Privacy Policy
Last updated: 1 July 2026
Who we are
This website is operated by Morgan Burke, trading as Cainan, an independent software studio providing website builds and freelance engineering services. We are referred to in this policy as "Cainan", "we", "us", or "our".
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Morgan Burke is the data controller. For the purposes of the Australian Privacy Act 1988, Morgan Burke is the entity responsible for handling personal information.
You can reach us at hello@cainan.studio.
What personal information we collect
We collect only the minimum personal information necessary to provide our services and respond to enquiries. We do not run advertising, analytics tracking, or user accounts of any kind.
Contact form enquiries
When you submit the contact form on this website, we collect: your name, your email address, the nature of your enquiry (if you choose to indicate it), and the message you write. This information is transmitted directly to our email inbox and is not stored in any database.
Server logs
Our hosting infrastructure automatically records standard web server logs, which may include your IP address, browser type, referring URL, and the pages you visited. These logs are used only for security monitoring and debugging. They are not linked to any other personal data we hold about you.
Analytics data (with your consent)
If you accept analytics cookies, Google Analytics 4 collects information about how you use this site. This includes: pages visited, time spent on each page, the device and browser you use, your approximate geographic location (country/city level — not precise), the website or search term that referred you here, and a randomly generated visitor ID. Your IP address is anonymised before being sent to Google. This data does not identify you personally.
Cookie preferences
If you interact with our cookie consent banner, your preference is saved in your browser's local storage (not as a cookie). See our Cookie Policy for full details.
How we use your information
We use the personal information we collect for the following purposes:
- —Contact form enquiries: To read your message and respond to it directly. We do not add you to any mailing list.
- —Analytics data: To understand which pages are most useful, how visitors find the site, and how it performs on different devices — so we can improve it. This processing only occurs with your consent.
- —Server logs: To monitor the security of this website, diagnose technical problems, and improve reliability.
- —Cookie preference: To remember that you have already made a cookie choice so we do not show the banner again.
We will never sell your personal information, use it for marketing without your explicit consent, or share it with third parties for their own commercial purposes.
Legal basis for processing (UK)
Under UK GDPR, we must identify a lawful basis for each type of processing we carry out.
- —Contact form enquiries: Legitimate interests (Article 6(1)(f)). We have a legitimate interest in reading and responding to business enquiries sent to us. Where an enquiry leads toward a contract, processing is also necessary for pre-contractual steps (Article 6(1)(b)).
- —Analytics data: Your consent (Article 6(1)(a)). Analytics cookies are only loaded after you click "Accept all" on the cookie consent banner. You can withdraw consent at any time via the Cookie Policy page.
- —Server logs: Legitimate interests (Article 6(1)(f)). We have a legitimate interest in maintaining the security and reliability of our website.
- —Cookie preferences: Your consent, as indicated by your choice in the cookie banner.
How long we keep your information
We keep contact form enquiries in our email inbox for as long as the correspondence is relevant to a potential or active business relationship — typically no longer than three years from last contact, unless a longer period is required by tax or contractual law.
Analytics data collected via Google Analytics is retained for 14 months (the minimum retention period available in GA4). After that, it is automatically deleted from Google's servers. You can view or delete your own GA data via Google's My Activity tool (myactivity.google.com).
Server logs are typically retained for up to 90 days and then deleted or anonymised.
Cookie preferences stored in your browser are controlled by you and persist until you clear your browser's local storage.
International transfers of personal data
Some of our service providers operate servers outside the United Kingdom and Australia — including in the United States (Google). Where personal data is transferred internationally, we take steps to ensure it is protected to the same standard as in the UK and Australia, including reliance on:
- —UK International Data Transfer Agreements (IDTAs) or UK adequacy decisions
- —Standard Contractual Clauses where applicable
- —The UK–US Data Bridge (where applicable)
Your rights under UK law
If you are in the United Kingdom, you have the following rights under UK GDPR and the Data Protection Act 2018. To exercise any of these rights, please email hello@cainan.studio. We will respond within one calendar month.
- —Right of access: You can ask us for a copy of the personal data we hold about you.
- —Right to rectification: You can ask us to correct inaccurate or incomplete personal data.
- —Right to erasure: You can ask us to delete your personal data. This right is not absolute; we may be required to keep certain data by law.
- —Right to restriction: You can ask us to restrict how we use your personal data while a dispute is resolved.
- —Right to portability: You can ask us to provide the data you gave us in a structured, machine-readable format.
- —Right to object: You can object to processing based on legitimate interests. We will stop unless we have compelling grounds.
- —Right to complain: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
Your rights under Australian law
If you are in Australia, the Privacy Act 1988 and the Australian Privacy Principles (APPs) apply to how we handle your personal information. To exercise any of the rights below, please email hello@cainan.studio.
- —Access (APP 12): You can request access to the personal information we hold about you. We will respond within 30 days. We may charge a reasonable fee for providing access in some circumstances.
- —Correction (APP 13): You can ask us to correct personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
- —Anonymity (APP 2): Where it is lawful and practicable, you can interact with us without identifying yourself. Note that submitting a contact form enquiry requires a name and email address by its nature.
- —Complaints: If you are not satisfied with our handling of a complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by calling 1300 363 992.
We are committed to complying with the APPs. This policy is open and publicly accessible in accordance with APP 1.
Contact us about this policy
If you have any questions about this Privacy Policy, how we handle your personal data, or wish to exercise any of your rights, please contact us:
- —Email: hello@cainan.studio
- —Response time: We aim to respond within 5 business days.
This policy may be updated from time to time. Material changes will be noted in the "Last updated" date at the top of this page.
This policy is provided for informational purposes. It does not constitute legal advice. If you have specific legal concerns, we recommend seeking independent legal counsel.