Privacy Policy

This policy explains how I collect, use, and protect your personal information when you buy from CozyPrintHeaven or browse the site. I take your privacy seriously and only collect information that I genuinely need to run the shop.

Who I am

CozyPrintHeaven is a sole-trader business run by [OWNER NAME], trading from Manchester, England. For the purposes of UK GDPR, I am the data controller for any personal information collected through this site.

Contact: [CONTACT EMAIL]
Post: [BUSINESS ADDRESS]

What I collect and why

When you place an order, the checkout is handled by Stripe on my behalf. Stripe collects your name, email address, billing address, shipping address, and payment details. I receive the information I need to fulfil your order — your name, email, shipping address, and the items you bought. I never see or store your full card number; Stripe handles that directly.

If you email me, I'll keep your email and the content of our conversation so I can help you and respond to any follow-up questions.

The site does not use analytics, tracking pixels, or advertising cookies. The only cookies set are the ones Stripe uses during checkout, which are essential to process your payment.

Lawful basis for processing

• Performance of a contract — to process your order, take payment, and deliver your items.
• Legal obligation — to keep sales records for UK tax and accounting law (HMRC requires records to be kept for at least six years).
• Legitimate interests — to respond to your enquiries and to prevent fraud.

Who I share your information with

I only share your information with the service providers I need to run the shop:

• Stripe — payment processing. See stripe.com/gb/privacy.
• Vercel — website hosting. See vercel.com/legal/privacy-policy.
• Neon — database hosting for product information. See neon.tech/privacy-policy.
• Royal Mail — to deliver your order. I share your name and shipping address.

I will never sell your information, and I will never share it for marketing purposes.

How long I keep your information

I keep order and transaction records for six years, as required by UK tax law. Email correspondence is kept for up to two years unless it relates to an order, in which case it's kept for the same six-year period.

International transfers

Some of my service providers (such as Stripe and Vercel) operate internationally and may process your information outside the UK. Where they do, they rely on UK-approved safeguards such as the International Data Transfer Agreement or Standard Contractual Clauses to protect your information.

Your rights

Under UK GDPR you have the right to:

• Access the personal information I hold about you
• Ask me to correct anything that's wrong
• Ask me to delete your information, where I no longer need it
• Restrict or object to how I'm using your information
• Receive a copy of your information in a portable format

To exercise any of these rights, please email me at [CONTACT EMAIL]. I'll respond within one month.

If you're unhappy with how I've handled your information, you can complain to the Information Commissioner's Office at ico.org.uk.

Changes to this policy

If I change this policy, I'll update the “last updated” date at the top of the page. Significant changes will be communicated where reasonably practicable.