Перейти к содержимому
← На главнуюКонфиденциальность
Privacy notice

What happens to your answers.

Last updated: 7 May 2026

Who runs this

This research project is operated by Dmytro Fenko (publishing as Dmitry Fenko), a UK sole trader trading as Fenko Team. I’m the data controller for everything described below. The project doesn’t meet the conditions in UK GDPR Article 37 that require a Data Protection Officer, so I haven’t appointed one — I handle every data protection matter personally. If you need to reach me about your data, write to support@fenko.dev and I’ll reply personally.

ICO registration

I’m registered with the UK Information Commissioner’s Office as a data controller and pay the annual data protection fee. My ICO registration number is ZC141876. You can verify it on the public register at ico.org.uk/ESDWebPages/Search.

What I collect

Only what you type into the survey: your email address, a short description of your business, how long you’ve been running it, your free-text answers to three open-ended questions, and a server-stamped timestamp recording when you ticked the consent box and which version of this notice was in force at that moment. All of it is collected directly from you when you submit the form; nothing is bought, scraped, or inferred from other sources. I don’t use analytics, cookies, fingerprinting, or session recording, and there’s no tracking script on this site. Providing this information is entirely voluntary — there’s no contract or legal obligation to participate. If you’d rather not, just don’t submit the survey.

Why I collect it

To understand whether there’s a useful product to build for UK sole traders, and to contact you if I do build one. That’s the entire purpose. Your email won’t be sold, shared, or used for marketing of unrelated products.

Where it’s stored

Your responses are stored in a Supabase Postgres database hosted in the EU (Frankfurt), encrypted at rest by the platform and transmitted over TLS. Supabase Inc. — the company behind the platform — is incorporated in the United States, so the transfer to them is covered by the standard contractual clauses and the UK International Data Transfer Agreement (IDTA) included in Supabase’s published Data Processing Agreement (supabase.com/legal/dpa), which provide appropriate safeguards under UK GDPR Article 46. The website is served by Vercel Inc. (US), and the serverless function that receives and validates your form submission is configured to run in Vercel’s Frankfurt region (eu-central) — so the form data is processed inside the EU before it reaches the database. Vercel publishes a Data Processing Agreement at vercel.com/legal/dpa that incorporates the standard contractual clauses and the UK IDTA as transfer mechanisms. Both Supabase’s and Vercel’s DPAs apply to this project through incorporation by reference in their standard terms — they have not been separately countersigned. Vercel also collects standard request metadata (IP address, User-Agent, URL, timestamp) in its edge and runtime logs as part of CDN operation — these logs are retained for up to 24 hours on the current plan and are accessible to me through the Vercel dashboard. Vercel acts as our processor under their DPA. If a server-side validation error occurs while you submit the form, a small fragment of your submitted answer (up to about 1,000 characters) may also transiently appear in Vercel’s function logs for the same retention window before being auto-deleted; these logs are accessible only to me. Beyond the platform staff at Supabase and Vercel (who have administrative access to their infrastructure under their respective DPAs), I’m the only person who reads and analyses the data.

Analytics

I use Vercel Web Analytics to count anonymous page views and understand which posts drive visits. The service generates a server-side hash from each visitor’s IP address and User-Agent (rotated every 24 hours) and records: the page route visited, the country (ISO 3166-1 alpha-2), the device type, browser, and operating system. The hash cannot be reversed to your IP and is not linked across days, sessions, or other websites. Nothing is stored on your device — no cookies, no localStorage, no fingerprinting beyond the daily server-side hash. The lawful basis for this processing is legitimate interests under UK GDPR Article 6(1)(f): I need basic page-level signal to understand which discovery posts reach the right audience, and the data collected is minimal, anonymous, and proportionate. You have an absolute right to object to this processing under Article 21 — email support@fenko.dev with the subject line “opt-out analytics” and I’ll exclude your future visits.

Performance Insights

Alongside Vercel Web Analytics, I use Vercel Speed Insights to measure how the site performs in real browsers — Core Web Vitals such as Largest Contentful Paint, Cumulative Layout Shift, and Interaction to Next Paint. Each measurement records: the page route, the country (ISO 3166-1 alpha-2), the device type, browser, operating system, and the metric value. By Vercel's design, the data is anonymous and is not associated with any individual visitor or IP address — measurements cannot be tied back to you. Nothing is stored on your device. The lawful basis for this processing is legitimate interests under UK GDPR Article 6(1)(f): I need real-user performance data to detect regressions and prioritise fixes that affect actual visitors, and the data collected is minimal, anonymous, and proportionate. The right to object under Article 21 applies on the same terms as analytics — email support@fenko.dev with the subject line “opt-out analytics” and I’ll exclude your future visits from both.

How long I keep it

I keep your responses for as long as the project is active, plus up to 12 months after, to allow follow-up analysis and any final write-up of findings. After that, or whenever you ask, I delete your record permanently.

Your rights (UK GDPR)

Under UK GDPR you have the right to: access a copy of your data; correct anything inaccurate; have your data deleted; restrict how I use it; receive your data in a portable format (e.g. a CSV); object to processing; and withdraw your consent at any time. To exercise any of these, email support@fenko.dev. I’ll respond within one month — usually much faster.

Lawful basis

Consent. By ticking the box on the final step of the survey, you agree to this notice. You can withdraw consent at any time by emailing me — that triggers deletion.

What I don’t do

I don’t sell data. I don’t share it with third parties beyond Supabase (the database host) and Vercel (the website host). I don’t use it to train AI models. I don’t run ads. I don’t have a marketing funnel. There’s also no automated decision-making or profiling — no algorithm makes any decision about you based on your answers.

Complaints

If you think I’ve handled your data unlawfully, you have the right to lodge a complaint with the UK’s data protection regulator — the Information Commissioner’s Office (ICO). You can reach them at ico.org.uk or 0303 123 1113. I’d appreciate the chance to fix things first if you email me, but you’re not obliged to.