Privacy Policy

When you subscribe to our newsletter, we collect your email address and record the date and time you gave consent. This information is stored securely and used solely to send you updates about new products and special offers.

What we collect:

• Email address
• Date and time of consent
• Subscription status

Your rights:

• Unsubscribe at any time using the link in our emails
• Request deletion of your data by contacting us
• Request a copy of the data we hold about you

We will never share your email address with third parties for marketing purposes.

When you place an order, we collect information necessary to process your purchase and deliver your items. All payment processing is handled securely by Stripe.

What we collect:

• Name and contact details
• Billing and shipping address
• Order history and preferences

Payment security:

• We never store your full card details on our servers
• All payments are processed by Stripe, a PCI-DSS Level 1 certified provider
• Your payment information is encrypted and transmitted securely

How we use this data:

• To process and fulfil your orders
• To send order confirmations and shipping updates
• To handle returns and customer service enquiries
• To comply with legal and tax obligations

We retain order information for 7 years to comply with UK tax regulations.

You may have noticed we don't show a cookie banner. That's intentional — we don't want to track you.

We don't use Google Analytics, Facebook pixels, or any third-party tracking scripts. There are no advertising cookies, no behavioural profiling, and no data shared with ad networks.

Cookies we do use:

• Session cookie — keeps you signed in while you browse. This is strictly necessary and does not require consent under GDPR.
• Cart data — remembers what's in your basket so you don't lose it. Also strictly necessary.

Because we only use strictly necessary cookies — those essential for the site to function — we are not required to show a cookie consent banner under UK GDPR and the Privacy and Electronic Communications Regulations (PECR). We believe this is a better experience for you, and a more honest approach to privacy.

Under the UK General Data Protection Regulation, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — ask us to correct any inaccurate or incomplete data
• Right to erasure — request that we delete your personal data, subject to legal obligations
• Right to restrict processing — ask us to limit how we use your data
• Right to data portability — receive your data in a structured, commonly used format
• Right to object — object to processing of your data, including direct marketing

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

We take a number of technical measures to protect your personal data and ensure this website is secure.

• HTTPS everywhere — all traffic between your browser and our servers is encrypted using TLS. Connections over plain HTTP are automatically redirected.
• Stripe for payments — card details are entered directly into Stripe's PCI-DSS Level 1 certified payment form. Your card number never touches our servers.
• Hashed passwords — account passwords are salted and hashed using bcrypt before storage. We cannot see or retrieve your password.
• No third-party scripts — we do not load analytics, advertising, or social media tracking scripts that could expose your browsing activity to other companies.
• Cloudflare protection — our site sits behind Cloudflare, which provides DDoS mitigation, a web application firewall, and an additional layer of TLS termination.
• Minimal data collection — we only collect what is needed to process orders and run the site. We do not build advertising profiles or sell data to third parties.