How much does a digital marketing agency in London cost?

London digital marketing agencies typically charge £2,500–£15,000 per month for retained services. Project-based work for web design starts at £4,500 and apps at £25,000. Meridian publishes transparent pricing on every service page.

How long does SEO take to work in a competitive market like London?

For competitive London terms, expect meaningful organic traffic gains in 4–6 months and full ROI by month 9–12. Local SEO and long-tail terms often produce results within 6–8 weeks.

Do you work with startups or only enterprise clients?

Both. Dedicated startup track from £2,500/month alongside enterprise programmes for established London brands.

Which London boroughs do you cover?

All 32 London boroughs plus the City of London. Particular depth in Shoreditch, Mayfair, Canary Wharf, King's Cross and Camden.

What is GEO and AEO and why do they matter in 2026?

GEO (Generative Engine Optimisation) and AEO (Answer Engine Optimisation) are the disciplines for being cited in AI search — Google AI Overviews, ChatGPT, Perplexity, Claude. Around 60% of Google searches now end without a click; on AI-Overview queries that figure rises to 80%+. Being the answer the AI quotes is increasingly more valuable than ranking #1.

Privacy Policy — UK GDPR Compliant | Meridian Digital Ltd

1. Who we are

Meridian Digital Ltd (Company No. 09876543), trading as “Meridian” and “Meridian London”, is the data controller responsible for your personal data.

Registered address: 1 Finsbury Avenue, London EC2M 2PF
Website: www.meridianweb.co.uk
Data protection contact: privacy@meridianweb.co.uk
General enquiries: hello@meridianweb.co.uk
ICO registration reference: ZB123456

We are registered with the Information Commissioner's Office (ICO) as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What personal data we collect

We collect and process the following categories of personal data:

2.1 Data you provide directly

Contact form submissions: name, email address, phone number, company name, role, project brief and service interest.
Free SEO audit form: website URL, email address, and industry sector.
Payment information: when you purchase services, payment card details are collected and processed directly by Stripe, Inc. (our PCI-DSS Level 1 certified payment processor). We receive only a truncated card reference, billing address and transaction confirmation — we never see or store full card numbers, CVVs or bank account details.
Communication records: emails, call notes, Slack messages, and project documents exchanged during a client engagement.
Business plan data: financial projections, market research and company information provided for Innovator Founder visa business plan engagements.

2.2 Data collected automatically

Analytics data: pages visited, time on site, referral source, device type, browser, screen resolution and approximate geographic region. By default we use Plausible Analytics, which is cookieless, does not collect personal data and does not track individual users. If Google Analytics 4 (GA4) is enabled, it collects similar data with IP anonymisation and only with your explicit consent.
Vercel hosting logs: IP address (truncated), request path, user agent and response status code, retained for up to 30 days for security and performance monitoring.
Stripe fraud-prevention data: device fingerprint, IP address and behavioural signals collected by Stripe during checkout to detect and prevent payment fraud.

3. Legal bases for processing

Under Article 6 of the UK GDPR, we process personal data on the following lawful bases:

Performance of a contract (Art. 6(1)(b)): to deliver the services you have purchased, process payments, and provide customer support during your engagement.
Legitimate interests (Art. 6(1)(f)): to respond to enquiries, deliver free audit reports, improve our website and services, prevent fraud, and ensure network security. We have conducted a legitimate interests assessment for each use and concluded that our interests do not override your rights and freedoms.
Consent (Art. 6(1)(a)): for marketing emails, optional analytics cookies (GA4) and any other processing that requires consent. You may withdraw consent at any time by emailing privacy@meridianweb.co.uk or using the unsubscribe link in any marketing email.
Legal obligation (Art. 6(1)(c)): to comply with UK tax, accounting and regulatory requirements (e.g. HMRC record-keeping).

4. How we use your data

To deliver the digital marketing services you have purchased or enquired about.
To generate and send your free SEO audit report.
To process payments and manage subscriptions via Stripe.
To send transactional emails (invoices, onboarding, project updates) via Resend.
To respond to your enquiries and provide ongoing client support.
To improve our website, content and service offerings based on anonymised usage data.
To send marketing communications about our services (only with your explicit opt-in consent).
To comply with legal and regulatory obligations, including HMRC tax reporting.
To detect, prevent and investigate fraud, security incidents or misuse of our services.

5. Who we share your data with

We share personal data only with the following categories of processors, each operating under a data processing agreement (DPA):

Stripe, Inc. — payment processing. PCI-DSS Level 1 certified. Processes card details, billing address, and transaction data. Stripe Privacy Policy.
Resend, Inc. — transactional and marketing email delivery. Processes email addresses, names and email content. Resend Privacy Policy.
Neon, Inc. — PostgreSQL database hosting. Stores lead data, client records and audit results. Data held in EU/UK data centres. Neon Privacy Policy.
Vercel, Inc. — website hosting and edge delivery. Processes server logs including truncated IP addresses. GDPR compliant with Standard Contractual Clauses. Vercel Privacy Policy.
Plausible Insights OÜ — privacy-first web analytics. No personal data is collected or stored. EU-based. Plausible Privacy Policy.
Google LLC — Analytics (GA4, if enabled with consent) and Search Console. IP anonymisation is enabled. Google Privacy Policy.

We do not sell, rent, trade or otherwise disclose your personal data to advertisers, data brokers, or any third parties for their own marketing purposes.

6. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

Lead and enquiry data: retained for 24 months after the last point of contact, then securely deleted.
Free audit data: website URL and email retained for 12 months, then deleted.
Client engagement data: retained for the duration of the engagement plus 6 years, in accordance with UK tax and accounting requirements (HMRC).
Payment records: transaction records retained by Stripe in accordance with their retention policy and PCI-DSS requirements. Our internal payment references are retained for 6 years.
Analytics data: Plausible retains no personal data. GA4 data (if enabled) is retained for 14 months, then automatically deleted by Google.
Server logs: Vercel access logs retained for up to 30 days.
Marketing consent records: retained for 3 years after consent is withdrawn, as evidence of lawful processing.

7. Your rights under the UK GDPR

You have the following rights in relation to your personal data. These rights are not absolute and may be subject to exemptions under the Data Protection Act 2018:

Right of access (Art. 15): request a copy of the personal data we hold about you (Subject Access Request).
Right to rectification (Art. 16): request correction of inaccurate or incomplete personal data.
Right to erasure (Art. 17): request deletion of your personal data (“right to be forgotten”), where there is no compelling reason for continued processing.
Right to restrict processing (Art. 18): request that we limit how we use your data in certain circumstances.
Right to data portability (Art. 20): request a copy of your data in a structured, commonly used, machine-readable format (e.g. CSV or JSON).
Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Rights related to automated decision-making (Art. 22): we do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, email privacy@meridianweb.co.ukwith the subject line “Data Rights Request”. We will verify your identity and respond within 30 calendar days. If the request is complex or we receive a high volume of requests, we may extend this by a further 60 days and will notify you accordingly.

There is no fee for exercising your rights unless the request is manifestly unfounded or excessive.

8. Cookies and tracking technologies

For full details on the cookies and similar technologies used on this website, including how to manage your preferences, please see our Cookie Policy.

In summary: we use Plausible Analytics by default, which sets no cookies. Google Analytics 4 cookies are loaded only with your explicit consent. Stripe sets strictly necessary cookies during payment processing, which are exempt from consent under PECR.

9. International data transfers

Some of our processors (Stripe, Resend, Vercel, Google) are based in the United States. Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place:

UK adequacy decisions: where the UK Secretary of State has determined the recipient country ensures an adequate level of data protection.
International Data Transfer Agreement (IDTA): the UK equivalent of Standard Contractual Clauses, approved by the ICO.
UK Addendum to EU SCCs: where processors use the EU Standard Contractual Clauses with the UK Addendum approved by the ICO.

You may request details of the specific safeguards applied to any transfer by contacting privacy@meridianweb.co.uk.

10. Data security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures, including:

Encryption in transit (TLS 1.2+) and at rest for all stored data.
Access controls with role-based permissions and multi-factor authentication.
Regular security assessments and penetration testing.
Cyber Essentials Plus and ISO 27001 certification.
Employee security awareness training.
Incident response procedures with notification obligations under Art. 33 and 34 of the UK GDPR.

11. Children's data

Our services are directed at businesses and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@meridianweb.co.uk and we will delete it promptly.

12. Complaints

If you are dissatisfied with how we handle your personal data, we encourage you to contact us first at privacy@meridianweb.co.uk so we can try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk/make-a-complaint
Telephone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

13. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, technology or legal requirements. Material changes will be communicated via email to existing clients and prominently displayed on this page with an updated date. We recommend reviewing this page periodically.

Privacy Policy