Privacy Policy

01What Information Do We Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide when you express an interest in our products or Services, participate in activities on the Services, or otherwise contact us. This may include:

• Names
• Email addresses
• Phone numbers
• Mailing addresses
• Contact preferences
• Billing addresses
• Contact or authentication data

Sensitive Information. We do not process sensitive information.

Payment Data. We may collect data necessary to process your payment, such as your payment instrument number and security code. All payment data is handled and stored by Stripe.

All personal information you provide must be true, complete, and accurate.

Information automatically collected

In Short: Some information is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This includes:

• Log and Usage Data — IP address, browser type, pages viewed, date/time stamps, and other activity data.
• Device Data — device type, operating system, browser, hardware model, ISP, and system configuration.
• Location Data — general location (country/region) inferred from your IP address. We do not collect precise GPS data.

02How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

• To deliver our Services — to provide you with the products and services you request.
• To respond to enquiries and offer support — to address your messages and resolve issues.
• To send administrative information — details about our products, services, and policy changes.
• To fulfil and manage orders — to process payments and manage your orders.
• To send marketing communications — emails and SMS messages about our products and offers, in line with your preferences. You may opt out at any time.
• For targeted advertising — to develop and display personalised content tailored to your interests.
• For analytics — to understand how our Services are used and to improve them.
• To protect our Services — for security and fraud prevention.
• To comply with legal obligations — where required by applicable law.
• To protect vital interests — to prevent harm where necessary.

03What Legal Bases Do We Rely On?

In Short: We only process your personal information when we have a valid legal reason to do so.

As a UK-based company, we operate primarily under the UK GDPR and the Data Protection Act 2018. Where we process data of individuals in the EEA, EU GDPR also applies. Our legal bases are:

• Consent — where you have given clear permission for a specific purpose, e.g. marketing emails or SMS. You may withdraw consent at any time.
• Performance of a Contract — where processing is necessary to fulfil our contractual obligations to you.
• Legitimate Interests — where processing is necessary for our legitimate business interests and not overridden by your rights.
• Legal Obligations — where processing is necessary for compliance with applicable law.
• Vital Interests — where processing is necessary to protect your vital interests or those of a third party.

Questions about the specific legal basis for any processing? Email [email protected].

04When and With Whom Do We Share Your Information?

In Short: We may share information in specific situations and with the following third parties.

• Service Providers — third-party providers who perform services on our behalf (payment processing, analytics, email delivery, SMS marketing, hosting, IT services). They are authorised to use your data only as necessary to provide those services, and are bound by appropriate data processing agreements.
• Stripe — our payment processor. Payment data is handled directly by Stripe: stripe.com/privacy.
• Google Analytics — we use Google Analytics to track and analyse use of our Services. See Google’s Privacy Policy. Opt out via Google’s opt-out tool.
• Email & SMS Marketing Platforms — we share contact information with platforms used to send marketing communications, in accordance with your preferences. We will update this notice as specific providers are engaged.
• Additional Third-Party Processors — we may engage further processors over time (e.g. CRM platforms, customer support tools, advertising networks). Where we do, appropriate data processing agreements will be in place and this notice will be updated. Contact us at any time to enquire about our current list of processors.
• Business Transfers — we may share or transfer your information in connection with any merger, acquisition, or sale of company assets.
• Legal Requirements — we may disclose your information where required by law or in response to valid requests by public authorities.

05Cookies & Tracking Technologies

In Short: We use cookies and other tracking technologies to collect and store information.

We use cookies and similar technologies (web beacons, pixels) to gather information when you interact with our Services. These help us maintain security, save preferences, and support basic site functions.

We also permit third parties — including Google Analytics — to use tracking technologies on our Services for analytics purposes.

You can control cookie settings through your browser at any time. Disabling certain cookies may affect the functionality of our Services. For full details, please refer to our Cookie Policy [link to be added].

06How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this notice, unless otherwise required by law.

We retain your personal information only as long as necessary for the purposes set out in this notice, unless a longer period is required by law (e.g. for tax or accounting purposes). When we no longer have a legitimate business need, we will delete or anonymise your information — or, where that is not immediately possible, securely isolate it until deletion is possible.

07How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through appropriate technical and organisational measures.

We have implemented appropriate technical and organisational security measures designed to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. You should only access our Services within a secure environment.

08Do We Collect Information From Minors?

In Short: We do not knowingly collect data from or market to children under 18.

We do not knowingly collect, solicit data from, or market to anyone under 18 years of age. By using our Services, you represent that you are at least 18 years old. If we learn that data from an under-18 user has been collected, we will promptly delete it. Please contact us at [email protected] if you become aware of any such data.

09Your Privacy Rights

In Short: Depending on your location, you have rights that give you greater control over your personal information.

UK and EEA Residents

Under UK GDPR and EU GDPR, you have the right to:

• Access — request a copy of the personal information we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your personal information in certain circumstances.
• Restriction — request that we restrict how we use your information.
• Data Portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interests.
• Automated Decision-Making — not to be subject to decisions made solely by automated means that significantly affect you.

To exercise any of these rights, contact us using the details in Section 13.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113. EEA residents may contact their local data protection authority.

Withdrawing Consent

Where we rely on consent to process your data, you may withdraw it at any time by contacting us at [email protected]. Withdrawal does not affect the lawfulness of prior processing.

Opting Out of Marketing

You can unsubscribe from marketing communications at any time by:

• Clicking the unsubscribe link in any marketing email
• Replying “STOP” or “UNSUBSCRIBE” to any SMS we send
• Emailing [email protected]

Note: you may still receive service-related messages necessary for your account.

10Do-Not-Track Controls

Most web browsers include a Do-Not-Track (“DNT”) feature. No uniform technology standard for recognising DNT signals has been finalised. As such, we do not currently respond to DNT signals. If a standard is adopted that we must follow, we will update this notice accordingly.

11US Residents’ Specific Privacy Rights

In Short: US residents may have additional rights under applicable state privacy laws.

Depending on your US state of residence, you may have the right to:

• Know whether we are processing your personal data
• Access your personal data
• Correct inaccuracies in your personal data
• Request deletion of your personal data
• Obtain a copy of the data you previously shared with us
• Opt out of processing for targeted advertising or sale of personal data
• Non-discrimination for exercising your rights

To exercise these rights, contact us at [email protected].

12Updates to This Notice

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated date at the top of this page. If we make material changes, we may notify you by posting a prominent notice or by sending you a direct notification. We encourage you to review this notice periodically.

13How to Contact Us

If you have questions or comments about this notice, please contact us:

As the UK data controller, you have the right to contact the Information Commissioner’s Office (ICO) if you have concerns about how we handle your data.