Crackerling

Legal

Privacy policy

Last updated: May 2026

This privacy policy explains how Crackerling (“we”, “us”, “our”) collects, uses, and protects information about you when you visit our website or place an order. We are committed to handling your personal data responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our registered business is Bespoke Original Software Solutions Limited, trading as Crackerling, registered in England and Wales (Company No. 16087389). If you have any questions about this policy, contact us at hello@crackerling.co.uk.

1. What data we collect

When you place an order, we collect:

  • Your full name
  • Your email address
  • Your delivery address (including postcode)
  • Your order details — products ordered, customisation choices, gift message, and the total amount paid
  • Payment information — we do not store card details. Payment is processed by Stripe, which has its own privacy policy at stripe.com/gb/privacy.

When you use our postcode lookup feature, we collect:

  • The postcode you enter, which is passed to Ideal Postcodes (our address lookup provider) on our server. We do not store the postcode lookup query itself.

When you visit our website, we may also collect:

  • Basic server log data (IP address, browser type, pages visited, timestamps) for security and diagnostic purposes. This data is not used for marketing and is retained for no more than 30 days.

2. How we use your data

We use your personal data to:

  • Fulfil your order — processing, making, and delivering your crackers. Legal basis: contract performance.
  • Send order confirmation and delivery updates to your email address. Legal basis: contract performance.
  • Comply with legal obligations — such as tax record keeping. Legal basis: legal obligation.
  • Prevent fraud and ensure security. Legal basis: legitimate interests.

We do not use your data for automated decision-making or profiling. We do not sell your data to third parties. We do not send you marketing emails without your explicit consent.

3. Who we share your data with

We share your data only where necessary to fulfil your order or comply with legal obligations:

  • Stripe — payment processing. Stripe receives your email address and order total. Card details never pass through our servers.
  • Ideal Postcodes — address lookup. Your postcode is sent to Ideal Postcodes when you use the address lookup feature.
  • Supabase — secure database hosting. Order details are stored on their UK/EU infrastructure so we can fulfil your order and keep accurate records.
  • Delivery couriers — your name, address, and contact details are passed to our courier to fulfil delivery.
  • HMRC and legal authorities — where required by law.

All third-party processors we use are based in the UK or EU, or are covered by an appropriate adequacy decision or transfer mechanism.

4. How long we keep your data

  • Order records — retained for 7 years to comply with HMRC record-keeping requirements, then securely deleted.
  • Email addresses — retained for the duration of the order record. If you have not placed an order in 3 years and have not opted in to marketing communications, we will delete your email address.
  • Server logs — retained for up to 30 days, then automatically deleted.

5. Cookies

Our website uses only strictly necessary cookies required for the site to function. We do not currently use analytics cookies, advertising cookies, or any third-party tracking scripts. If this changes, we will update this policy and add a cookie consent mechanism.

Your shopping basket is stored in your browser's localStorage — this is not a cookie and does not leave your device.

6. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Eraseyour data (the “right to be forgotten”), subject to legal retention requirements
  • Restrict how we process your data in certain circumstances
  • Object to processing based on legitimate interests
  • Data portability — receive your data in a structured, machine-readable format

To exercise any of these rights, email us at hello@crackerling.co.uk. We will respond within 30 days. You will not be charged for making a request.

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

7. Data security

Order data is stored in an encrypted database hosted by a specialist provider — not on a personal device or office computer. Access is restricted to authorised personnel only. All data in transit between your browser and our website is encrypted using HTTPS/TLS.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you without undue delay.

8. Children's data

Our website is not directed at children under the age of 13, and we do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

9. Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects when it was last revised. We will notify customers who have placed orders with us of any material changes by email.

10. Contact

For any privacy-related queries, contact us at: hello@crackerling.co.uk
Bespoke Original Software Solutions Limited, Suite 3 The Causeway, Wilderspool Causeway, Warrington, Cheshire, England, WA4 6PS.

Returns policy← Back to home