Privacy Policy

Last updated: 26 June 2025

JK Media Creative (“we”, “us”, “our”) is the data controller for personal data collected through this website and our services. We are committed to handling your data responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains what data we collect, why we collect it, how long we keep it, and your rights. If you have any questions, contact us using the contact form on this website.

What Data We Collect and Why

Account registration

When you create an account we collect your email address and a password (stored as a one-way hash — we never have access to your plain-text password). You may optionally set a display name. We also record the date your account was created and the date you last logged in.

Lawful basis: Contract — this data is necessary to provide you with an account and to secure it.

Purchases and orders

When you purchase a production pack or buyout plugin we record the items bought, the amount paid, the currency, the order status, and the Stripe session and payment intent identifiers that link the order to your Stripe transaction. For production pack purchases we also record the licensed station name you provide, as this forms part of the licence agreement.

Card and payment details are handled entirely by Stripe and never pass through or are stored on our servers.

Lawful basis: Contract (fulfilling your purchase) and Legal obligation (retaining financial records as required by HMRC).

Downloads

Each time a file is downloaded we log the item name, download type, a reference to your account (if logged in), your IP address, your browser user agent, and the timestamp. This log is used to enforce download limits, detect abuse, and to assist with support queries.

Lawful basis: Legitimate interests — enforcing licence terms and preventing unauthorised use of our content.

Website analytics

We operate two analytics systems:

  • First-party analytics — we record events (page views, downloads, tool usage) in our own database. Each event may include your IP address, browser user agent, page path, referrer, approximate country, device type, and an anonymised visitor hash. If you are logged in, events are associated with your account. This data helps us understand how the service is used and improve it.
  • Google Analytics 4 — we use Google’s GA4 service (tag G‑2JCSHDJVH6) which sets cookies and sends usage data to Google. Google may process this data on servers outside the UK. You can opt out using the Google Analytics opt-out browser add-on. Google’s privacy policy is available at policies.google.com/privacy.

Lawful basis: Legitimate interests — understanding how our website is used so we can improve it.

Contact form

When you submit the contact form we collect your name, email address, station name, and your message. This information is forwarded to us by email and is not stored in our database. We use it solely to respond to your enquiry. The contact form is protected by Cloudflare Turnstile (see Third Parties below).

Lawful basis: Legitimate interests — responding to business enquiries.

Cookies and Sessions

We use a strictly necessary session cookie to keep you logged in during your visit. It contains only an anonymous session identifier — no personal data is stored in the cookie itself — and is removed when you log out or close your browser.

Google Analytics sets additional cookies to distinguish users and sessions across visits. These persist for up to two years. See the Google Analytics section above for opt-out options.

Third-Party Services

We use the following third-party services, each of which may process your data according to their own privacy policies:

  • Stripe — payment processing. When you purchase a product you are directed to Stripe’s hosted checkout. Stripe collects and processes your payment card details and may retain transaction records independently. Stripe is certified to PCI DSS Level 1. Privacy policy: stripe.com/gb/privacy.
  • Brevo (formerly Sendinblue) — transactional email delivery. We use Brevo to send password reset emails, purchase confirmations, and download links. Your email address is passed to Brevo for the purpose of delivering these emails. Privacy policy: brevo.com/legal/privacypolicy.
  • Cloudflare Turnstile — spam and bot protection on the contact form. Turnstile may process your IP address and browser characteristics to verify you are human. Privacy policy: cloudflare.com/privacypolicy.
  • Google Analytics 4 — described under Website Analytics above.
  • Font and asset CDNs — the website loads the Inter typeface from rsms.me and icon and animation assets from cdnjs.cloudflare.com and unicons.iconscout.com. Your browser makes direct requests to these services when loading pages, which may expose your IP address to them.

How Long We Keep Your Data

  • Account data — retained for as long as your account is active. Accounts dormant for 36 months may be purged in line with our Terms and Conditions. You may request deletion at any time (see Your Rights below).
  • Order and financial records — retained for 7 years to comply with HMRC requirements.
  • Download logs and analytics events — retained for up to 12 months, after which records are deleted or anonymised.
  • Contact form messages — retained in our email inbox for as long as reasonably necessary to resolve your enquiry, then deleted.

Your Rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data, subject to any legal obligations we have to retain it (such as financial records).
  • Restriction — ask us to restrict how we use your data while a complaint or accuracy query is resolved.
  • Portability — receive your data in a structured, machine-readable format where processing is based on contract or consent.
  • Object — object to processing carried out on the basis of legitimate interests, including direct marketing.

To exercise any of these rights, contact us via the contact form on this website. We will respond within one calendar month.

Data Security

Passwords are stored using a strong one-way hashing algorithm and are never stored or transmitted in plain text. Sessions are protected against common attack vectors. Payment card data never passes through our servers. We take reasonable technical and organisational measures to protect your data, but no system can guarantee absolute security.

Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top of this page will reflect any changes. Continued use of our website and services after a change is published constitutes acceptance of the revised policy.