bink

Privacy Policy

Last updated: 11 March 2026

1. Who we are and how to contact us

Bink is a UK-based business that builds and hosts websites for local businesses. We operate the following websites and services:

  • Marketing site: getbink.co.uk
  • Client dashboard: app.getbink.co.uk
  • Client websites: hosted on each client's own domain

For the purposes of UK data protection law, Bink is the data controller for the personal information we collect through our marketing site and client dashboard. When we host websites on behalf of our clients, we act as a data processor (see section 10 for details).

If you have any questions about this policy or how we handle your data, you can contact us at:

2. What information we collect

We collect different types of information depending on how you interact with us.

If you contact us through our marketing site

When you submit an enquiry form on getbink.co.uk, we collect:

  • Your name (required)
  • Your email address (required)
  • Your phone number (optional)
  • Your message (required)
  • The page you submitted the form from and the website that referred you to us (collected automatically)
  • A CAPTCHA verification token, used to verify you are a real person and protect against spam

Your enquiry message is also processed by an AI-powered spam classifier to filter out spam submissions. This is an automated process used solely to determine whether a message is genuine or spam. No decisions with legal or similarly significant effects are made based on this classification. If a genuine message is incorrectly flagged, it is still stored and can be reviewed manually.

If you are a Bink client

When you sign up and use the Bink dashboard at app.getbink.co.uk, we collect:

  • Your email address, used for logging in via one-time passcode (we do not use passwords)
  • Business information you enter for your website, such as your business name, address, services, opening hours, and any other content you provide
  • Usage data through analytics tools, including pages visited within the dashboard and features used

Where we have marked information as required on a form, we need it to provide the service you are requesting. If you do not provide it, we will not be able to process your enquiry or provide the relevant service.

Analytics data (all sites)

We run our own privacy-preserving analytics system on all sites we operate, including our marketing site, the client dashboard, and client websites. See section 4 for full details of how this works.

3. How we use your information

We only use your personal information where we have a lawful reason to do so under UK GDPR. The table below explains what we use your data for and the legal basis we rely on in each case.

What we do Data involved Lawful basis
Respond to your marketing enquiry Name, email, phone, message Legitimate interest - responding to business enquiries you have chosen to send us
Protect our forms from spam and abuse CAPTCHA interaction data, enquiry text (for AI spam classification) Legitimate interest - maintaining the security and integrity of our services
Manage your client account and provide login access Email address, authentication logs Contract performance - necessary to provide the service you have signed up for
Build and host your website Business information you provide Contract performance - necessary to deliver the website service
Send you transactional emails (login codes, enquiry notifications) Email address, email content Contract performance - necessary for the operation of your account and service
Understand how our dashboard is used and improve it Dashboard usage data (dashboard only) Legitimate interest - improving our product for clients
Understand website traffic patterns across all sites Anonymised analytics data (no personal data stored) Legitimate interest - understanding traffic patterns with no impact on user privacy

Where we rely on legitimate interest, we have carried out a balancing test to ensure our interests do not override your rights.

4. Analytics and tracking

We run our own privacy-preserving analytics system, built on our own infrastructure. This system is designed to give us useful insights into how our websites are used without compromising your privacy.

What our analytics system does NOT do

  • It does not use cookies
  • It does not store your IP address
  • It does not track you across websites
  • It does not build a profile of you
  • It does not collect any personally identifiable information
  • It does not share data with any third-party advertising or tracking networks

What our analytics system does collect

  • The page you visited and the page that referred you
  • Your country (determined from your connection by our hosting provider, not stored alongside any identifier)
  • Your browser type, device type, viewport width, and language setting
  • A daily session identifier created by hashing your IP address with other non-identifying data. This hash resets every day, cannot be reversed to reveal your IP address, and cannot be used to identify you

Respecting your preferences

If your browser sends a Do Not Track (DNT) signal, our analytics script will not run and no data will be collected.

5. Cookies

We do not use cookies for analytics or tracking on any of our websites.

The following limited, functional cookies or similar technologies may be present:

  • CAPTCHA verification: When you submit an enquiry form, our CAPTCHA provider may use a short-lived token and interaction signals to verify you are a real person. This is not used for tracking and does not persist after the verification is complete.
  • Dashboard session: If you log in to the client dashboard at app.getbink.co.uk, a session token is stored in your browser to keep you logged in. This is strictly necessary for the service to function and is not used for any other purpose.
  • Dashboard analytics (dashboard only): Our product analytics provider may set cookies on the client dashboard to support usage analytics and feature management. These are not present on any other Bink site.

Because we do not use non-essential cookies for tracking or advertising, we do not display a cookie consent banner.

6. Who we share your information with

We do not sell your personal information to anyone. We share data with the following third-party service providers, only to the extent necessary to operate our services.

Service Purpose Data shared Location
Hosting and CDN provider Website hosting, content delivery, DNS, CAPTCHA spam protection, AI-powered spam classification, and privacy-preserving analytics All web traffic passes through our hosting provider. CAPTCHA collects interaction data for bot detection. Enquiry message text is processed for spam classification. Global network (US headquarters, data processed at the nearest edge location)
Email delivery provider Transactional email delivery, including enquiry notifications and login codes Email addresses and email content European Union (Ireland)
Product analytics provider Dashboard usage analytics and feature management (dashboard only, not used on client sites or the marketing site) Dashboard usage data, including pages visited and features used European Union
Log aggregation provider Centralised logging and monitoring for our infrastructure, used to detect and diagnose issues with our services Server logs, which may include IP addresses, request metadata, and error details European Union
Payment processor Processing subscription payments by card or Direct Debit Payment card or bank account details, billing information United States (EU-US Data Privacy Framework certified)
Database provider Database hosting (encrypted at rest) All stored data, including client information, enquiry data, and account details Ireland (EU)

Each of these providers acts as a data processor on our behalf and is bound by their own data processing terms. We have reviewed their privacy practices and are satisfied they provide adequate safeguards for your data.

7. International data transfers

Some of our service providers are based outside the United Kingdom. This means your personal information may be transferred internationally.

Where data is transferred internationally, we ensure appropriate safeguards are in place:

  • Most of our providers are based in the European Union (Ireland), which is covered by the UK's adequacy decision for the EEA. These transfers do not require additional safeguards.
  • Our hosting provider and payment processor are US-based and operate under the EU-US Data Privacy Framework (and UK Extension), which has been recognised as providing adequate protection for personal data transferred from the UK.

Where the Data Privacy Framework does not apply, we rely on standard contractual clauses approved by the UK Information Commissioner's Office (the International Data Transfer Agreement or the International Data Transfer Addendum to the EU Standard Contractual Clauses) as the legal mechanism for the transfer.

8. How long we keep your information

We only keep your personal information for as long as we need it. The table below sets out our retention periods.

Type of data How long we keep it
Marketing enquiries (name, email, phone, message) 24 months after the last contact with you
Client account data (email, login details) Duration of your subscription, plus 90 days after termination
Client website content (business information, pages, images) Duration of your subscription, plus 30 days after termination to allow for reactivation or data export
Analytics data 24 months on a rolling basis (oldest data deleted automatically)
Authentication logs 12 months
End-user enquiry data on client websites (where Bink is processor) As instructed by the client; default is 24 months unless the client requests otherwise

When the retention period expires, we securely delete the data. In some cases, we may anonymise data instead of deleting it, in which case it can no longer be linked back to you.

9. Your rights under UK GDPR

Under UK data protection law, you have the following rights:

  • Right of access - You can ask us for a copy of the personal information we hold about you.
  • Right to rectification - You can ask us to correct any information that is inaccurate or incomplete.
  • Right to erasure - You can ask us to delete your personal information in certain circumstances.
  • Right to restrict processing - You can ask us to limit how we use your data in certain circumstances.
  • Right to data portability - You can ask us to provide your data in a structured, commonly used format so you can transfer it to another service.
  • Right to object - You can object to our processing of your data where we rely on legitimate interest as the lawful basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests. We do not currently send marketing emails. If we ever do, you will have an absolute right to opt out at any time.
  • Rights related to automated decision-making - We use automated spam classification on enquiry forms. This does not produce legal or similarly significant effects on you. If you believe a genuine enquiry was incorrectly classified, please contact us and we will review it manually.

To exercise any of these rights, email us at hello@getbink.co.uk. We will respond within one month. There is no charge for making a request, though we may charge a reasonable fee if a request is clearly unfounded or excessive.

If your data is on a client website: If you submitted an enquiry through a website that Bink hosts on behalf of a local business, that business is the data controller. Please contact them directly to exercise your rights. If you are unsure how to reach them, email us and we will point you in the right direction.

10. Data we process on behalf of our clients

When we host a website for a client, that client is the data controller for any personal information collected through their website. Bink acts as the data processor.

What this means in practice

  • Enquiry forms on client websites may collect names, email addresses, phone numbers, messages, and any custom fields the client has configured. This data is stored in our database and made available to the client through their dashboard.
  • Lead events (such as phone number clicks or email link clicks on a client website) are recorded as action types with page information. No personally identifiable information is captured in these events.
  • Analytics on client websites use the same privacy-preserving system described in section 4. No personal data is stored.

Our responsibilities as a processor

We process client website data in line with the following commitments:

  • We only process the data as instructed by the client
  • We do not use end-user data for our own purposes
  • We apply the same security measures described in section 12
  • We notify clients promptly of any data breach affecting their data
  • We delete client data within 30 days of service termination, unless the client requests otherwise
  • We do not engage sub-processors beyond those listed in section 6 without informing our clients

If you are a visitor to a website hosted by Bink and you wish to exercise your data protection rights, please contact the business that operates that website directly. They are responsible for responding to your request. Bink will assist our clients in fulfilling these requests where necessary.

11. Children's data

Our services are designed for businesses and business owners. We do not knowingly collect personal information from children under the age of 16. If you believe a child has submitted personal information through one of our forms, please contact us at hello@getbink.co.uk and we will delete it promptly.

12. How we protect your information

We take the security of your data seriously and have implemented appropriate technical and organisational measures to protect it, including:

  • HTTPS/TLS encryption on all connections to and from our websites and services
  • No passwords stored anywhere - we use one-time passcode authentication for the client dashboard, removing the risk of password breaches
  • Privacy-preserving analytics with no cookies and hashed session identifiers that reset daily
  • Rate limiting on all API endpoints to prevent abuse
  • DDoS protection through our hosting provider
  • Security headers on all pages, including HSTS, Content Security Policy, and X-Frame-Options
  • Database encryption at rest and in transit
  • Access controls limiting who can view and manage data

While no system can guarantee absolute security, we regularly review our practices and update our measures to address new threats.

In the unlikely event of a data breach that poses a high risk to your rights, we will notify you without undue delay in accordance with UK GDPR Article 34.

13. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. When we make changes, we will update the "last updated" date at the top of this page.

If we make significant changes that affect how we handle your personal information, we will take reasonable steps to notify you, such as displaying a notice on our website or emailing our clients directly.

We encourage you to review this policy periodically to stay informed about how we protect your data.

14. How to complain

If you are unhappy with how we have handled your personal information, we would like the chance to put things right. Please contact us first at hello@getbink.co.uk and we will do our best to resolve your concern.

If you are not satisfied with our response, you have the right to complain to the UK's data protection authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
Live chat: ico.org.uk/global/contact-us/live-chat

You can also contact the ICO if you want independent advice about data protection, privacy, and data sharing.