PCP Peak Clarity Point
Loading the website…
Skip to content

Privacy Policy

Last updated: 30 March 2026

1. Who We Are

Peak Clarity Point is a digital design and development studio based in Edinburgh, Scotland, United Kingdom. We build websites, web applications, and digital products for businesses of all sizes.

For the purposes of UK data protection law, Peak Clarity Point is the data controller responsible for your personal data.

  • Email: studio@peakclaritypoint.com
  • Website: studio.peakclaritypoint.com
  • Location: Edinburgh, Scotland, UK

2. What Data We Collect

We collect personal data that you voluntarily provide to us. This includes:

  • Contact form submissions: your name, email address, phone number, service interest, and message content.
  • Account data: if you sign in to the client portal via Google OAuth or LinkedIn OAuth, we receive your name, email address, and profile picture as provided by the OAuth provider.
  • Usage data: we may collect anonymised usage information such as pages visited, browser type, and referring URL to improve our website.

3. Legal Basis for Processing

We process your personal data under the following lawful bases as defined by the UK General Data Protection Regulation (UK GDPR):

  • Consent: when you submit a contact form or accept cookies.
  • Contractual necessity: when processing is necessary to perform a contract with you (e.g. delivering a project).
  • Legitimate interests: to improve our services, maintain security, and communicate with prospective clients.

4. How Your Data Is Stored

Your personal data is stored securely using Supabase, a cloud database platform hosted within the European Union. All data is encrypted in transit (TLS) and at rest. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or destruction.

5. Third-Party Services

We use the following third-party services that may process your data:

  • Google OAuth: used for client portal sign-in. Google receives authentication data in accordance with their Privacy Policy.
  • LinkedIn OAuth: used for client portal sign-in. LinkedIn processes data per their Privacy Policy.
  • Google Maps: embedded on our website to display our location. Google may set cookies and collect data when the map loads. See Google's Cookie Policy.
  • Supabase: our database and authentication provider, hosted in the EU.

6. Cookies

Our website uses the following types of cookies:

  • Essential cookies: session cookies required for authentication and security. These are strictly necessary and do not require consent.
  • Third-party cookies: Google Maps may set cookies when the embedded map loads. These are classified as non-essential and require your consent.
  • Preference cookies: we store your cookie consent choice in your browser's local storage.

You can manage your cookie preferences at any time using the cookie settings in our website footer, or by adjusting your browser settings.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact form submissions: retained for up to 24 months after your last interaction, unless a contractual relationship is established.
  • Client account data: retained for the duration of the business relationship and for up to 6 years afterwards for legal and accounting purposes.
  • Cookie consent records: retained in your browser's local storage until you clear it or withdraw consent.

8. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete data.
  • Right to erasure: you can request that we delete your personal data where there is no compelling reason for continued processing.
  • Right to restrict processing: you can ask us to limit how we use your data.
  • Right to data portability: you can request your data in a structured, commonly used, machine-readable format.
  • Right to object: you can object to processing based on legitimate interests.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at studio@peakclaritypoint.com. We will respond within 30 days.

9. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: