Skip to content
Obsidian Creative

Privacy policy

Last updated: May 2026

This page explains what personal data this site collects, how it is used, who it may be shared with, and the choices you have.

Who I am

This website is operated by Jason Cliffe trading as Obsidian Creative (“I”, “me”, “my”). If you have a privacy question or want to exercise your rights, email [email protected].

What data I collect

  • Website audit and contact enquiries: information you submit through the enquiry form, such as your name, email address, business name, website link, business details, project details, goals, and message.
  • Testimonials: information you choose to submit for review, such as your name, rating, comment, and optional company or website details.
  • Analytics data: website usage and performance data, where analytics are enabled by your consent choice.
  • Technical data: basic information processed by hosting, security, and delivery systems to keep the website working and protected.

Why I use this data

  • To respond to enquiries and free trust audit requests.
  • To review websites, business links, or project details you submit voluntarily.
  • To discuss potential projects, pricing, scope, support, or next steps.
  • To review, approve, display, correct, or remove testimonials.
  • To understand how the website is used and improve its content, structure, and performance.
  • To keep basic records connected to the operation of the business.

Lawful basis

  • Enquiries and audit requests: legitimate interests and, where relevant, steps taken at your request before entering into a contract.
  • Testimonials: consent where you choose to submit information for possible publication, together with legitimate interests in displaying social proof for the business.
  • Analytics and non-essential cookies or similar technologies: consent.
  • Security and basic website operation: legitimate interests in keeping the website available, functional, and protected.

Service providers

I use a limited number of third-party providers to operate the site and related services, including:

  • Cloudflare Pages for hosting.
  • Cloudflare analytics and security services where enabled or required for website delivery and protection.
  • Cloudflare D1 for storing testimonial submissions and approved testimonials.
  • Resend for contact-form email delivery.
  • Google Analytics 4 where you consent.

These providers process data to provide their services. I do not sell personal data and I do not use advertising retargeting on this site.

Website audit requests

If you request a free trust audit or paid website audit, I may review the website, business profile, social profile, or other link you provide. I only use this information to assess the website or business presence and provide a relevant recommendation.

Do not send confidential, sensitive, or access-restricted information through the public contact form.

Cookies and consent

This site uses a consent banner so you can choose whether analytics are enabled. If you decline analytics, the site should still work normally.

You can also change your choice later using the cookie settings control below.

Analytics technologies

  • Google Analytics 4 is only loaded after you consent.
  • Cloudflare analytics services may process website usage data depending on configuration and your consent choices.

Cookie names and technical behaviour can change over time depending on browser behaviour, provider updates, and site configuration.

Testimonials moderation

Testimonials are reviewed before publication. If approved, your submitted name, rating, comment, and any optional company or website details may be displayed publicly.

If you want a published testimonial corrected or removed, email me with enough detail to verify the request.

Retention

  • Enquiries and audit requests: kept for as long as reasonably necessary to respond, manage follow-up, and keep a basic business record.
  • Testimonials: pending submissions are kept until moderation is completed; approved testimonials may be retained until removal is requested or they are no longer needed.
  • Analytics: retained according to the relevant provider’s settings and retention controls.

International transfers

Some service providers may process data outside the UK. Where that happens, the transfer may rely on contractual or other recognised safeguards offered by the provider in line with applicable data protection requirements.

Security

I take reasonable technical and organisational steps to protect personal data, but no internet-based system can be guaranteed completely secure.

Your rights

Depending on the circumstances, you may have rights to access, correct, erase, restrict, object to, or request portability of personal data.

  • Request access to personal data I hold about you
  • Request correction or deletion
  • Object to processing in certain circumstances
  • Request restriction or portability where applicable
  • Withdraw consent where processing relies on consent

To exercise your rights, email [email protected].

If you are unhappy with how your data is handled, you can complain to the UK Information Commissioner’s Office.

Children

This site is intended for business use and is not aimed at children. I do not knowingly collect personal data from children through it.

Changes to this policy

I may update this page from time to time. The date at the top of the page shows when it was last revised.