Frontage← Home

Your data, in plain English

Privacy notice

Last updated: 12 May 2026. The short version: we collect only what we need to build and host your website. We don't sell your data. We don't use tracking pixels or ads. The longer version is below.

Who we are

Frontage Apps is a trading name of Fortis Solutions Ltd, a company registered in England & Wales. We are the data controller for the information we hold about you.

Email help@frontageapps.co.uk for anything in this notice.

What we collect from you

  • Account details: your name, email, phone number.
  • Business details: your business name, address, opening hours, services, areas covered, accreditations, and anything else you tell us in the form.
  • Photos: any images you upload for use on your site. iPhone HEIC photos are converted to JPEG on our server before storage.
  • Payment: when you pay, Stripe handles the card securely. We never see your card number. We receive a customer reference from Stripe so we can charge the same card for your monthly hosting.
  • Email correspondence: if you email us, we keep the thread so we can help you and so we have a record of what was agreed.

Why we collect it (the legal bases)

  • To deliver what you paid for (performance of contract) — building, hosting, and supporting your website.
  • To comply with the law — keeping tax and accounting records for the required period.
  • Legitimate business interests — replying to your emails, sending transactional updates about your website (preview ready, site live, etc.).

We do not use your data for marketing emails, third-party ads, or selling on to anyone.

Who we share it with (sub-processors)

To run the service we use a small set of suppliers. Each one is named so you can read their privacy notices yourself.

  • Stripe (Ireland / US) — takes your card payment, charges your monthly subscription, issues receipts.
  • Supabase (UK region) — our database. Stores your account, brief answers, site content. Hosted in London.
  • DigitalOcean (UK region) — the server your website runs on. London data centre.
  • Resend (US) — sends our emails to you.
  • FireText (UK) — sends text-message updates (only if you opted in).
  • Cloudflare (US / global) — DNS and traffic filtering for your live website.
  • Anthropic (US) — our AI tools help us draft your first design from your brief answers. Your text answers are sent to Anthropic for that purpose; nothing is used to train their AI (under their commercial terms).
  • Namecheap (US) — only used if you ask us to register a domain for you. WHOIS may be public for some domain types — we'll explain at purchase.
  • Unsplash (US) — provides photos when you don't upload your own. We send no personal data to Unsplash; we just fetch their images.

We do not transfer your data anywhere outside these sub-processors. Where suppliers are outside the UK, transfers rely on the Standard Contractual Clauses + UK Addendum (the ICO-approved mechanism).

How long we keep it

  • Active customer data: while your subscription is active, plus 90 days after cancellation (so you can change your mind and come back without re-doing the form).
  • Financial records (invoices, payment records): 6 years from the end of the tax year, as required by UK law.
  • Email correspondence: up to 3 years from last contact, then deleted.
  • Uploaded photos: deleted with the rest of your account data, 90 days after cancellation.

Your rights

Under UK GDPR you can ask us to:

  • Tell you what data we hold about you.
  • Correct anything that's wrong.
  • Delete your data (subject to legal retention for tax records).
  • Give you a copy in a portable format.
  • Object to or restrict how we use your data.

Email help@frontageapps.co.uk from the address you signed up with. We respond within one calendar month.

If you're not happy with how we've handled your data, you can complain to the Information Commissioner's Office at ico.org.uk. We'd rather you came to us first and gave us a chance to put it right.

Cookies and tracking

We use the minimum needed for the site to function.

  • No tracking pixels. No Google Analytics, no Meta Pixel, no advertising cookies on frontageapps.co.uk.
  • Session cookies only — for keeping you signed in to the admin area (irrelevant to most customers).
  • Stripe may set its own cookies on the checkout iframe — that's their service for fraud detection.
  • Server access logs (IP address, page, timestamp) are kept for 7 days for security only.

People who visit your live website

When a visitor lands on your customer-facing site, Cloudflare and our server keep basic access logs (IP, page, timestamp) for 7 days for security purposes. If a visitor uses your contact form, their enquiry is forwarded straight to you and not retained on our side beyond what's needed to deliver the email.

You are the data controller for your own customers' enquiries. We're only the messenger.

Changes to this notice

If we change anything material, we'll email everyone with an active subscription at least 30 days before the change takes effect.

Frontage Apps is a product of Fortis Solutions Ltd, registered in England & Wales. For any privacy question, email help@frontageapps.co.uk.

← Back to home