Legal
How we collect and use personal data across Reddy Apps LTD products and services.
Last updated: 30 June 2026
This Privacy Policy explains how Reddy Apps LTD ("we", "us", "our") collects and uses personal data in connection with our products and services, including the SmashingSite service. We are the data controller.
Reddy Apps LTD, registered in England and Wales, company number 16558403, registered office Unit 82a James Carter Road, Bury St. Edmunds, IP28 7DE.
We are registered with the Information Commissioner's Office (ICO), registration reference ZC172857. You can verify this on the ICO's public register at ico.org.uk.
Contact for privacy matters: info@reddyapps.co.uk.
We use trusted providers who process data on our behalf:
These providers act under contract and only process data as instructed. We do not sell your personal data.
Some of our providers (for example Resend and Cloudflare) are based in or transfer data to the United States. Where personal data is processed outside the UK, appropriate safeguards (such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses) are in place.
Where we build a sample website for a business we have not yet worked with, we use information that is publicly available about that business, and we may contact the business (for example by email or phone) to show them the sample. We rely on legitimate interests for this business-to-business outreach. A business can ask us at any time to stop contacting them and to delete its data (see section 10).
Our private demo sites use a single functional cookie to remember that a visitor has entered the correct access code, so they do not have to re-enter it. It is not used for tracking or advertising.
We keep personal data only as long as necessary for the purposes above and to meet legal and accounting obligations. Customer and purchase records are retained for the duration of the subscription and then for 6 years to meet HMRC accounting requirements, after which they are deleted.
Where we hold data about a business we have approached but who has not become a customer, we keep it only for as long as we are actively pursuing that opportunity, and in any event we delete it within 12 months of our last contact, unless the business becomes a customer or asks us to delete it sooner.
We use appropriate technical and organisational measures to keep personal data secure, including encryption in transit, access controls, and the use of reputable providers who maintain their own security standards.
Under UK data protection law you have the right to access, correct, delete, restrict or object to the processing of your personal data, and to data portability. To exercise any of these, email info@reddyapps.co.uk.
We will respond to any such request within one month, and we do not charge a fee for a valid request (except where the law allows, for example where a request is manifestly unfounded or excessive).
You also have the right to object to direct marketing at any time, and, where we rely on your consent, the right to withdraw that consent at any time (withdrawal does not affect processing carried out before you withdrew).
You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk. We would appreciate the opportunity to address any concerns before you contact the ICO - please email us first.
We may update this Policy from time to time. The "Last updated" date shows when it last changed.