Home Portfolio Styles SEO E-Commerce AI Marketing Blog Contact 07507 362236
Legal

Privacy Policy

Last updated: 3 April 2026

This privacy policy explains how Proper Banging Web Design ("we", "us", "our") collects, uses, and protects information when you use our website or services. We are based at 18 Bethesda Rise, Rogerstone, Newport, NP10 9SY, Wales, United Kingdom.

1. Who We Are

Proper Banging Web Design is a web design and digital marketing agency based in Newport, South Wales. We build custom websites, provide SEO services, and offer AI-powered social media marketing for businesses across South Wales and the UK.

For questions about this policy, contact us at chris@properbangingwebdesign.co.uk or call 07507 362236.

2. What Data We Collect

Website enquiries

When you submit a contact form on our website, we collect your name, email address, phone number (optional), and the details of your enquiry. We use this to respond to you and manage our client relationships.

AI Marketing Service

If you subscribe to our AI Marketing service, we collect and process the following:

  • Your name, email address, and business name (provided at signup)
  • Payment information — processed securely by Stripe. We never store your card details.
  • Your brand kit: business colours, industry, tone of voice, tagline, and call-to-action text
  • Facebook page access tokens and Instagram account identifiers — obtained with your explicit consent through Facebook Login. These allow us to post content to your social media pages on your behalf.

Cookies and analytics

We use Google Analytics 4 (GA4) to understand how visitors use our website. GA4 collects anonymised data including pages visited, time on site, and general location (country/region). This data does not identify you personally. GA4 is loaded with a 3-second delay and only after the page has loaded.

3. How We Use Your Data

  • To respond to your enquiry or deliver the service you have paid for
  • To generate AI-created social media images and post them to your Facebook and Instagram pages
  • To process subscription payments via Stripe
  • To send you service-related communications (not marketing)
  • To improve our website and services using anonymised analytics data

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described below.

4. Third Parties We Use

  • Stripe — payment processing. Your card details go directly to Stripe and are never stored by us. Stripe Privacy Policy
  • Google Firebase — website hosting and database. Our client data is stored in Firestore (Google Cloud, europe-west2 region). Firebase Privacy Policy
  • Google Analytics 4 — anonymised website analytics. Google Privacy Policy
  • Meta (Facebook/Instagram) — for the AI Marketing service, we use the Meta Graph API to publish content to your Facebook page and Instagram account using access tokens you provide. We store these tokens securely in our database to enable automated posting. Meta Privacy Policy
  • Google Gemini — AI image generation for the AI Marketing service. Image prompts are sent to Google's Gemini API. No personal data is included in image generation prompts. Google Privacy Policy
  • Resend — transactional email delivery (enquiry confirmations). Resend Privacy Policy

5. Facebook and Instagram Data

When you connect your Facebook page through our AI Marketing service, we request the following permissions:

  • pages_manage_posts — to publish AI-generated images to your Facebook page
  • instagram_content_publish — to publish content to your connected Instagram business account
  • pages_read_engagement — to verify page connection
  • pages_show_list — to let you choose which page to connect

We store your Facebook page access token securely in Google Firestore. This token is used solely to post AI-generated content to your page on the schedule you have subscribed to. We do not read your messages, analyse your followers, or use your page data for any other purpose.

You can revoke our access at any time via your Facebook settings (Settings & Privacy → Settings → Apps and Websites). You can also cancel your subscription and request data deletion by contacting us.

6. Data Retention

  • Enquiry data is retained for 3 years or until you request deletion
  • AI Marketing client data (including brand kit and social tokens) is retained while your subscription is active and for 90 days after cancellation
  • Payment records are retained as required by HMRC (6 years)
  • Analytics data is retained for 14 months (Google Analytics default)

7. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (right to erasure)
  • Object to processing of your data
  • Request restriction of processing
  • Data portability

To exercise any of these rights, email chris@properbangingwebdesign.co.uk. We will respond within 30 days.

8. Security

We take reasonable technical measures to protect your data. Our database runs on Google Cloud (Firestore) with access controls and security rules. Payment processing is handled entirely by Stripe. We do not transmit sensitive data over unencrypted connections.

9. Changes to This Policy

We may update this policy from time to time. The date at the top of this page shows when it was last updated. Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this privacy policy or how we handle your data:

If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.