Last
updated: 28-05-2026 (version 2.0)
We are SpeedyPage Ltd, a company registered in England and Wales under
company number 13269524. Our registered address is Newstead House,
Pelham Road, Nottingham, NG5 1AP, United Kingdom. We are registered with
the Information Commissioner's Office under registration number
ZB117039.
For personal data about you as our customer or as a visitor to our website
(such as your account, billing details, support history, and visits to
speedypage.com), we are the data controller and this Privacy Policy
applies.
For personal data you upload through our hosting services about other
people (your website visitors, customers, subscribers, or employees), we
are a processor acting on your instructions. That processing is covered by
our Data Processing Addendum at https://speedypage.com/dpa, not by this
Privacy Policy.
Our Data Protection Officer is Hardeep Singh. You can reach Hardeep:
By email: hello@speedypage.com
By post: SpeedyPage Ltd (FAO Data Protection Officer), Newstead House,
Pelham Road, Nottingham, NG5 1AP, United Kingdom
By phone: 0330 229 2199
This policy tells you what personal data we collect, why we use it, who
we share it with, how long we keep it, and what rights you have under UK
data protection law (the UK GDPR and the Data Protection Act 2018). It
applies to:
(a) visitors to our website at speedypage.com;
(b) people who contact us by email, phone, or the
client area;
(c) our customers, including account contacts and
billing contacts; and
(d) job applicants who apply to work at SpeedyPage.
If you are a customer using our services to process other people's
personal data, our role for that data is covered by our Data Processing
Addendum.
3.1 Data you give us. When you sign up for or use our services, you give
us:
(a) account details (name, email, password, contact
phone number);
(b) billing details (billing address, VAT number for
businesses, invoice contacts);
(c) payment information (card details, handled by our
payment processor and not stored by us, or bank details for direct
debit);
(d) support history (questions you ask us, attachments
you send, and our responses);
(e) order details (the products and add-ons you order
and any configuration choices you make); and
(f) domain information (the WHOIS contact details for
any domain you register or transfer through us).
3.2 Data we collect automatically. When you use our website or services we
collect:
(a) network data (IP address, approximate location
derived from IP, browser type and version, operating system, language
preference, referring URL);
(b) usage data (pages visited, time spent, links
clicked, errors encountered, and timestamps); and
(c) account activity (logins, configuration changes,
and other actions in the client area).
3.3 Data from third parties. We may receive data about you from:
(a) our payment providers, for verification, fraud
screening, and chargeback notifications;
(b) domain registries, where you transfer a domain to
us and the registry shares your existing WHOIS data;
(c) our reseller customers, where a reseller sets up an
account on your behalf; and
(d) public sources such as Companies House, where we
verify business customers.
If you give us personal data about other people (for example, a contact
name on a business account), you confirm you have the right to do so and
that you have told them how we will use their data.
3.4 What we do not do. We do not buy personal data from data brokers, and
we do not enrich our customer records from third-party marketing
databases.
We use personal data only for the purposes set out below. Our lawful basis under UK GDPR Article 6 is shown for each purpose.
| Purpose | Lawful basis |
|---|---|
| Setting up your account and providing the services you order | Performance of a contract (Article 6(1)(b)) |
| Taking and reconciling payment | Performance of a contract (Article 6(1)(b)) |
| Responding to support requests | Performance of a contract (Article 6(1)(b)) |
| Sending service emails (billing notices, security alerts, downtime, contract changes) | Performance of a contract (Article 6(1)(b)) and our legal obligation to notify you of certain changes (Article 6(1)(c)) |
| Operating and securing our website and services (DDoS protection, abuse detection, traffic logging) | Our legitimate interests in keeping the service running and protecting it from attack (Article 6(1)(f)) |
| Detecting and preventing fraud, including chargeback fraud and account takeover | Our legitimate interests in protecting our business (Article 6(1)(f)) and our legal obligations (Article 6(1)(c)) |
| Keeping accounting and tax records | Our legal obligation under UK tax and company law (Article 6(1)(c)) |
| Improving our website and services through analytics | Your consent through our cookie banner (Article 6(1)(a)). You can withdraw consent at any time through the cookie preferences link in our website footer. |
| Sending marketing communications | Your consent (Article 6(1)(a)) for prospective customers, or our legitimate interest in marketing similar products to existing customers under PECR Regulation 22(3), with an unsubscribe option in every message |
| Recruitment, where you apply for a job with us | Steps before entering a contract (Article 6(1)(b)) and our legitimate interests in finding suitable staff (Article 6(1)(f)) |
| Complying with law enforcement requests, regulatory requests, and court orders | Our legal obligation (Article 6(1)(c)) |
| Defending or bringing legal claims, including handling disputes | Our legitimate interest in protecting our legal rights (Article 6(1)(f)) |
We do not carry out automated decision-making, or profiling that
produces legal effects or significantly affects you, on the basis of your
personal data.
Where we rely on legitimate interests, you can object at any time by
emailing hello@speedypage.com. We will stop the processing unless we can
show compelling legitimate grounds that override your interests, or unless
the processing is needed to establish, exercise, or defend legal claims.
We share personal data with the following recipients.
Payment processors. Stripe and PayPal handle card and PayPal
payments. Coinify (Coinify ApS, based in Denmark) handles cryptocurrency
payments. We do not store full card numbers or wallet credentials
ourselves.
Email and document tools. Google Workspace (Google Ireland Limited
and Google LLC) hosts our support inbox and internal documents. Any
personal data in support emails you send us is processed by Google as
part of this service.
Website infrastructure. Cloudflare, Inc. sits in front of
speedypage.com and my.speedypage.com for DDoS protection, web application
firewall services, DNS resolution, and content delivery. Cloudflare
processes the IP addresses, browser identifiers, and request data of
visitors to our sites. Cloudflare's privacy policy is at
https://www.cloudflare.com/privacypolicy/.
Analytics. Google Analytics 4, provided by Google Ireland Limited
and Google LLC, helps us understand how people use our website. We only
load Google Analytics if you have given consent through our cookie
banner. See our Cookie Policy at https://speedypage.com/cookie-policy for
details. Google's privacy policy is at
https://policies.google.com/privacy.
Domain registries and ICANN. When you register or transfer a
domain, we share the WHOIS contact details you give us with the relevant
registry (such as Nominet for .uk domains) and, where the rules require,
with ICANN. Some of this information may be published in WHOIS or RDAP
databases. Ask us about WHOIS privacy options if you want to know what is
available for your domain type.
Sub-processors for our hosting services. When we host your
services, we use sub-processors such as Vultr, Bunny.net and Google
Workspace. They process data your services contain, rather than data
about you as our customer, and are listed in Appendix C of our Data
Processing Addendum at https://speedypage.com/dpa.
Our professional advisers. Our accountants, auditors, and lawyers,
where they need access to do their job and under a duty of
confidence.
Buyers and successors of our business. If we sell or restructure
our business (in whole or in part, including in insolvency), we may share
data with the buyer or successor. We will tell you at least 30 days in
advance, except in an urgent insolvency situation. See clause 17.1 of our
Terms of Service for what this means for your contract.
Authorities and courts. Where the law requires it, or where we
need to enforce or defend our legal rights.
We do not sell personal data, and we do not share personal data with
advertising networks for advertising purposes.
Most of our processing happens in the United Kingdom and the European
Economic Area. Some of our service providers (notably Cloudflare and
Google) may transfer data to the United States or other countries.
Where we transfer personal data outside the UK or the EEA, we use one of
these mechanisms:
(a) the UK International Data Transfer Addendum to the
EU Standard Contractual Clauses (the "UK IDTA"), for transfers from the
UK;
(b) the EU Standard Contractual Clauses (June 2021
version), for transfers from the EEA;
(c) the EU-U.S. Data Privacy Framework, for transfers
to certified recipients in the United States; or
(d) an adequacy decision made by the UK government or
the European Commission.
If you want a copy of the safeguards we have in place for a particular
transfer, email hello@speedypage.com.
We keep personal data only for as long as we need it for the purposes set out above. In practice:
| Data | Retention |
|---|---|
| Active customer account data | For as long as your account is open, plus 6 years after closure for tax and contract records |
| Billing and tax records | 6 years after the end of the relevant tax year |
| Support tickets | 3 years from the last activity on the ticket |
| Server access and security logs | 90 days, longer where needed for an active investigation |
| Website analytics (where you consent) | 14 months from collection |
| Marketing contact list | Until you unsubscribe, or 3 years of no engagement, whichever is sooner |
| Job applications (unsuccessful) | 6 months after the role closes, unless you ask us to keep your details on file |
| Backups containing the above | Within our normal backup retention cycle, typically up to 30 days after the live data is deleted |
After these periods we delete or anonymise the data, except where the law requires us to keep it for longer.
We take appropriate technical and organisational measures to protect
personal data, including:
(a) TLS encryption for data in transit between you and
our services;
(b) salted one-way hashing of customer passwords;
(c) role-based access control to production systems,
with multi-factor authentication for staff who can reach production;
(d) regular review of access permissions;
(e) monitoring, logging, and intrusion detection on
production systems; and
(f) a documented incident response process.
A fuller description of the security measures that apply to data we
process on customers' behalf is in Appendix B of our Data Processing
Addendum.
Under UK GDPR you have the right to:
(a) ask for a copy of the personal data we hold about
you (right of access);
(b) ask us to correct inaccurate or incomplete data
(right to rectification);
(c) ask us to delete your data, where we no longer have
a lawful reason to keep it (right to erasure);
(d) ask us to limit how we use your data while we look
at an objection or correction (right to restriction);
(e) ask us to transfer your data to another provider in
a structured, commonly-used, machine-readable format, where you gave it
to us based on consent or a contract and we hold it electronically (right
to data portability);
(f) object to processing based on legitimate interests,
and to direct marketing at any time (right to object);
(g) withdraw any consent you have given (for example,
for cookies or marketing), without affecting earlier processing; and
(h) complain to the Information Commissioner's Office
(see below).
To exercise any of these rights, email hello@speedypage.com or write to
us at the address above. We will respond within one month. For more
complex requests we may extend this by up to two further months, and we
will tell you if we need to.
We may need to verify your identity before responding. We will not
charge a fee unless your request is clearly unfounded or excessive, in
which case we will tell you and explain why.
We use cookies and similar technologies on our website. For details of
which cookies we use, what they do, and how to control them, see our
Cookie Policy at https://speedypage.com/cookie-policy.
We only set non-essential cookies (including analytics) where you have
given consent through our cookie banner. You can change or withdraw your
consent at any time through the cookie preferences link in our website
footer.
Our services are not intended for children under 18, and we do not knowingly collect personal data from children. If you believe a child has given us personal data, please contact us so we can delete it.
There is no agreed industry standard for "Do Not Track" browser signals. We do not currently respond to them. The cookie banner on our website is the way to control non-essential cookies.
We may change this policy from time to time. If we make a material change, we will tell you at least 30 days before the change takes effect, by email and through your client area. The current version is always at https://speedypage.com/privacy-policy. Minor or administrative changes (such as typos, link fixes, or updated contact details) may be made without notice.
If you have a complaint about how we handle your personal data, please
contact our Data Protection Officer first so we can try to resolve
it.
If you are not satisfied with our response, you can complain to the
Information Commissioner's Office:
Website: https://ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF
Our ICO registration number is ZB117039.
+44 330 229 2199
hello@speedypage.com
About
Client Area
Support