Privacy Policy

Last Updated: 07/04/2026

This Privacy Policy explains how Stitch in Time (“we”, “us”, “our”) collects, uses, and shares personal data when you visit our website, place an order, or contact us.

We are a UK sole trader business based in England. We are not yet incorporated as a limited company. For data protection purposes, we are the “data controller” of the personal data described in this policy.

1) Who we are and how to contact us

Controller:

Corey Austin, trading as “Stitch in Time”

General Contact Email (data protection queries): help.stitchintime@gmail.com

Telephone: 07761 883112

If you have any questions about this policy or how we use your data, please contact us using the details above.

2) What personal data we collect

We may collect and process the following categories of personal data:

A. Customer and order data

- Name

- Billing address and delivery address

- Email address

- Phone number

- Order details and order history (items purchased, delivery method, returns/refunds)

- Customer service communications (emails/messages you send us)

B. Payment data

- We do not store your full card details.

- Payments are processed by our payment service providers (see section 6). We receive transaction and payment status information (e.g., confirmation of payment, refunds, chargebacks), and may receive limited payment method details such as card type and partial card numbers.

C. Website usage and device data

- IP address

- Browser type and device information

- Pages viewed, clicks, referral source, and approximate location derived from IP address (depending on settings)

- Cookie identifiers and consent choices (see our Cookie Policy)

D. Marketing preferences

- Whether you have opted in or out of marketing emails

- Your communication preferences

We do not intentionally collect “special category” data (e.g., health information) or criminal offence data.

3) Where we get your personal data from (data sources)

We collect personal data from:

- You directly (e.g., when you buy something, create an account, fill in forms, or email us).

- Automatically from your device and browser when you access our website (cookies and similar technologies).

- Our service providers (e.g., payment confirmation from our payment processor; fulfilment/shipping status from our fulfilment provider).

4) Why we use your personal data (purposes) and our lawful bases UK GDPR requires us to have a lawful basis for each use of your personal data. The lawful bases we rely on are:

- Contract: processing is necessary to perform our contract with you (e.g., taking payment, delivering your goods).

- Legal obligation: processing is necessary to comply with UK law (e.g., accounting/tax record keeping).

- Legitimate interests: processing is necessary for our legitimate interests (e.g., preventing fraud, keeping our website secure) unless those interests are overridden by your rights.

- Consent: you have given clear consent (e.g., non-essential cookies; some marketing).

5) Cookies and similar technologies

We use cookies and similar technologies on our website.

- Essential cookies: required for the site to work properly (e.g., security, shopping basket).

- Non-essential cookies (such as analytics and performance cookies): used only if you consent.

You can manage your cookie choices at any time using the cookie preferences option available on our website and by reviewing our Cookie Policy.

6) Who we share personal data with

We share personal data only where necessary, including with the following types of providers:

A. Website hosting and e-commerce platform

- Squarespace (hosting, website functions, store functions, and certain analytics features depending on configuration)

B. Payment processing

- Squarespace Payments and its payment processor (Stripe) and related payment ecosystem partners (e.g., card networks and banks) to process payments, refunds, and fraud checks

C. Fulfilment and shipping

- Inkthreadable (print-on-demand fulfilment) to print and dispatch your order

- Delivery partners/couriers (only the details needed to deliver your order, such as name/address, and possibly contact details for delivery updates)

D. Professional and legal support (as needed)

- Accountants, professional advisers, insurers, and legal advisers

We may also disclose personal data if required by law, regulation, court order, or to protect our legal rights.

7) International transfers

Some of our service providers may process personal data outside the United Kingdom.

Where we transfer personal data internationally, we will ensure appropriate safeguards are in place, such as:

- Transfers to countries covered by UK “adequacy regulations”; and/or

- Standard contractual clauses / UK international data transfer clauses (such as the UK IDTA or the UK Addendum to EU SCCs).

8) How long we keep your personal data (retention)

We keep personal data only for as long as necessary for the purposes described above.

Retention periods (replace with your chosen periods):

- Orders, invoices, and payment records: 5 years after the 31 January tax return submission deadline for the relevant

tax year.

- Customer service correspondence: 3 years.

- Marketing email list data: until you unsubscribe/opt out, plus a “do not contact” suppression record to ensure we respect your opt-out

- Cookie preferences/consent records: 5 years.

- Analytics data: 5 years.

If we need to keep data longer (for example due to a legal requirement or an ongoing dispute), we will do so.

9) Security

We use appropriate technical and organisational measures to protect personal data, including (as appropriate):

- Access controls and limiting access to those who need it

- Strong passwords and multi-factor authentication where available

- Using reputable third-party providers with security measures for hosting and payment processing

- Keeping software and devices updated

No method of transmission over the internet is completely secure, but we work to protect your information.

10) Your rights

Under UK GDPR, you have rights over your personal data, including:

- Right to be informed (this policy)

- Right of access (to request a copy of your data)

- Right to rectification (to correct inaccurate data)

- Right to erasure (in some circumstances)

- Right to restrict processing (in some circumstances)

- Right to data portability (in some circumstances)

Right to object (including an absolute right to object to direct marketing)

- Right to withdraw consent (where we rely on consent)

How to exercise your rights:

Email us at help.stitchintime@gmail.com with your request. We may ask for information to verify your identity.

11) Automated decision-making and profiling

We do not use your personal data to make solely automated decisions that have legal or similarly significant effects on you.

Our payment providers may use automated tools to detect and prevent fraud. If a payment is declined, you can contact us at help.stitchintime@gmail.com.

12) Children’s data

Our products and website are not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps.

13) Complaints

If you have concerns about our use of your personal data:

1) Please contact us first so we can try to resolve the issue.

2) You also have the right to complain to the UK Information Commissioner’s Office (ICO).

ICO contact details:

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: https://ico.org.uk/

14) Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be posted on our website, with the “Last updated” date at the top.