Privacy Policy
Last updated: 20 May 2026
1. Who we are
This policy is published by Gilbert Ventures Limited, a company registered in England and Wales, trading as Frontpage AI ("we", "us", "our"). We are the data controller for personal data collected through this website.
Contact for data protection queries: [email protected].
2. What this policy covers
This policy explains how we handle personal data collected through the Frontpage AI website, including data from visitors, prospective clients, and customers who start a subscription.
For the websites we build and host for our paying clients, we act as a data processor on their behalf. The terms of that processing are set out in our Website Services Agreement and our internal GDPR Compliance Statement, available to clients on request.
3. What data we collect
| When you... | We collect... | Why |
|---|---|---|
| Visit our website | Standard server logs (IP address, browser type, pages visited) via Cloudflare | Site security and basic uptime monitoring |
| Contact us by email | Your email address, name, and the content of your message | To reply to your enquiry |
| Start a subscription | Email address, name; payment details are collected by Stripe, not by us | To set up your account, provide the service, and send service-related emails |
4. Lawful bases
We process your data under one or more of the following lawful bases set out in UK GDPR Article 6:
- Contract, to deliver the services you have paid for
- Legitimate interests, for site security, fraud prevention, and replying to enquiries
- Legal obligation, to keep tax and accounting records
5. Sub-processors and third parties
We use a small number of trusted third-party services to deliver our work. Current sub-processors include:
- Cloudflare, Inc., website hosting and DDoS protection (privacy policy)
- Stripe Payments UK, Ltd., payment processing for subscriptions (privacy policy)
- Resend, Inc., transactional email delivery (privacy policy)
We maintain written agreements with all sub-processors that include appropriate data protection commitments.
6. International transfers
Some of our sub-processors (Stripe, Cloudflare, Resend) are based in the United States or process data internationally. Where any processing involves transfer of personal data outside the UK, we rely on appropriate safeguards recognised under UK GDPR, such as the UK International Data Transfer Agreement or Standard Contractual Clauses, to ensure ongoing protection.
7. How long we keep your data
- Enquiries received by email: 24 months after the last contact
- Customer records (subscription, invoices, correspondence): retained for 7 years from the end of our relationship, in line with UK tax and legal requirements
- Server logs: 30 days
8. Cookies
This website does not set marketing or analytics cookies. Essential cookies may be set by Cloudflare for security purposes. If we add analytics or tracking in the future, we will update this policy and request consent where required.
9. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Have inaccurate data corrected
- Request deletion of your data (subject to legal retention requirements)
- Restrict or object to certain processing
- Receive a copy of your data in a portable format
- Withdraw consent at any time, where consent is the lawful basis
To exercise any of these rights, email [email protected]. We will respond within one month.
10. Complaints
If you are unhappy with how we have handled your data, please tell us first so we can put it right. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
11. Data breaches
We will notify you and (where the threshold is met) the ICO without undue delay if we become aware of a personal data breach affecting your data.
12. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top will reflect any changes. For material changes, we will notify subscribers by email.