Cosmic Websites

Privacy Policy

Last Updated: 18/04/2026

At Cosmic Websites, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit our website or engage our web design and marketing services.

1. Who We Are

Cosmic Websites is a web design and marketing agency. For the purposes of the UK General Data Protection Regulation (UK GDPR), the Data Controller is:

  • Name: Madelane Thompson (trading as Cosmic Websites)
  • Address: 27 Windsor Road, Doncaster, DN2 5BS, United Kingdom
  • Contact: mad4seo@gmail.com

2. Information We Collect

We may collect and process the following data about you:

  • Identity and Contact Data: Includes your name, business name, billing address, email address, and telephone numbers when you inquire about our services or become a client.
  • Financial Data: Includes payment details and billing information. (Note: We use secure third-party payment processors and do not store full credit card details on our servers).
  • Project Data: Information, files, and login credentials you provide to us necessary for building your website and executing marketing plans.
  • Technical Data: Includes your IP address, browser type and version, time zone setting, and operating system when you browse our website.

3. How We Use Your Data

We only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To Fulfil a Contract: To provide you with a quote, process your payments, and deliver the web design and marketing services you have requested.
  • For Legitimate Interests: To run our business, keep our records updated, and showcase completed projects in our portfolio (subject to the Terms and Conditions agreed upon).
  • AI Processing: As part of our service delivery, we use Artificial Intelligence (AI) tools to assist in drafting copy, generating code, and creating marketing plans. Any personal data processed through these tools is done strictly for the purpose of completing your project. All AI-assisted work is manually reviewed by our team. We do not use AI for “solely automated decision-making” or profiling that produces legal or similarly significant effects on you.
  • To Comply with Legal Obligations: To fulfil our accounting, tax, and legal requirements.

4. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your data with trusted third parties strictly for business operations, including:

  • IT and system administration providers.
  • Professional advisers (e.g., accountants, lawyers).
  • Third-party platforms required for your project (e.g., hosting providers or domain registrars, where we are assisting you with setup).
  • Third-party Artificial Intelligence service providers (such as OpenAI or similar platforms) used to assist with copywriting, design, or coding. We strive to configure our AI tools so that your personal data is not used by these providers to train their public models.

5. International Data Transfers

Some of the third-party platforms, hosting providers, and AI tools we use are based outside of the United Kingdom (for example, in the United States). Whenever we transfer your personal data outside the UK, we ensure a similar degree of protection is afforded to it by ensuring appropriate safeguards are in place. This includes using providers who participate in the UK Extension to the EU-US Data Privacy Framework or by implementing standard contractual clauses approved for use in the UK.

6. Data Security and Retention

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

7. Your Legal Rights

Under the UK GDPR, you have rights regarding your personal data, including the right to:

  • Request access to your personal data.
  • Request correction of incomplete or inaccurate data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data to you or a third party.

If you wish to exercise any of these rights, please contact us in writing at the address or email provided in Section 1. You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.

8. Cookies

Our website may use cookies and similar tracking technologies to distinguish you from other users, provide a better experience, and analyse our website traffic. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.

Ready when you are

Let’s get
off the ground.

Drop a brief and I’ll come back within 1 working day. We’ll talk goals, scope, and launch dates — no pitch deck, no pressure.

Get in touch → maddy@cosmicwebsites.co.uk