Privacy Policy

When you visit our website or place an order, we may collect the following information:

• Your name, email address, and contact details (when placing an order or contacting us)

• Delivery address and billing information

• Payment information (processed securely via Stripe — we never see or store your full card details)

• Device information and IP address (for analytics and fraud prevention)

• Browsing behaviour on our site (via Google Analytics, anonymised)

We only collect data that is necessary to fulfil your order and improve our service.

Your personal data is used for the following purposes:

• Processing and fulfilling your orders

• Sending order confirmations and shipping updates

• Responding to customer enquiries and support requests

• Improving our website, products, and user experience

• Preventing fraud and maintaining security

• Sending marketing communications (only with your explicit consent — you can unsubscribe any time)

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

We take the security of your personal data seriously:

• All payment transactions are encrypted using SSL and processed by Stripe (PCI DSS Level 1 compliant)

• Your account data is stored securely on encrypted servers

• Access to personal data is restricted to authorised personnel only

• We regularly review our security practices and update them in line with industry standards

While we implement robust safeguards, no method of electronic transmission is 100% secure. We cannot guarantee absolute security but we strive to protect your data to the best of our ability.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you

• Right to rectification — request correction of inaccurate or incomplete data

• Right to erasure — request deletion of your personal data (subject to legal obligations)

• Right to restrict processing — request limitation of how we use your data

• Right to data portability — request your data in a structured, machine-readable format

• Right to object — object to processing of your data for specific purposes

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Our website uses cookies to enhance your browsing experience:

• Essential cookies — required for the website to function (basket, session, security)

• Analytics cookies — Google Analytics (anonymised) to understand how visitors use our site

• Preference cookies — remember your settings and choices

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect website functionality.

We use Google Analytics with IP anonymisation enabled so your full IP address is never stored.

We share data with the following trusted third-party services, strictly for order fulfilment and site operation:

• Stripe — secure payment processing

• Royal Mail — order shipping and delivery

• Google Analytics — anonymised website analytics

• Vendure — our e-commerce platform (self-hosted, data stays on our servers)

These services have their own privacy policies. We only share the minimum data necessary for each service to function.

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:

• Order data is retained for 6 years for tax and legal compliance purposes

• Account data is retained until you request deletion

• Analytics data is anonymised and retained for 26 months

• Marketing consent records are retained until you withdraw consent

When data is no longer needed, it is securely deleted or anonymised.