Privacy Policy — Tideform

This policy explains, in plain English, what personal information Tideform collects about you, what we do with it, and the rights you have under UK and EU data protection law. We've tried to keep it short. Where the law makes that impossible, we've at least tried to keep it readable.

01Who we are

This website is operated by Wish Us LCUK LLP (trading as Tideform), a Limited Liability Partnership registered in England & Wales under partnership number OC460400, with its registered office in England & Wales.

Throughout this policy, "Tideform", "we", "us" and "our" refer to Wish Us LCUK LLP. "You" means anyone who visits this website, contacts us, or engages our services.

For the purposes of UK GDPR and the Data Protection Act 2018, Tideform is the data controller of personal data you provide through this website or in the course of working with us.

02What we collect

We only collect data we have a clear reason to use. In practice, that breaks down as follows:

When you submit the contact form

Your name
Your phone number
Your email address
The URL of your store
The pricing package you've expressed interest in
Any free-text notes you choose to include

When you visit the website

Standard server log data (IP address, browser user-agent, referring URL, timestamps) — kept temporarily for security and abuse prevention
Aggregated, anonymised analytics about which pages are visited and how — only if you accept analytics cookies (see our Cookie Policy)

When you become a client

Business contact details for everyone we work with on your team
Billing details (company name, address, VAT number) — financial account numbers are handled by our payment processor and never stored by us
Access tokens or read-only credentials for the advertising and analytics platforms we manage on your behalf — stored encrypted and revocable at any time

We do not collect special category data (health, ethnicity, political opinions, etc.) and have no need for it. If you send any to us by accident, we will delete it.

03Why we collect it

We use your personal data for the following limited purposes:

Responding to enquiries. If you fill in the contact form, we use your details to reply, schedule a call, and follow up.
Delivering the services you've engaged us for. If you become a client, we use the data we hold to run your campaigns, report on performance, and invoice you.
Operating the website. Server logs help us keep the site online and secure. Anonymised analytics tell us which pages are useful so we can improve them.
Meeting our legal obligations. UK accounting law requires us to keep transactional records for a minimum of six years.

We do not use your data to train AI models, build advertising profiles about you, or sell anything to anyone.

04Legal basis

Under UK GDPR, we need a lawful basis for every use of personal data. Ours are:

Activity	Lawful basis
Replying to enquiries from the contact form	Legitimate interest (responding to a request you initiated) and, where applicable, taking steps to enter into a contract
Delivering services to clients	Performance of a contract
Sending invoices & keeping financial records	Legal obligation (UK Companies Act, HMRC requirements)
Server logs & basic site security	Legitimate interest in operating a secure website
Optional analytics & functionality cookies	Your consent — given via the cookie banner, withdrawable at any time

05Who we share with

We share personal data only with carefully chosen suppliers ("processors") who help us run the business. Each is bound by a written data processing agreement and may only use your data on our instructions.

Supplier	What for
Email & productivity (Google Workspace)	Day-to-day correspondence and document storage
Hosting provider	Running this website and our infrastructure
Form delivery service	Delivering contact-form submissions to our inbox
Accountant	Statutory bookkeeping and tax filings
Payment processor (for client invoices)	Handling billing and card-on-file securely

We will never sell your data, share it for other companies' marketing, or hand it to a third party except where we are legally compelled to (for example, by a court order or HMRC notice).

06How long we keep it

Contact-form enquiries: up to 24 months from your last interaction with us, then deleted. If you ask us to delete it sooner, we will.
Client records: for the duration of the engagement, plus 6 years after termination, to satisfy UK statutory record-keeping requirements.
Server logs: 30 days, then automatically purged.
Cookie-based analytics: see our Cookie Policy for retention periods per cookie.

07International transfers

Some of the suppliers we use are based outside the United Kingdom or European Economic Area — most commonly the United States. Where personal data is transferred internationally, we rely on one of the safeguards approved by the UK Information Commissioner's Office:

The UK government's adequacy decisions (where the destination country provides an equivalent standard of protection)
The UK International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses with the UK Addendum
The UK Extension to the EU-US Data Privacy Framework, where the supplier is certified

We are happy to share copies of the relevant transfer mechanisms on request.

08Your rights

Under UK GDPR you have the following rights, free of charge, in relation to the personal data we hold about you:

Access — to ask for a copy of the personal data we hold
Rectification — to correct anything that's wrong
Erasure ("the right to be forgotten") — to ask us to delete it
Restriction — to ask us to pause processing while a question is resolved
Portability — to receive your data in a structured, machine-readable format
Objection — to object to processing based on legitimate interest
Withdraw consent — at any time, where we relied on it (e.g. analytics cookies)

To exercise any of these, email privacy@tideform.agency. We aim to respond within five working days and must respond, by law, within one month.

09How we keep it safe

We treat personal data the way we'd want a business to treat ours. In practical terms that means:

TLS encryption on every page of this website and on every internal system we use
Two-factor authentication mandatory on every team account that touches client data
Encrypted-at-rest storage for any access tokens, credentials or sensitive notes
Principle of least privilege — team members can only access the accounts and data they need for their work
Periodic review of our suppliers and their security posture

No system is perfectly secure. If a personal-data breach ever does affect you, we will notify you and the ICO without undue delay, in line with our legal obligations.

10Changes to this policy

We may update this policy from time to time — to reflect new features, new suppliers, or changes in the law. The "Last updated" date at the top of the page will always show when. If a change materially affects how we use your data, we will tell you directly (by email if we have one for you) and, where required, ask for fresh consent.

11Contact & complaints

For anything privacy-related, write to privacy@tideform.agency. For everything else, hello@tideform.agency.

If you're not satisfied with our response

You have the right to complain directly to the UK supervisory authority — the Information Commissioner's Office. Their helpline is 0303 123 1113 and their website is ico.org.uk. We'd appreciate the chance to put things right ourselves first, but the right is yours either way.

Wish Us LCUK LLP · Registered in England & Wales · OC460400