£190 setup + £59/mo · Own your site · Cancel anytime

Privacy policy

Last updated: April 2026

Who we are

Blosm is the trading name of Scott Sharples, a sole trader based in England and Wales. We build websites for tradespeople. This policy explains how we handle your personal data in plain English — no legal waffle. For UK GDPR purposes, Scott Sharples (trading as Blosm) is the data controller for the information covered here.

What data we collect

We collect information in three ways:

  • Directly from you — when you fill in a form on this site, request a website via a Facebook or Instagram ad (Meta Lead Ads), reply to one of our texts or emails, or speak to us on the phone. That usually includes your name, phone number, email, trade, postcode, and business name.
  • From directory profiles you've made public — TrustATrader, Checkatrade, Google Business Profile. We pull your business name, service areas, reviews, photos, and public contact details so we can pre-build a website for you.
  • From your interactions with us — call recordings (with a notice at the start), text and WhatsApp history, website pageviews, and link clicks, so we know what you're interested in.

How we use it

  • To build and show you a preview website using your business information
  • To contact you about that website (SMS, email, WhatsApp, phone)
  • To deliver the service you've bought — domain registration, hosting, customer support, review collection, Google Business Profile help
  • To send invoices and take payment
  • To improve how we work — analytics, call coaching, spotting what's useful and what isn't

We don't sell your data. We don't share it with marketing companies. We don't use it for anything other than running our service and making it better.

Our legal basis for processing

Under UK GDPR we need a lawful reason to use your data. Ours are:

  • Legitimate interests — to reach out to tradespeople publicly advertising on directories who could benefit from their own website. You can object to this at any time.
  • Consent — when you fill in a Meta Lead Ads form, a contact form on this site, or opt in to marketing, you're consenting to us getting in touch.
  • Contract — once you buy a website from us, we need your data to deliver it.
  • Legal obligation — we have to keep some records (invoices, tax) because HMRC says so.

Who we share your data with

We use a small set of trusted suppliers to run the service. They only see what they need to do their job:

  • Twilio — sends our SMS and handles our phone calls
  • Meta (Facebook, Instagram, WhatsApp) — if you came via a Facebook or Instagram ad, or we message you on WhatsApp
  • Resend — sends our emails
  • Stripe — takes your payment
  • Vercel — hosts this site and the ones we build for you
  • Convex — stores our database
  • Hostinger — registers your domain name on your behalf
  • Anthropic (Claude) — helps us draft call notes and clean up data

We only share outside this list if the law forces us to — court orders, fraud investigations, that sort of thing.

Where your data is stored

Most of our suppliers are based in the United States or the European Union. When your data leaves the UK, we rely on standard protections approved by the UK government — either the UK-US Data Bridge (for US suppliers signed up to it) or Standard Contractual Clauses. This gives your data the same protection as if it never left.

How long we keep your data

  • Prospect leads (you enquired but didn't buy) — 2 years, then deleted
  • Customer records — 7 years after your last order, because HMRC requires us to keep invoices that long
  • Call recordings and message history — 2 years
  • Website analytics — 26 months
  • Marketing consent — until you ask us to stop, then removed within 30 days

Your rights

Under UK GDPR you have the right to:

  • See a copy of the data we hold on you
  • Correct anything that's wrong
  • Ask us to delete it
  • Restrict how we use it
  • Take it somewhere else (data portability)
  • Object to us using it — especially for marketing
  • Withdraw your consent at any time
  • Not have decisions about you made purely by a machine

To use any of these, email scott@blosm.dev or reply STOP to any text we've sent you. We'll sort it within 30 days — usually much sooner.

If you think we've got it wrong, you can complain to the UK's Information Commissioner's Office at ico.org.uk or on 0303 123 1113. We'd rather you spoke to us first so we can put it right, but it's your call.

Cookies

This site uses minimal analytics cookies to understand how people use it. No advertising cookies. No tracking across other websites. The sites we build for you use the same approach.

Changes to this policy

If we change anything material — who we share data with, how long we keep it, what we use it for — we'll update the date at the top and, where it affects existing customers, we'll let you know by email or text.

Questions?

Email us at scott@blosm.dev and we'll get back to you. No automated replies, no ticket numbers — just a person who'll answer your question.