Let's Talk

Privacy Policy

Who We Are

This website is operated by Dan Raileanu, trading as Navflow, a sole trader based in England. References to “Navflow”, “I”, or “me” throughout this policy refer to Dan Raileanu trading as Navflow.

For any privacy-related queries, contact: hello@navflow.co.uk

What Data I Collect and Why

Contact Form Enquiries

When you submit an enquiry through the contact form, I collect your name, email address, and the contents of your message. This is used solely to respond to your enquiry and, if you become a client, to manage your project.

Legal basis: Legitimate interest (responding to a direct enquiry) and, where a contract follows, performance of a contract.

Analytics Data

This site uses Google Analytics and Microsoft Clarity to understand how visitors use the website. This may include your IP address (anonymised), browser type, pages visited, time on site, and device information. Neither tool allows me to identify you personally.

Legal basis: Legitimate interest in improving the website experience.

Payment Data

Payments are processed via GoCardless (Direct Debit), bank transfer, or debit/credit card. I do not store your full payment details. GoCardless processes and stores Direct Debit data under their own privacy policy, which you can review at gocardless.com.

Client Project Data

If you become a client, I may hold your business name, contact details, login credentials (where relevant to your project), and correspondence. This is used solely to deliver and manage your website.

Legal basis: Performance of a contract.

How Long I Keep Your Data

  • Enquiry data (no contract follows): deleted after 12 months
  • Client project data: retained for 6 years after the end of the contract (for legal and accounting purposes)
  • Analytics data: retained in line with Google Analytics and Microsoft Clarity default settings

Who I Share Data With

I do not sell your data. I may share limited data with the following third parties where necessary to deliver the service:

  • Google Analytics — website analytics
  • Microsoft Clarity — session recording and heatmaps
  • GoCardless — Direct Debit payment processing
  • Hosting providers — to keep your website live and secure

All third parties are required to handle data in line with UK GDPR.

Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data I hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (where no legal obligation to retain it exists)
  • Object to processing based on legitimate interest
  • Request a copy of your data in a portable format
  • Withdraw consent at any time (where consent is the legal basis)

To exercise any of these rights, contact hello@navflow.co.uk. I aim to respond within 30 days.

If you are unhappy with how your data is handled, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

Data Security

Reasonable technical and organisational measures are in place to protect your data. The site is hosted on secure, managed servers with SSL encryption, regular backups, and security monitoring.

Changes to This Policy

This policy may be updated from time to time. The date at the top of this page reflects the most recent revision.