Privacy Policy

Last updated: 20 January 2026

JourneySight (“JourneySight”, “we”, “us”, “our”) is committed to protecting personal data and respecting privacy. This Privacy Policy explains how we collect and use personal data when you visit our website, contact us, or use our services. The UK GDPR requires that this information is provided clearly and at the time personal data is collected. (ICO)

1) Who is responsible for your personal data

Data Controller: JourneySight trading name for Aurine Lopez
Email: hello@journeysight.co.uk
Location: England, United Kingdom

For any privacy questions or requests, contact: hello@journeysight.co.uk

2) Personal data we collect

We may collect:

A) Enquiries and communications

Name, job title, business name

Email address and phone number

The content of messages you send to us (website form or email)

B) Service delivery information (business clients)

Information about your hotel/business operations you choose to share (for example communication channels, templates, workflow notes)

Project notes and deliverables created for you

C) Client-supplied guest communication samples

If a hotel shares guest message samples for audit purposes, these may include personal data (for example guest names, email addresses, booking references, message content). We ask clients to remove guest names and identifying details where possible.

D) Website usage data (IONOS SiteAnalytics)

Our website uses IONOS SiteAnalytics for statistical evaluation and technical optimisation. SiteAnalytics uses either a pixel or log file and does not use cookies; IP addresses are transmitted when a page is requested and are anonymised immediately after transmission, then processed without direct personal reference. (ionos.com)

3) How we use personal data and our lawful bases

We only use personal data where UK GDPR permits. (ICO)

A) To respond to enquiries and communicate with you

Lawful basis: Legitimate interests (operating our business and responding to enquiries) and/or taking steps at your request prior to providing a service.

B) To deliver our services (including QuickScan and related deliverables)

Lawful basis: Performance of a contract (to deliver the service you request).

C) Payments and invoicing (Stripe)

We use Stripe to process payments. When you pay, Stripe processes your payment details. JourneySight does not store your full card details. Stripe may act as a controller and/or processor depending on the activity; Stripe provides further information in its Privacy Policy and Privacy Centre. (Stripe)
Lawful basis: Performance of a contract and legitimate interests (administering payments), plus legal obligation for accounting records.

D) To keep business records and comply with legal obligations

Lawful basis: Legal obligation (for example tax and accounting record-keeping).

E) To improve our website and services

Lawful basis: Legitimate interests (improving performance, quality, and user experience). IONOS SiteAnalytics is used for statistical evaluation and technical optimisation. (IONOS)

F) Business-to-business (B2B) marketing

Where permitted, we may send relevant updates to business contacts. We provide an opt-out in every message and we respect objections. The ICO explains that legitimate interests and consent are the most relevant lawful bases in B2B marketing and that PECR may apply depending on circumstances. (ICO)

4) Client-supplied guest messages (controller/processor)

Where a hotel provides guest communication samples, the hotel is typically the Data Controller and JourneySight acts as a Data Processor, processing the content only to deliver the service and following the client’s instructions. We ask clients to anonymise where possible and we do not use guest message samples for marketing.

5) Who we share personal data with

We share personal data only where necessary to run the website and deliver services, for example:

Website hosting and site services (IONOS MyWebsite / SiteAnalytics) (IONOS)

Payment processing (Stripe) (Stripe)

Email and document tools used to communicate and deliver work

We do not sell personal data.

6) International transfers

Some service providers (for example Stripe) may process data outside the UK. Where personal data is transferred internationally, we rely on appropriate safeguards (such as contractual protections). Stripe provides a Data Processing Agreement and related information. (Stripe)

7) How long we keep personal data (retention)

We keep personal data only as long as needed for the purposes above, and as required by law. The ICO expects organisations to tell people retention periods or the criteria used. (ICO)

Typical retention periods:

Enquiry messages: up to 12 months from last contact

Client service records and deliverables: up to 24 months after completion (to support follow-ups and continuity)

Guest message samples: deleted or anonymised within 90 days after delivery, unless ongoing work requires a longer period agreed in writing

Invoices/accounting records: up to 6 years (legal/tax requirements)

8) Your rights

You have rights under UK GDPR, including the right to:

access your personal data

correct inaccurate personal data

request deletion (in some circumstances)

restrict processing (in some circumstances)

object to processing (including marketing)

data portability (in some circumstances) (ICO)

To exercise your rights, email: hello@journeysight.co.uk

9) Complaints

If you have concerns, please contact JourneySight first so we can try to resolve them. You also have the right to complain to the UK Information Commissioner’s Office (ICO). (ICO)

10) Cookies

IONOS SiteAnalytics does not use cookies and uses a pixel or log file for statistical evaluation and optimisation. (ionos.com)
If any other cookies or similar technologies are added in future (for example via embedded tools), this policy will be updated and, where required, you will be offered choices via a cookie/consent banner.

11) Security

We use appropriate technical and organisational measures to protect personal data. No method of transmission or storage is completely secure, but we take reasonable steps to protect data from unauthorised access, loss, or misuse.

12) Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date shows when changes were made.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.