Skip to content
Codebreak
  • Done-For-You Marketing
    • SEO · AEO · GEO Get found in Google and AI search →
    • Websites Commercial sites built to convert →
  • About
  • Insights
Book your call →

Legal

Privacy Policy

Last updated
30 June 2026
Effective
30 June 2026

1. Who we are

This Privacy Policy explains how Codebreak Group Limited (“Codebreak”, “we”, “us” or “our”) collects, uses, shares and protects your personal information, and the rights you have over it.

We are the data controller responsible for your personal information.

  • Company: Codebreak Group Limited, trading as Codebreak. Registered in England & Wales, company number 09836360.
  • Registered address: 4 The Creative Quarter, Shrewsbury Business Park, Shrewsbury, Shropshire, SY2 6LG, United Kingdom.
  • Contact email: admin@codebreak.co.uk
  • Telephone: 01743 491356
  • ICO registration: We are registered with the UK Information Commissioner’s Office (ICO) under reference ZA860940.

We process personal information in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR), as amended by the Data (Use and Access) Act 2025.

We have not appointed a statutory Data Protection Officer, as we are not required to. For any data protection question, please contact us using the details above.


2. Who this policy applies to

This policy covers everyone whose personal information we handle, including:

  • Website visitors — people who browse www.codebreak.co.uk and our related apps and tools.
  • Enquiries and leads — people who contact us, request information, or submit a form.
  • Clients and their contacts — the businesses we work with and the individuals we deal with there.
  • Prospects — businesses and individuals we contact through outbound marketing.
  • Podcast guests — people who appear on the Stay Hungry podcast.
  • Workshop and event attendees — people who book onto or attend our workshops and events.

3. The information we collect

The information we collect depends on how you interact with us.

Information you give us directly (via forms, email, phone, bookings, or in the course of providing services):

  • Identity and contact details — name, business name, job title, email address, phone number, postal address.
  • Enquiry and project details — the content of your messages, your goals, and information relevant to the services you ask us about or buy.
  • Booking and event details — workshop registrations and attendance.
  • Podcast participation details — anything you provide as a guest.
  • Marketing preferences — your consents and opt-outs.

Information we collect automatically when you use our website:

  • Technical and usage data — IP address and approximate location, device and browser type, operating system, the pages you view, and how you arrived at and move through our site.
  • Cookies and similar technologies — including analytics, advertising and click-fraud-protection tools (see section 6).

Information we obtain from other sources:

  • For outbound (cold) business-to-business marketing, we obtain business contact details (such as a name, business email and company) from publicly available and reputable third-party sources. We do not purchase marketing lists from data brokers. Where we have obtained your details this way, see section 5 for how we handle it.

Payment information:

  • We take payment through Stripe, PayPal, GoCardless and manual bank transfer. Card and bank payments are handled directly by these providers through their own secure systems. We do not store your full card details on our own systems.

We do not seek to collect special category data (such as health, racial or ethnic origin, or religious beliefs) and ask that you do not send it to us unsolicited.


4. How and why we use your information (our lawful bases)

Under the UK GDPR we must have a lawful basis for using your personal information. We rely on the bases set out below.

What we doWhyLawful basis
Respond to enquiries and provide quotesTo answer you and explore working togetherLegitimate interests / steps prior to entering a contract
Provide our services and manage client accountsTo deliver the work you've engaged us forPerformance of a contract
Process payments and keep accounting recordsTo get paid and meet our legal obligationsContract / legal obligation
Send marketing to existing clients and contactsTo promote relevant servicesLegitimate interests (with an opt-out)
Send outbound B2B marketing to prospectsTo grow our businessLegitimate interests (with an opt-out, per PECR)
Collect testimonials and feedbackTo improve and promote our servicesLegitimate interests / consent
Run analytics and advertisingTo understand and improve our marketing and websiteConsent (for non-essential cookies)
Protect our website and prevent ad fraudTo keep our site and ad spend secureLegitimate interests
Enforce our terms and handle disputesTo protect our legal rightsLegitimate interests / legal claims

Where we rely on legitimate interests, we have weighed our interests against your rights and concluded our use is reasonable and not unduly intrusive. You can ask us about this assessment at any time, and you have the right to object (see section 11).

Where we rely on consent (for example, non-essential cookies), you can withdraw it at any time without affecting processing already carried out.


5. Outbound (cold) marketing and information not collected from you

Where we contact a business prospect using details obtained from public or third-party sources rather than from you directly, the UK GDPR requires us to tell you. We:

  • only target business contacts in a professional capacity;
  • rely on legitimate interests as our lawful basis and, for electronic marketing, on the business-to-business rules under PECR;
  • always include a clear and easy way to opt out of further contact; and
  • will, on request, tell you the source of your details.

If you no longer wish to hear from us, email admin@codebreak.co.uk and we will stop and add you to our suppression list.


6. Cookies and similar technologies

Our website uses cookies and similar technologies, including for analytics, advertising and click-fraud protection. Non-essential cookies are only set after you give consent through our cookie banner, and you can change or withdraw your choices at any time. Strictly necessary cookies do not require consent.

For full details of the cookies we use and how to manage them, please see our Cookie Policy.


7. Who we share your information with

We do not sell your personal information. We share it only where necessary, with:

  • Service providers (processors) who help us run our business, under contracts that require them to protect your information and use it only on our instructions. These include providers of:
    • CRM, automation and project management (e.g. GoHighLevel, ClickUp, Make);
    • file storage and accounting (e.g. Dropbox, Xero);
    • website hosting and our web applications;
    • analytics and advertising (e.g. Google, Meta);
    • marketing measurement, lead-scoring and form tools (e.g. Codebreak AI, ScoreApp, Outgrow);
    • AI tools used to support our work (e.g. Anthropic); and
    • payment processing (Stripe, PayPal, GoCardless).
  • Professional advisers such as our accountants and lawyers, where needed.
  • Authorities or other parties where we must do so to comply with the law, a court order or other legal process, or to establish, exercise or defend legal claims.
  • A buyer or successor if our business is sold, merged or reorganised — in which case your information may transfer as part of that transaction, subject to this policy.

8. Transferring information outside the UK

Some of our service providers are based outside the UK, including in the United States, and we also work with a co-director and contractors located in the USA. Where your information is transferred outside the UK, we make sure it is protected by an appropriate safeguard, such as:

  • transfers to a country covered by UK “adequacy” regulations;
  • the UK–US Data Bridge, where the provider is certified under it; or
  • the ICO’s International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.

You can ask us for more information about the safeguards in place for a specific transfer.


9. How long we keep your information

We keep your information only for as long as we need it. Our standard retention periods are:

  • Accounting and invoicing records: 6 years plus the current financial year (to meet legal and tax requirements).
  • Active client records: for the duration of our contract, plus 6 years afterwards.
  • Marketing contacts and newsletter subscribers: until you opt out, after which we keep minimal details on a suppression list so we don’t contact you again.
  • Unconverted website enquiries: 24 months, then deleted.
  • Cold-outreach prospect data: 6 months from last engagement, then deleted.

We may keep information for longer where the law requires it, or where it is needed to establish, exercise or defend legal claims, or to prevent fraud. Anonymous and aggregated information that does not identify you may be kept indefinitely.


10. How we keep your information secure

We use appropriate technical and organisational measures to protect your information against loss, misuse and unauthorised access, alteration or disclosure, and we require our service providers to do the same. No method of transmission over the internet is completely secure, so while we work hard to protect your information, we cannot guarantee absolute security.


11. Your rights

Under UK data protection law you have the right to:

  • Access a copy of the personal information we hold about you.
  • Rectify information that is inaccurate or incomplete.
  • Erase your information in certain circumstances.
  • Restrict our processing of your information in certain circumstances.
  • Object to processing based on legitimate interests, and to direct marketing at any time.
  • Data portability — receive certain information in a portable format, or have it sent to another provider.
  • Withdraw consent at any time where we rely on it.
  • Not be subject to solely automated decisions that produce legal or similarly significant effects. We do not make such decisions about individuals.

To exercise any of these rights, email admin@codebreak.co.uk. We will respond within one month, though we may extend this by up to two further months for complex requests, in which case we will let you know. There is normally no charge.

You can opt out of marketing at any time using the unsubscribe link in our emails or by emailing us.


12. How to complain

If you are unhappy with how we have handled your personal information, please contact us first at admin@codebreak.co.uk so we can try to put things right. You have the right to make a complaint directly to us, and we will acknowledge it, investigate it, and tell you the outcome without undue delay.

You also have the right to complain to the Information Commissioner’s Office (ICO) at any time:

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the chance to address your concerns before you approach the ICO.


13. Children

Our website and services are intended for businesses and are not directed at children under 18. We do not knowingly collect personal information from children.


14. Other websites

Our website may contain links to other websites we do not operate. We are not responsible for their privacy practices, and we encourage you to read the privacy policy of any site you visit.


15. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and change the “Last updated” date above. Where changes are significant, we will take reasonable steps to bring them to your attention. Please check this page periodically.


This policy was last reviewed on 30 June 2026.

Codebreak

Stay
hungry.

Performance marketing for service businesses that report on revenue, not clicks.

Services

  • Done-For-You Marketing
  • SEO, AEO & GEO
  • Websites

Company

  • About
  • Insights
  • Contact

Contact

  • +44 1743 491 356
  • hello@codebreak.co.uk
Shrewsbury, UK 4 The Creative Quarter, Shrewsbury Business Park
SY2 6LG
Orlando, FL, USA

© 2026 Codebreak Group Limited trading as Codebreak. Registered in England & Wales. Company no. 09836360.

  • LinkedIn
  • Instagram
  • Facebook
  • Privacy
  • Terms
  • Cookies

Cookies

We use essential cookies to make this site work. With your consent we’d also like to use analytics and advertising cookies to measure and improve our marketing. See our Cookie Policy.

Cookie preferences

Choose which cookies you’re happy for us to use. You can change this at any time. See our Cookie Policy for details.

  • Strictly necessaryAlways on

    Needed for the site to work — security, load balancing and remembering your cookie choices. Always on.

  • Analytics

    Help us understand how visitors use the site so we can improve it.

  • Advertising

    Used to measure our marketing and show you relevant ads.

Step 1 of 6

What do you need help with?

Takes about 60 seconds. No obligation.

Who are we talking to?

A bit about the project

Who makes the decision on this?

How soon do you want this sorted?

The numbers

Rough is fine. It just helps us prepare for the call.

What is a new customer worth to you over ~12 months?

Extra revenue you want in the next 12 months?

What's your #1 marketing challenge right now?

Last step: pick a time

Choose a slot that suits you. We’ll see you there.

✓

You’re booked in.

Check your email for the calendar invite and confirmation. We’ll see you on the call.