Privacy Policy

Last updated: 25 February 2026

Business Rescue ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal data when you use our website at businessrescue.biz (the "Site") and our services.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

1. Who We Are

Business Rescue is an operational turnaround service for UK businesses with 10-50 staff. For data protection purposes, we are the data controller.

Contact: hello@businessrescue.biz

2. What Data We Collect

2.1 Data You Give Us

When you fill in our contact form or Business Scorecard, we may collect:

• Your name
• Email address
• Phone number
• Business name
• Staff count range
• Information about your business challenges
• Your scorecard answers and results

2.2 Data We Collect Automatically

With your consent, when you browse our Site we may collect:

• Pages you visit and time spent on each page
• Device type (mobile, tablet, desktop)
• Referral source (how you found us)
• UTM campaign parameters (if you clicked a marketing link)
• Quiz progress and completion data
• A randomly generated session identifier (not linked to your identity)

We do not collect IP addresses, GPS location, browsing history outside our Site, or any data from other websites.

3. How We Use Your Data

We use your personal data for the following purposes:

• To respond to enquiries - when you submit a contact form or scorecard, we use your details to get in touch and discuss how we can help your business (legal basis: legitimate interest / contract performance)
• To send your scorecard report - if you provide your email during the quiz, we send you a copy of your results (legal basis: consent)
• To improve our Site - anonymous analytics help us understand which pages are useful and where visitors drop off (legal basis: consent via cookie banner)
• To notify our team - when a lead comes in, our team receives a notification so we can respond quickly (legal basis: legitimate interest)

We will never sell, rent or share your personal data with third-party marketers.

4. Cookies and Tracking

4.1 What We Use

Our Site uses the following storage mechanisms:

• Cookie consent preference - stored in your browser's localStorage to remember whether you accepted or declined analytics (essential, no consent needed)
• Session analytics data - stored in sessionStorage (cleared when you close your browser tab). This includes a random session ID and any UTM parameters. Only active if you consent to analytics.

We do not use third-party cookies, Google Analytics, Facebook Pixel, or any third-party tracking scripts.

4.2 Your Choices

When you first visit our Site, a cookie banner will ask for your consent to analytics tracking. You can:

• Accept - we collect anonymous page visit and quiz progress data
• Decline - no analytics data is collected. The Site works exactly the same.

You can change your preference at any time by clicking "Cookie Settings" in the footer of any page.

5. Where Your Data Is Stored

Your data is stored securely using Supabase, a hosted database platform. Data may be processed in the EU/EEA region. Supabase implements industry-standard security measures including encryption at rest and in transit.

Emails are sent via Resend, a transactional email service. Resend processes your email address solely for the purpose of delivering your scorecard report and is bound by their own privacy policy.

6. Data Retention

• Contact form submissions - retained for 24 months from submission, then deleted
• Scorecard submissions - retained for 24 months from submission, then deleted
• Analytics data - retained for 12 months, then automatically deleted
• Cookie consent preferences - stored in your browser until you clear your data

7. Your Rights

Under UK GDPR, you have the right to:

• Access - request a copy of the personal data we hold about you
• Rectification - ask us to correct inaccurate data
• Erasure - ask us to delete your data ("right to be forgotten")
• Restrict processing - ask us to limit how we use your data
• Object - object to processing based on legitimate interest
• Data portability - request your data in a machine-readable format
• Withdraw consent - withdraw any consent you have given at any time

To exercise any of these rights, email us at hello@businessrescue.biz. We will respond within 30 days.

8. Third-Party Services

We use the following third-party services to operate our Site:

• Supabase - database hosting and serverless functions (privacy policy)
• Resend - transactional email delivery (privacy policy)
• Vercel - website hosting (privacy policy)
• Google Fonts - web fonts loaded from Google's CDN (privacy policy)

None of these services receive your personal data for their own marketing purposes.

9. Children's Privacy

Our Site and services are designed for business owners and directors. We do not knowingly collect data from anyone under 18. If you believe we have collected data from a minor, please contact us immediately.

10. Security

We take reasonable measures to protect your personal data, including:

• Encrypted connections (HTTPS/TLS) across the entire Site
• Database-level row security policies
• API keys stored server-side in edge functions, never exposed to browsers
• No storage of passwords or financial information

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

12. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

13. Contact Us

For any questions about this Privacy Policy or your data, contact us at:

Email: hello@businessrescue.biz