Privacy policy

This is the privacy policy for Pandemonium Software Ltd — the company I run. It explains what personal information I collect from visitors to this website, why I collect it, and what your rights are.

(The site currently runs on a Cloudflare Worker subdomain while a permanent custom domain is being registered. The URL shown in your address bar may differ from the brand name on this page during that transition.)

I've written this in plain English on purpose. If anything isn't clear, email me at pandamoniumsoftwareltd@gmail.com and I'll explain.

1. Who I am

I'm Ben Pandher. I run Pandemonium Software Ltd, a small one-person software business based in Oxfordshire, United Kingdom, building websites for UK trades and small businesses. For the purposes of UK GDPR and the Data Protection Act 2018, Pandemonium Software Ltd is the data controller for any personal information you give me through this website.

You can reach me at pandamoniumsoftwareltd@gmail.com.

2. What I collect, and why

I keep this short on purpose. I only collect what I need.

Things you send me directly

• Enquiry details: if you email me directly or use the enquiry form, I'll see your name, email address, phone, business details, UK location and current website situation. When you submit the enquiry form, these details are saved to my private Notion workspace (a project-management tool) and I get a notification email so I can reply. I don't share these details with anyone else, and I delete them after 24 months if you don't become a client (see Section 6).
• Qualification and intake form data (for accepted clients): once you decide to work with me, I'll collect more detailed information through follow-up forms — business legal details, services, brand colours, logo, photos, module selections. This is held in the same private Notion workspace only for as long as I'm building your site, and is transferred to your own accounts at handover.
• Payment details: if you become a paying client, Stripe handles your card details directly — I never see or store them. I do see your business name, invoice amounts, and payment status.

Things your browser tells me

• Basic hosting logs: my host (Cloudflare) records things like IP address, browser type and the page you visited. This is standard for any website and is used for security and keeping the site running.
• Cookies: this site uses only strictly necessary cookies. I don't use tracking or advertising cookies. If I ever add analytics, I'll use a privacy-friendly tool and update this policy first.

3. Why I collect it (legal basis)

Under UK GDPR, I have to tell you my legal reason for holding your data:

• Legitimate interest: responding to enquiries and answering questions you send me. You'd expect me to reply, so it's a reasonable interest.
• Contract: if you become a paying client, I process your data to deliver the service you've paid for.
• Legal obligation: I'm required to keep some business and tax records under UK law.

4. Who I share it with (sub-processors)

I use a small number of trusted third parties to run the business. I only share what they need to do their job:

• Cloudflare, Inc. — hosts this website as a Cloudflare Worker serving static assets, and keeps basic edge logs for security and anti-abuse purposes.
• Resend — sends transactional emails (for example, a reply confirmation). Only used if you become a client.
• Stripe — handles card payments for paid services. Stripe is PCI-DSS certified and I never see your card details.
• Notion — where I keep records of every enquiry, qualification answer, intake form, and client project. This is the primary store for the data you give me.
• Anthropic — provides the AI model (Claude) I use as my operations assistant. See Section 5 below for what that AI does and doesn't do with your data.

I don't sell your data. I don't rent it. I don't swap it with anyone for marketing. Ever.

5. How I use AI in my operations

I run my operations with an AI assistant (Anthropic's Claude). It helps me handle the routine work: reading incoming enquiries, drafting replies against my playbook, running compatibility checks, and tracking client progress.

What this means for your data:

• The AI processes the information you give me through the enquiry, qualification and intake forms in order to draft my reply or update my Notion records.
• Every client-facing email the AI drafts is reviewed by me before it sends. No automated emails go out without my human approval during your initial enquiry, qualification and acceptance stages.
• No automated decision-making with legal or significant effects on you (for example, no automated credit decisions or legally binding contracts) takes place. I personally review every accept / reject decision.
• Anthropic's commercial API does not use your data to train its models, per their commercial terms.
• If you'd prefer no AI processing of your enquiry, email me directly at pandamoniumsoftwareltd@gmail.com with the subject line "no AI" and I'll handle your enquiry by hand.

6. How long I keep it

• Enquiries that don't become projects: I delete them 24 months after my last contact with you.
• Client records: I keep them for as long as you're a client, plus six years after the relationship ends (to meet UK tax and accounting rules).
• Hosting logs: typically kept for up to 30 days by Cloudflare.

7. Your rights under UK GDPR

You have the right to:

• Ask me what personal data I hold about you.
• Ask me to correct something that's wrong.
• Ask me to delete your data (where I'm not legally required to keep it).
• Ask me to stop using it for a particular purpose.
• Withdraw consent at any time, if consent is the basis.
• Receive your data in a portable format.

To exercise any of these rights, email pandamoniumsoftwareltd@gmail.com and tell me which one. I'll reply within 30 days.

8. Complaints

If you think I've mishandled your data, I'd like to hear about it first so I can put it right. But you also have the right to complain to the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113

9. Changes to this policy

I may update this policy from time to time — for example, if I change sub-processors or add a new service. If the change is significant, I'll put a notice on the website. The "Last updated" date at the top will always tell you when the policy last changed.

10. Contact

For any privacy-related question, email pandamoniumsoftwareltd@gmail.com. A proper business email address is on the way.