Privacy Policy
Last updated: 17 April 2026
Who we are
StephBuilds is a sole trader business operated by Stephen Coox, contactable at stephen.coox@stephbuilds.com. We are the data controller for personal data processed through stephbuilds.com and outreach sent from the stephbuilds.com domain.
Data we collect
- Business contact details obtained from public sources (Google Business Profile, Companies House, business websites): business name, address, phone, public email, trading hours, category.
- Form submissions you send us: name, business email, phone (if provided), free-text responses.
- Basic website analytics: page views, referrer, anonymised IP, rough geography.
Why we process it
For B2B outreach to corporate bodies we rely on legitimate interestunder Article 6(1)(f) UK GDPR. We have carried out a Legitimate Interest Assessment which is available on request. The data we use is limited to publicly published business contact details, the offer is relevant to the recipient's business, and we provide an easy way to opt out.
For enquiries, contracts and paid customers we rely on contract under Article 6(1)(b).
How long we keep it
- Unengaged leads: up to 12 months from last contact, then deleted or anonymised.
- Opt-outs: kept indefinitely on a suppression list so we do not recontact you.
- Paying customers: kept for 6 years for tax and accounting obligations, as required by HMRC.
Your rights
Under UK GDPR you can request access, correction, deletion, or a copy of the data we hold on you. You can object to processing and withdraw consent at any time. Email stephen.coox@stephbuilds.com and we will respond within 30 days.
You can also complain to the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.
Opting out
Every email we send has an unsubscribe link. Clicking it adds you to a permanent suppression list. You can also reply “remove me” and we will do the same within 7 days.
Third parties
We use the following data processors: Zoho (email hosting), Vercel (web hosting), Supabase (database), Stripe (payments), Google Workspace (productivity). Each has their own privacy policy and UK/EU adequacy safeguards in place.