type, and device information collected automatically when you visit our website (via server logs or analytics).
  • Communication data: emails and messages you send us directly.

3. How We Use Your Data

Data collected through our contact form is used exclusively to:

  • Respond to your enquiry.
  • Assess project fit and provide a proposal.
  • Maintain a record of our business correspondence.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

Where applicable under GDPR, we process your data on the basis of:

  • Legitimate interest — responding to business enquiries.
  • Contractual necessity — processing data required to deliver agreed services.
  • Consent — where you have explicitly agreed to receive communications.

5. Data Retention

Contact form submissions are retained for up to 24 months following the last interaction unless you request earlier deletion. Project-related communications may be retained for up to 5 years for legal and accounting purposes.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (“right to be forgotten”).
  • Object to or restrict processing.
  • Data portability where technically feasible.

To exercise any of these rights, email us at contact@corencraft.com. We will respond within 30 days.

7. Cookies

This website uses only essential cookies required for core functionality. We do not use tracking cookies or third-party advertising cookies. Analytics, if used, is configured with IP anonymisation and no cross-site tracking.

8. Third-Party Services

We may use the following third-party services which may process data on our behalf:

  • Vercel (hosting) — processes server logs including IP addresses.
  • Supabase (database) — stores contact form submissions securely.

All third-party processors are bound by data processing agreements and operate under GDPR-compliant terms.

9. Changes to This Policy

We may update this policy periodically. Material changes will be noted with an updated “Last updated” date at the top of this page. We encourage you to review this page if you have a continuing relationship with us.