The short version
We collect what we need to take your order, ship it to you, and answer your questions. We keep it in the EU on Craft Cloud or our managed hosting partner. We do not sell it, share it with advertisers, or pass it to data brokers.
What we collect
When you place an order: your name, billing address, shipping address, email, phone (optional), and what you ordered. Card details never touch our servers; Stripe handles payment and we only see a tokenised reference.
When you sign in: your email and password (hashed). Avatar + display name are optional. We do not require any of the social-login dance.
When you contact us: the message you sent and the address you sent it from, so we can reply.
How long we keep it
Order data: seven years (UK tax law). Account data: until you ask us to delete it. Support tickets: two years from the last reply.
Your rights
You can export your data from the Your account page, or ask us to delete everything (the order trail is anonymised, not destroyed, so the tax records stay intact).
Cookies and tracking
We use one essential session cookie. Anything beyond that asks for consent first via the banner you saw on arrival. Analytics is opt-in.
Changes
If this policy changes materially, we will tell you on next sign-in. Minor edits (typo fixes) we do not announce.