Privacy Policy

Introduction

This privacy policy explains how stevenlawton.com ("we", "us", "our") collects, uses, and protects your personal information. We are based in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).

Data controller: Steven Lawton, contact@stevenlawton.com

Data We Collect

Shield quote requests

When you submit a shield quote request, we collect:

  • Your name and email address (required)
  • Your Telegram username (optional)
  • Your product selections and calculated price

Legal basis: Contract (processing your quote request). Your explicit consent is obtained via the form checkbox.

Retention: Quote data is retained indefinitely to fulfil orders and handle follow-up queries. You may request deletion at any time.

HEMA technique suggestions

When you submit a suggestion on a HEMA technique page, we collect:

  • Your name (optional)
  • Your suggestion text
  • A one-way hash of your IP address (for spam prevention)
  • Your browser user agent string

Legal basis: Legitimate interest (community contribution and spam prevention).

Retention: Suggestions are retained indefinitely as part of the community knowledge base. You may request deletion at any time.

Contact form

When you submit the contact form, we collect:

  • Your name and email address (required)
  • Your message

This data is sent to the Telegram messaging platform for notification purposes and is not stored in a database.

The contact form uses Google reCAPTCHA v3 for spam prevention. reCAPTCHA collects technical data including your IP address, browser information, and interaction patterns. This data is processed by Google under their privacy policy.

Legal basis: Consent (obtained via the form checkbox). Legitimate interest for reCAPTCHA (spam prevention).

Links landing page analytics

When you visit the /ll links page, we collect:

  • Whether you visited or clicked a link (and which link)
  • Your referring URL
  • Your screen resolution and browser language
  • Your device type (derived from your browser user agent)

This data is used for real-time visitor notifications and is not stored in a database. It is sent to the Telegram messaging platform for notification purposes only.

Legal basis: Legitimate interest (understanding how visitors interact with the links page).

Website analytics

With your consent, we use Google Analytics (GA4, property ID GT-MQXCQPTF) to understand how visitors use the site. Google Analytics collects:

  • Pages visited and time spent
  • Device and browser information
  • Approximate geographic location
  • Referral source

Google Analytics is only loaded after you provide cookie consent. See our Cookie Policy for details.

Legal basis: Consent.

Technical data

Our web server and application automatically collect:

  • IP address and browser user agent (stored in encrypted session data for up to 120 minutes)
  • CSRF tokens (for form security)

Legal basis: Legitimate interest (security and website functionality).

Third-Party Services

We share data with the following third parties:

| Service | Data shared | Purpose | |---------|------------|---------| | Google Analytics | Page views, device info, interactions | Website analytics (consent required) | | Telegram | Quote details, visitor events | Real-time notifications to site owner | | Google reCAPTCHA | IP address, browser info, interaction data | Spam prevention on contact form | | Google Fonts | Your IP address (loaded by your browser) | Font delivery | | jsDelivr CDN | Your IP address (loaded by your browser) | JavaScript library delivery (Alpine.js) | | unpkg CDN | Your IP address (loaded by your browser) | JavaScript library delivery (HTMX) |

We will never sell your personal data.

Data Security

Personal data is stored in an encrypted SQLite database. Sessions are encrypted. IP addresses collected for spam prevention are stored as irreversible hashes. All data is transmitted over HTTPS.

Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Object to processing based on legitimate interest
  • Data portability - receive your data in a structured format
  • Withdraw consent at any time (this does not affect the lawfulness of prior processing)

To exercise any of these rights, email contact@stevenlawton.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Cookies

We use essential cookies for site functionality and optional analytics cookies. See our Cookie Policy for full details.

Changes to This Policy

We may update this policy from time to time. The "last updated" date at the bottom of this page will reflect the most recent revision.

Contact

For privacy-related queries: contact@stevenlawton.com

Last updated: 27 February 2026