Privacy Policy
Version: 1.0
Last updated: 23 March 2026
1. Who we are
This website is operated by Kobestarr Digital, based in England.
- Address: Manchester, United Kingdom
- Email: kobi@kobestarr.com
- Website: https://kobestarr.io
We are the data controller for the personal data we collect through this website. This means we decide how and why your data is processed.
If you have questions about how we handle your data, email us at kobi@kobestarr.com.
2. What this policy covers
This policy explains what personal data we collect when you visit our website, view a proposal, or get in touch with us. It applies to visitors in the UK and the European Economic Area (EEA).
We process data under both the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), depending on where you are based.
3. What data we collect
Website visitors
When you browse our website, we collect:
- IP address (anonymised where possible)
- Device type, browser, and operating system
- Pages visited and time spent on each page
- Referring website (how you found us)
Proposal viewers
When you view a proposal we have sent you, we collect:
- Which sections of the proposal you viewed
- How long you spent on each section
- Scroll depth and reading patterns
- Number of return visits to the proposal
- Device and browser information
- IP address and approximate location
We are transparent about this: when you view a proposal, we track which sections you read and for how long. We do this to understand what matters to you and to improve the proposals we write. You will see a notice about this when you open any proposal.
Contact forms and enquiries
When you fill in a contact form or email us, we collect:
- Your name and email address
- Company name and job title (if provided)
- Phone number (if provided)
- The content of your message
Lead capture
If you download a resource or sign up for updates, we collect your name and email address.
4. How we use your data
| Purpose | Data used | Legal basis |
|---|---|---|
| Running and improving our website | Visitor analytics | Legitimate interest (Article 6(1)(f)) |
| Proposal engagement tracking | Viewing patterns, device info | Legitimate interest (Article 6(1)(f)) |
| Responding to enquiries | Contact details, message content | Legitimate interest / pre-contractual steps (Article 6(1)(b)) |
| Sending marketing emails | Name, email | Consent (Article 6(1)(a)) |
| Invoicing and contracts | Business contact details | Contract performance (Article 6(1)(b)) |
| Measuring advertising performance | Browsing behaviour, ad interactions | Consent (Article 6(1)(a)) |
A note on legitimate interest
For proposal tracking and website analytics, we rely on legitimate interest. We have carried out a balancing test and concluded that:
- The processing is necessary for our business (understanding how proposals are received)
- The impact on your privacy is minimal (we track business engagement, not personal browsing)
- You can object at any time (see Section 10)
5. Cookies and tracking technologies
Cookie consent
Non-essential cookies (analytics and marketing) are only set after you give consent via our cookie banner. Essential cookies are set automatically as they are required for the website to function.
You can change your cookie preferences at any time through the cookie settings link in our website footer. You can also clear cookies and localStorage through your browser settings.
Essential cookies
| Cookie | Purpose | Expiry |
|---|---|---|
| wordpress_logged_in_* | WordPress session management | Session |
| wp-settings-* | WordPress user preferences | 1 year |
| CSRF / security tokens | Protect against cross-site request forgery | Session |
Analytics cookies
| Cookie | Purpose | Expiry |
|---|---|---|
| _ga | Google Analytics – distinguishes unique visitors | 2 years |
| _ga_* | Google Analytics – maintains session state | 2 years |
| _gid | Google Analytics – distinguishes unique visitors | 24 hours |
Marketing cookies
| Cookie | Purpose | Expiry |
|---|---|---|
| _fbp | Meta Pixel – identifies browsers for ad delivery | 90 days |
| _fbc | Meta Pixel – stores click identifiers | 90 days |
| li_sugr | LinkedIn Insight Tag – browser identifier | 90 days |
| bcookie | LinkedIn – browser identifier | 1 year |
| lidc | LinkedIn – data centre routing | 24 hours |
| UserMatchHistory | LinkedIn – ad targeting sync | 30 days |
Functional storage
| Storage | Purpose | Expiry |
|---|---|---|
| localStorage (proposal viewer) | Detects return visits to proposals | Persistent until cleared |
6. International data transfers
We are based in the United Kingdom. If you are in the EEA, your data may be transferred to the UK. The European Commission has granted the UK an adequacy decision, meaning UK data protection standards are considered equivalent to those in the EU.
Some of our processors are based outside the UK and EEA. We ensure appropriate safeguards are in place for all transfers:
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Google (Analytics) | Website visitor analytics | USA | EU-US Data Privacy Framework |
| Meta (Pixel) | Advertising measurement and retargeting | USA | EU-US Data Privacy Framework |
| LinkedIn (Insight Tag) | Advertising measurement and retargeting | USA | EU-US Data Privacy Framework |
| Hostinger | Website hosting | Lithuania / Netherlands | EEA-based processing |
7. Who we share your data with
We do not sell your data. We share it only with processors who help us run our business:
| Category | Purpose | Location |
|---|---|---|
| Hosting provider (Hostinger) | Website and proposal hosting | Lithuania / Netherlands |
| Website visitor analytics | USA (with DPF) | |
| Meta | Advertising measurement | USA (with DPF) |
| Advertising measurement | USA (with DPF) | |
| Email service provider | Sending emails and notifications | US (with SCCs) |
| Payment processor | Processing invoices | UK / EEA |
| CRM provider | Managing client relationships | US (with SCCs) |
We have data processing agreements with all processors. A full list of sub-processors is available on request.
8. How long we keep your data
| Data type | Retention period |
|---|---|
| Proposal tracking data | 2 years from last interaction |
| Contact form submissions | Until you ask us to delete it, or 3 years if no ongoing relationship |
| Client project data | 6 years after project completion (for tax and legal purposes) |
| Marketing consent records | Until consent is withdrawn, plus 1 year for record-keeping |
| Website analytics | 26 months (anonymised and aggregated) |
| Cookie consent records | 1 year from date of consent |
After these periods, we securely delete or anonymise the data.
9. Data security
We take reasonable technical and organisational measures to protect your data, including:
- Encryption in transit (TLS/SSL) and at rest
- Access controls limited to authorised personnel
- Regular security reviews of our processors
- Secure deletion when data is no longer needed
No system is perfectly secure. If you believe your data has been compromised, contact us immediately at kobi@kobestarr.com.
10. Your rights
Under UK GDPR and EU GDPR, you have the right to:
- Access your personal data (Subject Access Request)
- Rectify inaccurate data
- Erase your data (“right to be forgotten”) where there is no legal reason to keep it
- Restrict processing in certain circumstances
- Object to processing based on legitimate interest (including proposal tracking)
- Data portability – receive your data in a structured, machine-readable format
- Withdraw consent at any time for marketing communications and non-essential cookies
To exercise any of these rights, email kobi@kobestarr.com. We will respond within one month.
11. Complaints
If you are unhappy with how we handle your data, please contact us first so we can try to resolve it.
If you are not satisfied with our response, you have the right to complain to:
UK residents:
Information Commissioner’s Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
EEA residents:
Your local data protection supervisory authority. A list is available at edpb.europa.eu.
12. Children’s data
Our website and services are not directed at anyone under 18. We do not knowingly collect data from children. If you believe we have collected data from someone under 18, contact us and we will delete it promptly.
13. Changes to this policy
We may update this policy from time to time. We will post the updated version on this page with a new “last updated” date. For significant changes, we will make reasonable efforts to notify you directly.
14. Contact us
If you have any questions about this policy or your data:
Kobestarr Digital
Manchester, United Kingdom
kobi@kobestarr.com
This privacy policy was last reviewed on 23 March 2026.