Privacy Policy

Last updated: 4 April 2026

This Privacy Policy explains how AnnotationBase, a product operated by Outcraft Studio (“we”, “us”, “our”), collects, uses, and protects information about you when you use our website and services at annotationbase.com.

Outcraft Studio is a design and development agency based in Bristol, United Kingdom. We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

We take your privacy seriously. We do not sell your data, share it with third parties for marketing purposes, or use it for anything beyond what is described in this policy.

1. Who we are

AnnotationBase is a visual website feedback tool built and operated by Outcraft Studio.

Outcraft Studio
Bristol, United Kingdom
Website: outcraftstudio.com
Email: hello@outcraftstudio.com

2. What information we collect

We collect the following types of information when you use AnnotationBase:

Account information

  • Your name and email address when you register for an account
  • Your password (stored in encrypted form — we never see your plain-text password)

Usage data

  • The websites and projects you add to AnnotationBase
  • Comments and feedback text you enter within the tool
  • Information about how you use the service, such as pages visited and features used

Payment information

  • When you subscribe to a paid plan, payment is processed by Stripe
  • We do not store your full card details — Stripe handles all payment data securely
  • We retain a record of your subscription plan and billing history for account management purposes

Technical data

  • Your IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on pages, collected via analytics tools

Guest commenters

  • If you comment on a project via a shared review link without an account, we collect the comment text and your IP address
  • We do not require a name or email address from guest commenters unless you choose to provide one

3. How we use your information

We use the information we collect to:

  • Create and manage your account
  • Provide and improve the AnnotationBase service
  • Process payments and manage your subscription via Stripe
  • Send transactional emails, such as account confirmations, password resets, and billing notifications
  • Analyse how the service is used in order to improve it — using aggregated and anonymised analytics data where possible
  • Respond to support requests and enquiries
  • Comply with our legal obligations

We do not send marketing emails. You will only receive emails directly related to your account or the service.

4. Legal basis for processing (UK & EU GDPR)

We process your personal data on the following legal grounds:

  • Contract: processing your account information and payment data is necessary to provide the service you have signed up for
  • Legitimate interests: using analytics data to understand how the product is used and improve it, where this does not override your rights
  • Legal obligation: retaining billing records as required by UK tax and financial regulations
  • Consent: where we ask for your consent before any optional data collection, you may withdraw it at any time

5. Cookies and analytics

AnnotationBase uses cookies and analytics tools to understand how visitors use the site. This includes Google Analytics, which collects anonymised data about page views, session duration, and user behaviour.

Cookies we use include:

  • Essential cookies: required for the service to function, such as keeping you logged in
  • Analytics cookies: used to understand usage patterns and improve the product

You can control cookie preferences through your browser settings. Disabling analytics cookies will not affect your ability to use AnnotationBase.

6. Third-party services

We use a small number of trusted third-party services to operate AnnotationBase. These are:

  • Stripe — payment processing. Stripe processes payment data on our behalf and is PCI DSS compliant. View Stripe’s privacy policy at stripe.com/gb/privacy
  • Google Analytics — website analytics. Data is anonymised and aggregated. View Google’s privacy policy at policies.google.com/privacy
  • Hosting provider — our servers are hosted with a reputable provider within the UK or EU

We do not share your personal data with any other third parties. We do not sell your data.

7. Data retention

We retain your personal data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it by law (for example, billing records which we are required to keep for up to 6 years under UK tax law).

Comment data and project data are deleted when you delete a project or close your account.

8. Your rights

Under the UK GDPR and EU GDPR, you have the following rights:

  • Right of access — you can request a copy of the personal data we hold about you
  • Right to rectification — you can ask us to correct inaccurate or incomplete data
  • Right to erasure — you can ask us to delete your personal data
  • Right to restriction — you can ask us to limit how we process your data
  • Right to data portability — you can request your data in a machine-readable format
  • Right to object — you can object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at hello@outcraftstudio.com. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK at ico.org.uk, or with the relevant supervisory authority in your EU member state.

9. International data transfers

AnnotationBase is operated from the United Kingdom. If you are accessing the service from the EU, your data may be transferred to and processed in the UK. The UK has been granted adequacy status by the European Commission, meaning your data receives equivalent protection to that provided under EU GDPR.

Where we use third-party services that process data outside the UK or EU, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

10. Children’s privacy

AnnotationBase is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and, where the changes are significant, notify you by email.

We encourage you to review this policy periodically.

12. Contact us

If you have any questions about this Privacy Policy or how we handle your data, please get in touch:

AnnotationBase
Bristol, United Kingdom
Website: annotationbase.com
Email: hello@annotationbase.com

We aim to respond to all privacy-related enquiries within 5 business days.