Turret

Privacy

Privacy policy

Last updated: June 2026

Who we are

Turret is a web development studio based in Greenock, Scotland. Our website is turret.dev. You can reach us at raymond@turret.dev.

What data we collect

We collect only what is needed to provide our services:

  • Site visitor data. When you visit turret.dev, our hosting provider (AWS) records standard server logs: IP address, requested URL, browser type, and timestamp. We use these logs only to keep the site running and to detect abuse. We do not run analytics, advertising trackers, or third-party tracking scripts.
  • Contact form submissions. If you use our contact form, we collect your name, email address, and whatever you tell us about your project (project type, budget range, timeline, features, brief, organisation name, and how you found us). We use this to respond to your enquiry and nothing else.
  • Morwen (site assistant) conversations. Messages you send to Morwen are processed by our AI provider (Anthropic) to generate a response. We store recent conversation turns in your browser session only; they are not persisted server-side beyond the immediate request. We do not train AI models on your messages.

Cookies

turret.dev does not set any cookies of its own. Our contact form uses Cloudflare Turnstile to verify that submissions come from a real person. Turnstile sets an essential security cookie that is required for this check and cannot be opted out of. No advertising, analytics, or tracking cookies are used on this site.

How we use your data

  • Contact form data is used solely to respond to your enquiry. We will not send you marketing emails or share your details with third parties for marketing purposes.
  • Server logs are used to maintain site security and performance, and are not retained beyond 30 days.
  • Morwen conversation data is processed in real time to produce a response. It is not stored, sold, or used for model training.

Third-party services

  • AWS (Amazon Web Services). Hosts our site and delivers form submissions via SES. AWS processes data under their own privacy policy (aws.amazon.com/privacy).
  • Anthropic.Powers Morwen, our site assistant. Message content is sent to Anthropic’s API and is not used for training. See anthropic.com/privacy.
  • Cloudflare Turnstile. Verifies contact form submissions are from a human. See cloudflare.com/privacypolicy.
  • Stripe.Processes payments for clients’ sites, not on turret.dev directly. Stripe’s privacy policy is at stripe.com/privacy.

Your rights

Under UK GDPR you have the right to access, correct, or delete any personal data we hold about you, and to withdraw consent for processing. To exercise any of these rights, email raymond@turret.dev. We will respond within 30 days.

Data retention

  • Contact form submissions are retained for as long as needed to deliver the project, then deleted on request.
  • Server logs are automatically purged after 30 days.
  • Morwen conversations are not stored server-side beyond the duration of the request.

Security

All data in transit is encrypted via HTTPS. Form submissions and Morwen conversations are processed over encrypted connections. Contact form data is delivered to our email via AWS SES, which encrypts data at rest and in transit.

Changes to this policy

We may update this policy from time to time. The latest version will always be at turret.dev/privacy. The “Last updated” date at the top reflects when the policy was last changed.

Contact

For any privacy-related questions, email raymond@turret.dev.