GDPR & Privacy Compliance

GDPR & Privacy Compliance

**Your Data Rights**

Under UK GDPR, you have the right to:
• Know what personal data we collect and why
• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Object to processing of your data
• Data portability

**What Data We Collect**

We collect:
• Name, email, shipping address (for order fulfillment)
• Payment information (processed securely via Shopify Payments)
• Browsing data via cookies (for site functionality)

**Why We Collect It**

• To process and fulfill your orders
• To communicate about your order
• To improve our website and services
• To comply with legal obligations

**How We Protect It**

• All data is stored securely via Shopify's encrypted servers
• Payment data is never stored on our servers
• We never sell or share your data with third parties for marketing

**How Long We Keep It**

• Order data: 7 years (UK tax law requirement)
• Marketing data: Until you unsubscribe
• Browsing data: 2 years maximum

**Your Rights**

To exercise any of your data rights, contact us at [your email].
We will respond within 30 days.

**Cookies**

We use essential cookies for site functionality. You can disable non-essential cookies in your browser settings.

**Contact**

For any privacy concerns: hello@stoofy.uk

Last updated: February 2026