Forged.Landscapes

Legal

Privacy & cookies

Last updated: July 2026 · Applies to forgedlandscapes.co.uk

Who we are

Forged Landscapes ("we") is the data controller for personal data collected through this website. Contact: landscapesforged@gmail.com.

What we collect, and why

Enquiry data — name, email, phone, postcode, project details, budget band, and chat transcripts from the project assessor. Lawful basis: legitimate interests (responding to an enquiry you initiated), then contract where a project proceeds.

Project brief data — photos and videos of your garden, dimensions, sketches and inspiration links you upload to the client portal, plus your portal account email. Lawful basis: steps taken at your request prior to entering a contract.

Postcode checks — postcodes entered into the radius checker are sent to postcodes.io (Open Government Licence data) to calculate distance. We don't store checker lookups unless you submit an enquiry.

What we never do

We do not sell personal data, share it with marketing brokers, or use it to train anything. Garden photos are used solely to assess and deliver your project.

Where it lives

Enquiries and briefs are stored in our database and file storage (Supabase, hosted in the UK/EEA region), protected by row-level security so portal users can only ever access their own project data. Email notifications are delivered via Resend. Hosting is provided by Vercel.

How long we keep it

Enquiries that don't proceed: deleted or anonymised within 24 months. Project records for completed work: retained for 6 years to honour guarantees and meet legal obligations. Portal accounts: deleted on request at any time.

Your rights

Under UK GDPR you can request access, correction, deletion, restriction, or a portable copy of your data, and object to processing based on legitimate interests. Email landscapesforged@gmail.com — we respond within one month. If we get it wrong, you can complain to the ICO at ico.org.uk.

Cookies — the honest version

This site sets no marketing or tracking cookies. The only cookies/storage used:

  • Portal session — keeps you signed in to the client portal (strictly necessary).
  • Consent preference — remembers your choice on the cookie banner (strictly necessary).
  • Anonymous analytics — only if you opt in via the banner; off by default. We currently run none even when enabled.

Because strictly-necessary cookies are exempt from consent under PECR, the banner exists to be straight with you and to record your analytics preference — not to nag.

Third-party services

  • postcodes.io — postcode geocoding (no account data sent)
  • Supabase — database, authentication and encrypted file storage
  • Resend — transactional email delivery
  • Vercel — website hosting
  • Groq — powers the project assessor's language model when enabled; transcripts are processed to generate replies and are not used for training under our configuration
  • OpenStreetMap / CARTO — map tiles on the service-area pages (your browser requests tiles directly)
  • Unsplash — temporary photographic comps are served from Unsplash's CDN