Last updated: February 27, 2026
Privacy Notice
1. Who we are
The data controller for MakeFolio is [YOUR_FULL_LEGAL_NAME], a sole trader trading as [TRADING_NAME]. The controller is an individual person - not a limited company. Contracts with customers are entered into personally by the founder.
Trading address: [TRADING_ADDRESS]
General contact email: [SUPPORT_EMAIL]
Privacy contact email: [PRIVACY_EMAIL]
MakeFolio is: [PRODUCT_DESCRIPTION]
This notice applies to: [TARGET_USERS]
2. About this notice
This Privacy Notice explains what personal data we collect when you use MakeFolio, why we collect it, how we use it, who we may share it with, how long we keep it, and what your rights are under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We will update this notice from time to time. The date at the top tells you when it was last revised. Material changes will be communicated by email or by a notice on the product.
3. Personal data we collect about you
We may collect and process the following categories of personal data:
[DATA_CATEGORIES]
We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.
4. How and why we use your personal data
We use your personal data for the purposes below. Next to each purpose we identify the lawful basis we rely on under Article 6 UK GDPR.
| Purpose | Lawful basis |
|---|---|
| Creating and managing your account | Performance of a contract - Article 6(1)(b). You cannot use the service without an account. |
| Providing and operating the MakeFolio service | Performance of a contract - Article 6(1)(b). |
| Processing payments and managing billing | Performance of a contract - Article 6(1)(b); and compliance with a legal obligation (financial record-keeping) - Article 6(1)(c). |
| Sending transactional and service communications (e.g. receipts, password resets, important product notices) | Performance of a contract - Article 6(1)(b). |
| Sending optional marketing communications about MakeFolio updates or new features (where you have opted in) | Consent - Article 6(1)(a). You may withdraw consent at any time by clicking “unsubscribe” in any marketing email or by emailing [PRIVACY_EMAIL]. |
| Improving the product and fixing bugs | Legitimate interests - Article 6(1)(f). Our legitimate interest is in maintaining and improving a reliable service. We have considered your interests and do not believe this processing overrides them. |
| Complying with legal obligations | Legal obligation - Article 6(1)(c). |
| Handling enquiries and support requests | Legitimate interests - Article 6(1)(f). It is in both your interest and ours to resolve issues promptly. |
5. Who we share your personal data with
We do not sell your personal data to third parties. We share personal data only with the processors and recipients listed below, each of whom acts under a data processing agreement or equivalent contractual safeguards.
[VENDORS_LIST]
We may also disclose personal data if required to do so by law, by a court order, or to protect the rights, property, or safety of individuals.
6. International transfers of personal data
[INTERNATIONAL_TRANSFERS]
Where personal data is transferred to a country not covered by a UK adequacy regulation, we ensure appropriate safeguards are in place - such as the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses - before the transfer takes place.
7. How long we keep your personal data
[RETENTION_RULES]
We will securely delete or anonymise personal data once it is no longer required for the purpose for which it was collected, unless a longer retention period is required or permitted by law (for example, to meet tax and accounting obligations).
8. Security
We take reasonable technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include - but are not limited to - using reputable cloud infrastructure with encryption in transit and at rest, restricting access to personal data on a need-to-know basis, and applying available security features provided by our third-party processors.
No method of transmission over the internet or electronic storage is completely secure. While we do our best to protect your personal data, we cannot guarantee its absolute security. If you have reason to believe your interaction with us is no longer secure, please notify us immediately at [PRIVACY_EMAIL].
9. Your rights under UK GDPR
Depending on the circumstances, you have the following rights in relation to your personal data:
- Right of access - You may request a copy of the personal data we hold about you (commonly known as a Subject Access Request).
- Right to rectification - You may ask us to correct personal data that is inaccurate or incomplete.
- Right to erasure (“right to be forgotten”) - You may ask us to delete your personal data where there is no good reason for us to continue processing it.
- Right to restriction of processing - You may ask us to suspend processing of your personal data in certain circumstances (for example, while you contest its accuracy).
- Right to data portability - Where processing is based on your consent or the performance of a contract and is carried out by automated means, you may ask us to provide your personal data in a structured, commonly used, machine-readable format.
- Right to object - You may object to processing that is based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests or the processing is for the establishment, exercise, or defence of legal claims.
- Right to withdraw consent - Where we rely on consent as the lawful basis, you may withdraw it at any time. Withdrawal does not affect the lawfulness of any processing carried out before withdrawal.
- Rights in relation to automated decision-making - You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects. MakeFolio does not carry out such automated decision-making.
To exercise any of these rights, please email [PRIVACY_EMAIL]. We will respond within one calendar month. We may need to verify your identity before acting on a request. There is no charge for exercising your rights, though we may charge a reasonable fee if requests are manifestly unfounded or excessive.
10. Right to complain to the ICO
If you are unhappy with how we have handled your personal data, please contact us first at [PRIVACY_EMAIL] so we can try to resolve your concern.
You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO):
- Website: ico.org.uk/make-a-complaint
- Telephone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
11. Contact us
For any questions or concerns about this Privacy Notice or about how we handle your personal data, please contact:
[YOUR_FULL_LEGAL_NAME] (sole trader trading as [TRADING_NAME])
[TRADING_ADDRESS]
Email: [PRIVACY_EMAIL]