Privacy Policy – StoryCraft Weddings
Last updated: 20 January 2026

StoryCraft Weddings (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit our website, contact us, enquire, or book our services.

1) Who we are (Data Controller)
Data Controller: StoryCraft Weddings
Address: 2 Thomlinson Avenue, Carlisle, CA2 7BF, United Kingdom
Email: josh@storycraftweddings.co.uk

2) Personal data we collect
We may collect and process the following categories of personal data:
a) Enquiries / leads
Name
Email address
Phone number
Wedding date and venue/location (if you provide it)
Any details you include in your message (e.g., preferences, timelines)
b) Bookings / clients
All enquiry data, plus:
Contract and booking details
Billing details where required for invoicing
Payment status and transaction references (we do not store full card details)
c) Website usage data (cookies/analytics)
IP address and approximate location (city/region level)
Device/browser information
Pages visited, time on site, traffic source/referrer
Cookie identifiers (depending on your cookie choices)

3) How we collect your data
We collect data when you:
Visit our website (via cookies and similar technologies)
Submit an enquiry/contact form
Email, call, or message us
Book our services and sign a contract
Make payments via our payment provider

4) Why we use your data
We use personal data to:
Respond to enquiries and provide quotes
Manage bookings and deliver services (contracts, scheduling, communications)
Take payments and manage invoicing/accounting
Provide customer support
Improve our website and services (analytics and performance monitoring)
Run advertising and measure performance (e.g., conversion tracking)
Send limited marketing messages (see Section 6)
Comply with legal obligations (e.g., tax/financial recordkeeping)
Protect our business and website (security and misuse monitoring)

5) Lawful bases for processing (UK GDPR Article 6)
We rely on the following lawful bases, depending on the context:
Contract: to perform a contract with you or take steps at your request before entering a contract (e.g., booking administration).
Legitimate interests: to run and improve our business, respond to leads, maintain records, measure advertising effectiveness, and keep our website secure, balanced against your rights.
Consent: for non-essential cookies and certain marketing communications where required (you can withdraw consent at any time).
Legal obligation: for compliance with legal/financial requirements.

6) Limited marketing communications
We may send occasional marketing emails about StoryCraft Weddings (for example, availability reminders or relevant updates).
We will only send marketing where we have a lawful basis to do so, such as:
Consent (for example, you opted in), and/or
Soft opt-in under UK rules (PECR) where you have enquired or booked and we market similar services, and you were given a clear opportunity to opt out at the time of data collection.
You can opt out at any time by following the unsubscribe instructions in the message (where included) or by emailing josh@storycraftweddings.co.uk. Opting out of marketing will not affect service emails (e.g., booking confirmations).
7) Cookies, Google Analytics, and Google Ads

a) Cookies
Our website uses cookies and similar technologies. Some are essential for the website to function. Others help us understand website usage and measure advertising performance.
Where required, we will ask for your consent before placing non-essential cookies.
b) Google Analytics
We use Google Analytics to understand how visitors use our website (e.g., which pages are visited, traffic sources, and site performance). This helps us improve the website and user experience.
c) Google Ads (no remarketing)
We use Google Ads to promote our services and to measure advertising performance (for example, whether an ad led to an enquiry). We do not use remarketing (i.e., we do not intentionally run ads to people based on prior visits to our website), but Google’s services may still use cookies/identifiers for measurement depending on your cookie choices and settings.
You can manage cookies via any cookie banner (where used) and through your browser settings.

8) Who we share your data with
We share personal data only where necessary and with trusted providers:
Google (Analytics and Ads measurement)
Stripe (payment processing). Stripe processes payment details; we receive confirmation of payment and transaction references. We do not store full card details.
We may also share data with professional advisers (such as accountants) where necessary, and with authorities where required by law.
We do not sell your personal data.

9) International data transfers
Some providers (including Google and Stripe) may process personal data outside the UK.
Where personal data is transferred internationally, appropriate safeguards are used, such as UK international transfer mechanisms and contractual protections (for example, the UK International Data Transfer Agreement and/or Standard Contractual Clauses), alongside provider security commitments.

10) How long we keep your data (retention)
We keep personal data only as long as necessary for the purposes set out in this policy.
Typical retention periods:
Leads/enquiries that do not become bookings: up to 24 months after last contact, unless you ask us to delete it sooner (subject to legal requirements).
Clients/bookings: typically 6 years after the end of the relevant financial year, to support UK tax/accounting and business recordkeeping.
Analytics/advertising data: retained according to our settings and provider defaults, subject to your cookie choices.

11) Your rights
You have rights under UK GDPR, including:
Access: request a copy of your personal data
Rectification: correct inaccurate or incomplete data
Erasure: request deletion in certain circumstances
Restriction: ask us to limit processing in certain circumstances
Objection: object to processing based on legitimate interests or direct marketing
Portability: request transfer of data you provided to us (where applicable)
Withdraw consent: where processing is based on consent
To exercise your rights, email josh@storycraftweddings.co.uk. We may need to verify your identity.

12) Complaints
If you have concerns, please contact us first and we will try to resolve them.
You also have the right to complain to the UK supervisory authority:
Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
(ICO contact details are available on the ICO website.)

13) Security
We implement appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. Access to personal data is limited to those who need it for legitimate business purposes.
No method of transmission or storage is 100% secure, but we work to maintain strong safeguards.

14) Children
Our services are not directed at children, and we do not knowingly collect personal data from children.

15) Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top will show when changes were made.