Privacy Policy
Plain English version of how TileFlow UK handles your data. Short answer: as little as possible, never sold, always your right to take it back.
Last updated: 8 May 2026 — refreshed for the UK Data Use and Access Act 2025 ("DUAA").
Quick summary
- I collect minimal data — only what's needed to reply or fulfil orders
- I never sell your data, ever
- Analytics are aggregated and anonymous
- Cookies only fire if you consent via the banner
- You can exercise your data rights at any time — see /data-rights
1. Who I am
TileFlow UK is a UK sole trader run by Brandon. Contact: tileflowuk@gmail.com or WhatsApp +44 7539 472545. I'm the data controller for personal data collected through the site.
2. What data I collect, why, and on what lawful basis
| Data | Why | Lawful basis | Retention |
|---|---|---|---|
| Contact form / WhatsApp / email — name, email, message | To reply to you | Legitimate interest | 2 years from last contact |
| Order details — name, address, phone, order contents | To fulfil your tile order | Contract + legal obligation (HMRC) | 6 years (HMRC tax retention) |
| Newsletter email (no live list yet) | To send the updates you signed up for | Consent (double opt-in) | Until you unsubscribe |
| Analytics — Google Analytics 4: anonymised page views, device type, country | To understand how visitors use the site | Consent (cookie banner) | 14 months |
| Behavioural — Microsoft Clarity: heatmaps, anonymised session recordings (if active) | To find usability problems (e.g. why a button isn't being clicked) | Consent (cookie banner) | 12 months |
| Affiliate-click attribution: aggregated click counts per product, no individual IDs | To know which recommendations actually help readers | Legitimate interest | Aggregated only — never identifiable |
3. Cookies + tracking
No tracking cookies are dropped until you accept them via the cookie banner. Strictly necessary cookies (e.g. remembering your cookie choice) work without consent — they have to, otherwise the banner would re-appear every page.
- Necessary: cookie-consent state, theme preference. Always on.
- Analytics: Google Analytics 4 (`_ga*`) and Microsoft Clarity (`_clck`, `_clsk`). On only if you accept.
- Marketing: none. TileFlow UK doesn't run ads.
You can change your choice any time from the small "Cookie preferences" link in the footer.
4. Affiliate links
When you click an Amazon link on TileFlow UK, Amazon may set a cookie in your browser to track that you came from this site. I don't control those cookies — they're set by the destination, not by me. See Amazon's privacy notice for what they do with that.
See also: Affiliate Disclosure (how I earn money) and Your Data Rights.
5. Who I share data with
I never sell personal data. I share with these processors only for the operational reason listed:
- Vercel (hosting) — operates the website infrastructure. US-based, UK-EU Data Privacy Framework certified.
- Google (Analytics 4, Indexing API, Search Console, Ads-free Workspace email) — analytics + search. Same framework.
- Microsoft (Clarity heatmaps if active) — same framework.
- Pinterest / Meta / TikTok — relevant only when you click outbound to those platforms. Their cookies, their policies.
- HMRC + tax authorities — for tax records on direct tile sales. Statutory.
I review processor list at least annually. I'll update this page if it changes.
6. International transfers
Some processors above are US-based. UK personal data sent to them is covered by the UK Extension to the EU-US Data Privacy Framework, plus standard contractual clauses where required.
7. Security
The site is HTTPS-only with HSTS preload. I use secure providers for hosting, email, and analytics. I keep access tokens in a password manager and rotate them when they leak (it's happened — disclosed and resolved within hours each time).
8. Your rights
Under UK GDPR and the DUAA you have the right to access, correct, delete, restrict, object, and port your data. Full guide and request route: /data-rights.
If you're unhappy with how your data's been handled, you can complain to the UK Information Commissioner's Office on 0303 123 1113.
9. Children
TileFlow UK is not aimed at children under 13. I don't knowingly collect data from anyone under 13. If you think I've done so by accident, tell me and I'll delete it.
10. Changes to this policy
I update this page when something changes. Material changes will be flagged at the top of the page for at least 30 days. The "last updated" date is at the top.
Contact
Questions: tileflowuk@gmail.com. Data-rights requests: see /data-rights.