Privacy Policy

Under legal preparation and review

Last updated: [date]

1. Who controls your data

[Your Brand Ltd], [address], [email] is the data controller for personal data collected through this site, for the purposes of UK GDPR and the EU GDPR.

2. What we collect

Contact details you give us (name, email, message) via the contact form; order and billing/shipping details when you check out; and basic technical data (e.g. IP address, browser) generated by visiting the site.

3. Why we use it

To fulfil orders and provide customer support (contract), to meet tax/accounting obligations (legal obligation), and to improve the site (legitimate interest).

4. Who we share it with

Stripe (payment processing), Resend (transactional email), and Vercel (website hosting). Each acts as a processor under data protection law and has its own privacy policy and security measures. We do not sell your data.

5. International transfers

Some providers above are based outside the UK/EEA. Where this happens, we rely on safeguards such as Standard Contractual Clauses and the UK Addendum.

6. How long we keep it

We keep order records as long as required for tax and accounting purposes, and contact form messages for as long as needed to resolve your query, then delete or anonymise them.

7. Your rights

Under UK/EU GDPR you can ask to access, correct, delete, or export your data, and object to certain uses. Contact us at [email]. UK residents can also complain to the ICO; EU residents to their local data protection authority.

8. Cookies

We use only strictly necessary cookies (e.g. to remember your cart) unless you're told otherwise. If you later add analytics or marketing cookies, you'll need a cookie consent banner compliant with UK PECR and EU ePrivacy rules.