Stanmash

Legal

Privacy Policy

Effective date: 6 July 2026

This Privacy Policy explains how Stanmash Ltd (“Stanmash”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data when you visit stanmash.dev (the “Website”) or use any Stanmash product (each, a “Service”). It is written to satisfy our obligations under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

1. Data controller

The data controller for personal data processed through the Website and the Services is:

Stanmash Ltd
Stoney Works, 8 Stoney Lane
London SE1 9BD, United Kingdom
Email: hello@stanmash.dev

Stanmash Ltd is a private company limited by shares registered in England and Wales. Where a specific Service has additional privacy details, those will be linked from the Service's own product page.

2. What personal data we collect

2.1 Website visitors

When you visit the Website we do not use cookies for advertising, profiling, or cross-site tracking. The following data is processed automatically:

  • Server request logs collected by our hosting provider, Cloudflare, including your IP address, browser type, referring URL, requested URL, and timestamp. These are retained by Cloudflare in accordance with their own retention policy and are used to keep the Website secure and available.
  • Aggregated analytics collected by Cloudflare Web Analytics, which is a cookieless, privacy-oriented analytics product. It records aggregated visit counts, page paths, referrers, and coarse geography. It does not use cookies and does not fingerprint you.

2.2 People who contact us

If you email us at hello@stanmash.dev, we receive your email address, your name if included, and the content of your message. We use this only to respond to your enquiry and to keep a record of the conversation.

2.3 Users of a Service

If you register for a Service, we collect the data required to create and manage your account, which typically includes your email address, password (stored as a salted hash), and billing information processed by our payment provider. Individual Services may collect additional data specific to their function, described on the Service's product page.

3. How we use personal data

We use personal data for the following purposes:

  • to provide, maintain, and improve the Website and the Services;
  • to authenticate users, process subscriptions, and handle refunds;
  • to respond to enquiries and provide customer support;
  • to send transactional communications about your subscription, account, or a Service you use;
  • to detect, prevent, and address fraud, security incidents, and abuse;
  • to comply with our legal and regulatory obligations.

We do not sell personal data. We do not use personal data for automated decision-making that produces legal or similarly significant effects.

4. Legal bases

Under UK GDPR, we rely on the following legal bases for processing personal data:

  • Performance of a contract — where processing is necessary to provide a Service you have subscribed to.
  • Legitimate interests — where processing is necessary to keep the Website and the Services secure, to prevent fraud, and to communicate with you about your account. We only rely on this basis after balancing our interests against your rights and freedoms.
  • Legal obligation — where processing is necessary to comply with tax, accounting, or other legal duties.
  • Consent — where you have given us specific consent, for example to receive an optional launch announcement. You can withdraw consent at any time.

5. Cookies

The Website does not set any cookies. Individual Services may set strictly necessary cookies required to keep you signed in and to remember essential preferences; these are described on the relevant Service's own privacy notice. We do not use advertising, tracking, or analytics cookies anywhere.

6. Sharing personal data

We share personal data only with the processors that help us run the Website and the Services. Each processor is bound by a written data processing agreement and may only use the data on our instructions.

  • Cloudflare, Inc. — hosting, content delivery, DNS, TLS certificates, analytics, and email routing.
  • Payment processor — when a Service is paid, subscription billing is handled by our payment provider, whose name and privacy policy will be linked from the relevant Service's checkout page.

We may also disclose personal data if required by law, to enforce our Terms of Service, or to protect the rights, property, or safety of Stanmash, our users, or others.

7. International transfers

Some of our processors are based outside the United Kingdom. When we transfer personal data outside the UK, we rely on transfer mechanisms recognised by the UK GDPR, including the UK Addendum to the EU Standard Contractual Clauses and, where applicable, adequacy decisions made by the UK government.

8. Retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by law. As a general rule:

  • server logs and analytics data: up to 12 months;
  • email correspondence: up to 3 years after the last message;
  • subscription and billing records: up to 7 years, as required by UK tax law;
  • account data: until you delete your account, plus a short retention window for security and audit.

9. Your rights

Under the UK GDPR you have the following rights in relation to your personal data. To exercise any of them, email hello@stanmash.dev.

  • right of access to your personal data;
  • right to rectification of inaccurate data;
  • right to erasure (“right to be forgotten”), subject to lawful exceptions;
  • right to restrict processing in certain circumstances;
  • right to data portability;
  • right to object to processing based on legitimate interests;
  • right to withdraw consent where we rely on consent as our legal basis;
  • right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

10. Security

We use technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. These include TLS in transit, encryption at rest for account credentials, principle-of-least-privilege access controls, and regular review of our processors. No system is completely secure, so we cannot guarantee absolute security.

11. Children

The Services are not directed at children under 13. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make a material change, we will update the “Effective date” at the top of the page and, where you have an account, notify you by email.

13. Contact

Questions about this Privacy Policy or about how we handle your personal data:

Stanmash Ltd
Stoney Works, 8 Stoney Lane
London SE1 9BD, United Kingdom
Email: hello@stanmash.dev