Let's Get Started

Privacy Policy

Your info, handled with care.

Here’s what we collect, why we collect it, and what we do (and don’t do) with it. No surprises.

Last Updated: 5.29.26

This is the privacy policy for nekwebdesign.com (the “Site”) and the apps NEK runs at onboarding.nekwebdesign.com and customer-support.nekwebdesign.com. We try to keep this in plain English. If anything’s unclear, email us at and we’ll explain.

The Site and these apps are operated by NEK Web Design Services, LLC, a Vermont limited liability company based in Greensboro, Vermont (“NEK,” “we,” “us,” or “our”).

1. What We Collect

From you, directly

Contact and inquiry forms. When you fill out a form on nekwebdesign.com, we collect what you submit. The basic contact form asks for name, email, an optional phone number, and a message. The longer pricing inquiry form collects more details about your business and project (about 24 fields total).

The onboarding wizard. If you become a client, our intake wizard at onboarding.nekwebdesign.com collects what we need to design and build your site, including:

  • Your name and email
  • Business name, industry, location, contact info, and website
  • Services you offer
  • Information about your ideal customer
  • Brand inputs (colors, fonts, tone, sites you like and don’t)
  • Logos and photos you upload
  • Social media handles, plus your permission (or not) to use images and copy from those accounts
  • SEO keywords and competitors
  • Domain status
  • The features and add-ons you’ve chosen
  • Whether you consent to AI-generated copy
  • Your IP address (logged briefly for rate limiting)

 

Customer support. If you use customer-support.nekwebdesign.com, we collect your name, email, and the contents of your ticket. Admin users have hashed credentials and session tokens stored.

Payments and invoices. When you pay an invoice or quarterly hosting bill, our payment processor collects the payment details. We don’t store full card numbers on our servers. We do retain billing records (invoice number, amount, last four digits, date) for accounting and tax purposes.

Emails and calls. If you email us or get on a discovery call, we keep notes for the project record.

Automatically, when you visit

  • Browser type, device type, operating system, referring URL, pages viewed, and timestamps
  • IP address (used briefly for rate limiting and security)
  • A small set of cookies needed for site functionality and bot protection

We use Plausible for analytics on nekwebdesign.com. Plausible is cookieless and does not track individual visitors across sites.

2. How We Use It

We use what we collect to:

  • Reply to your inquiry and follow up with a quote
  • Run your project (design, build, revisions, launch)
  • Invoice you and process payments
  • Send project-related and account-related messages
  • Operate the Site, the onboarding wizard, and the support app
  • Block spam and abuse on our forms
  • Comply with our legal and tax obligations

We do not sell your information.

3. Service Providers We Use (Sub-Processors)

NEK relies on a small set of third-party services to run the business. Anything you submit through our forms or apps may pass through one or more of these. Each provider has its own privacy policy.

Infrastructure and hosting

  • Hetzner Cloud — server hosting. Servers are located in Hillsboro, Oregon, USA.
  • Coolify — self-hosted platform we run on Hetzner.
  • Backblaze B2 — encrypted off-site backups. Region: us-east-005 (USA).

Email and forms

  • Resend — sends transactional email (form notifications, magic-link logins, system messages).
  • Cloudflare Turnstile — bot protection on every form.

Analytics and uptime

  • Plausible — privacy-friendly analytics. Cookieless, does not identify individual users.
  • UptimeRobot — monitors whether sites are up.

Other

  • IONOS — domain registrar for nekwebdesign.com.
  • Bunny CDN — image delivery for sites we host.
  • Google Fonts — web fonts.
  • GitHub — private source code repositories.
  • Behold — Instagram feed widget on client sites with the Instagram gallery feature.
  • Payload CMS — editable dashboard software for Plus tier clients (self-hosted, lives on our server).

Internal tools that may process project information

  • Anthropic Claude — used for design and code generation in our build workflow.
  • Google AI Studio (Nano Banana Pro) — used for AI image generation when you consent.
  • Google Drive — file storage for project assets.

4. Sharing

We share information only:

  • With the service providers listed above, so they can do what we hired them to do;
  • When required by law, subpoena, or other legal process;
  • To protect our rights, property, or safety, or that of others;
  • In connection with a sale or transfer of our business;
  • With your permission.

5. Cookies and Tracking

We use a small number of cookies and similar technologies for:

  • Functionality (keeping you logged into the onboarding wizard or support app)
  • Bot protection (Cloudflare Turnstile)
  • Site analytics (Plausible — cookieless, so no tracking cookies from Plausible itself)

You can disable cookies in your browser. Some features may not work if you do.

We do not respond to “Do Not Track” signals.

6. How Long We Keep It

  • Contact form submissions and inquiries: Kept for our records, typically 2 years from last contact.
  • Onboarding submissions and project files: Kept for the duration of the engagement plus 7 years for tax and accounting purposes.
  • Billing and invoice records: 7 years.
  • Customer support tickets: Kept for the duration of the support relationship plus 2 years.
  • Backups: Per-site backups follow the schedule in the Hosting & Maintenance Agreement (7 daily / 4 weekly / 3 monthly). After cancellation, backups are retained for an additional 30 days, then deleted.

7. Security

We take security seriously and use reasonable safeguards, including:

  • HTTPS everywhere 
  • SSH access on a non-standard port, key-only, no passwords
  • fail2ban and a firewall on every server
  • Encrypted backups stored off-site
  • Honeypot fields and Cloudflare Turnstile on every form
  • Rate limiting on the onboarding wizard (5 submissions per IP per hour)
  • File upload validation (file type checked, filenames sanitized, code execution blocked in upload directories)
  • Daily server snapshots

No system is perfectly secure. If there’s ever a breach affecting your information, we’ll let you know.

8. Your Rights

You can ask us to:

  • Tell you what personal information we have about you
  • Correct anything that’s wrong
  • Delete your information (subject to tax, accounting, and contractual retention requirements; for example, completed project records and invoices stay for 7 years)
  • Stop sending marketing emails (use the unsubscribe link; service messages will continue)

Email to make a request.

State privacy rights

Depending on where you live (California, Colorado, Virginia, Connecticut, Utah, and other states with privacy laws), you may have additional rights, including the right to know what we collect, the right to opt out of certain sharing, and the right not to be discriminated against for exercising your rights. We don’t sell personal information and we don’t use it for targeted advertising. To exercise any state-specific rights, email us at the address above.

9. Children

The Site and our apps are not for children under 13. We don’t knowingly collect their information. If you believe a child has submitted information to us, email us and we’ll delete it.

10. International Visitors

We operate from the United States, and our servers are in the United States. If you visit the Site from outside the US, your information will be transferred to the US, where privacy laws may differ from those where you live.

11. AI Disclosure

If you become a client and consent during onboarding to AI-generated copy or AI-generated images, we use AI tools (currently Anthropic Claude and Google Nano Banana Pro) to produce that content. We disclose this here so it’s clear. If you don’t consent, we use only the content you provide.

12. Client Sites We Host

If you visit a website that NEK hosts on behalf of a client, your information is governed by that client’s privacy policy, not this one. NEK acts as a service provider to the client. Contact the client directly for questions about their site’s data practices.

13. Changes

We may update this policy. The “Last Updated” date at the top shows the most recent change. If it’s a material change, we’ll note it on the Site. Continued use after the change means you’ve accepted it.

14. Contact

Questions or requests:

NEK Web Design Services, LLC
Greensboro, Vermont

Thank you for submitting our Project Inquiry Form.

We’ll review your info and follow up within 2–3 business days. In the meantime, you’ve got two options:

Fill out the onboarding questionnaire now.

It takes about 15-30 minutes and covers your goals, content, style preferences, and timeline. The more we know upfront, the faster we can put together a proposal that actually fits.

Onboarding Questionnaire
Wait for our discovery call.

Prefer to talk through it first? We'll reach out to schedule a short call — usually 20–30 minutes — where we can ask questions, answer yours, and make sure we're a good fit before anything moves forward.