How we handle your data.

1. Who we are

The data controller is ARABA, trading as 5 Day Sites. We are based in the United Kingdom and operate as a sole trader.

For any privacy question or request, email [email protected].

2. What we collect

When you submit the application form on this site, we collect:

• →Your name and business name
• →Your trade and city
• →Your email address and phone number

We use Vercel Web Analytics to count anonymous page visits. It does not set cookies, does not track you across other websites, and does not collect your IP address, name, email, or any identifier we could link back to you. It records only the page URL, referrer, country, and device type — fully anonymous and GDPR-compliant by design. Vercel's analytics privacy notice.

We do not set any tracking cookies, run any third-party advertising scripts, or share your data with advertising networks.

3. Why we collect it

We use the information above for one purpose only — to respond to your application, deliver any service you book, and stay in touch about it. Specifically:

• →To reply to your enquiry within one working hour
• →To send you the kickoff and onboarding materials if you proceed
• →To invoice you (if applicable) and keep statutory accounting records

4. Lawful basis

We process your data under UK GDPR Article 6(1)(b) — performance of a contract (or steps you've asked us to take before entering one) — and Article 6(1)(c) — legal obligation (HMRC accounting records). We do not rely on legitimate interests for marketing.

5. Who we share it with

We use a small set of trusted processors to operate the business. Each one signs a Data Processing Agreement and is GDPR-compliant:

• →Resend — to deliver transactional and onboarding emails
• →Vercel — to host the website (UK and EU edge locations)
• →Cal.com — only if you choose to book a call through our scheduling link
• →Stripe — only if you pay through our checkout link (Stripe is the payment controller; we never see your card details)

We never sell your data, and we never share it with advertising or data-broker networks.

6. How long we keep it

Application data is kept for up to 12 months from your last contact, unless you become a client — in which case we keep customer records for six years from the end of the tax year, as required by HMRC. You can ask us to delete it sooner at any time, except for records we are legally required to retain.

7. Your rights

Under UK GDPR you have the right to:

• →Access the personal data we hold about you
• →Have inaccurate data corrected
• →Have your data deleted (subject to legal retention rules)
• →Restrict or object to certain processing
• →Export your data in a portable format
• →Complain to the ICO at ico.org.uk

To exercise any of these, email [email protected]. We respond within 30 days.

8. Security

The site is served over HTTPS with HSTS preloaded, Content Security Policy headers, and frame-busting protection. Form submissions are transmitted directly to Resend over TLS. We do not store your data on local devices, USB drives, or anywhere outside our processor stack.

9. Changes to this policy

If we change anything material, we update the "Last updated" date at the top of this page and, if you're an active customer, we email you. Older versions are kept on request.